List of usage examples for javax.servlet.http Cookie setPath
public void setPath(String uri)
From source file:org.nunux.poc.portal.ProxyServlet.java
/** * Retrieves all of the cookies from the servlet request and sets them on * the proxy request/*from w w w . java2 s . c o m*/ * * @param httpServletRequest The request object representing the client's * request to the servlet engine * @param httpMethodProxyRequest The request that we are about to send to * the proxy host */ @SuppressWarnings("unchecked") private void setProxyRequestCookies(HttpServletRequest httpServletRequest, HttpMethod httpMethodProxyRequest) { // Get an array of all of all the cookies sent by the client Cookie[] cookies = httpServletRequest.getCookies(); if (cookies == null) { return; } if (httpServletRequest.getSession().getAttribute("jsessionid" + this.getProxyHostAndPort()) != null) { String jsessionid = (String) httpServletRequest.getSession() .getAttribute("jsessionid" + this.getProxyHostAndPort()); httpMethodProxyRequest.setRequestHeader("Cookie", "JSESSIONID=" + jsessionid); debug("redirecting: setting jsessionid: " + jsessionid); } for (Cookie cookie : cookies) { if (!cookie.getName().equalsIgnoreCase("jsessionid")) { cookie.setDomain(stringProxyHost); cookie.setPath(httpServletRequest.getServletPath()); httpMethodProxyRequest.setRequestHeader("Cookie", cookie.getName() + "=" + cookie.getValue() + "; Path=" + cookie.getPath()); } } }
From source file:org.josso.gateway.signon.SignonBaseAction.java
/** * Stores session id// w w w . j a va 2 s. c o m * * @param request http request * @param session SSO session instance */ protected void storeSSOInformation(HttpServletRequest request, HttpServletResponse response, SSOSession session) { MutableSSOContext ctx = (MutableSSOContext) SSOContext.getCurrent(); ctx.setCurrentSession(session); try { SSOWebConfiguration cfg = Lookup.getInstance().lookupSSOWebConfiguration(); if (cfg.isSessionTokenOnClient()) { logger.debug("Storing SSO Session ID on clinet"); Cookie ssoCookie = newJossoCookie(request.getContextPath(), JOSSO_SINGLE_SIGN_ON_COOKIE + "_" + ctx.getSecurityDomain().getName(), session.getId()); response.addCookie(ssoCookie); } else { logger.debug("Storing SSO Session ID on server"); HttpSession hsession = request.getSession(); hsession.setAttribute(JOSSO_SINGLE_SIGN_ON_COOKIE + "_" + ctx.getSecurityDomain().getName(), session.getId()); } logger.debug("Remember Me:" + request.getParameter(org.josso.gateway.signon.Constants.PARAM_JOSSO_REMEMBERME)); logger.debug("Command:" + request.getParameter(org.josso.gateway.signon.Constants.PARAM_JOSSO_CMD)); // Remember user authentication. if (cfg.isRememberMeEnabled() && request.getParameter(org.josso.gateway.signon.Constants.PARAM_JOSSO_REMEMBERME) != null) { // Storing remember me information (always on client) logger.debug("Storing SSO Rememberme Token on Client"); String cipherSuite = (String) request.getAttribute("javax.servlet.request.cipher_suite"); if (cipherSuite == null) logger.error("SSL Required for 'remember me' feature"); // We need this auth scheme to build the proper token // TODO : Check this when implementing the "Password Recovery" becauase it's a similar case. We will have to acces the password value from the store RememberMeAuthScheme scheme = (RememberMeAuthScheme) ctx.getSecurityDomain().getAuthenticator() .getAuthenticationScheme("rememberme-authentication"); String token = scheme.getRemembermeTokenForUser(session.getUsername()); // This will provide the credential string value ... Cookie rememberMeCookie = new Cookie( JOSSO_REMEMBERME_TOKEN + "_" + ctx.getSecurityDomain().getName(), token); // If max age was not specified, assume a year. rememberMeCookie.setMaxAge( 60 * (cfg.getRememberMeMaxAge() > 0 ? cfg.getRememberMeMaxAge() : 60 * 24 * 365)); // The cookie will live for a year ... rememberMeCookie.setPath("/"); if (cfg.isSessionTokenSecure()) { rememberMeCookie.setSecure(true); } else { logger.error("Remember Me funcion requires SSL Transport!"); } // Store cookie in response response.addCookie(rememberMeCookie); } } catch (Exception ex) { logger.error("Error while storing SSO Information : " + ex.getMessage(), ex); } }
From source file:org.akaza.openclinica.control.MainMenuServlet.java
public String getQueryStrCookie(HttpServletRequest request, HttpServletResponse response) { String queryStr = ""; Cookie[] cookies = request.getCookies(); for (Cookie cookie : cookies) { if (cookie.getName().equalsIgnoreCase("queryStr")) { try { queryStr = URLDecoder.decode(cookie.getValue(), "UTF-8"); } catch (UnsupportedEncodingException e) { logger.error("Error decoding redirect URL from queryStr cookie:" + e.getMessage()); }//from ww w . j a v a2s. c om cookie.setValue(null); cookie.setMaxAge(0); cookie.setPath("/"); if (response != null) response.addCookie(cookie); break; } } return queryStr; }
From source file:io.hops.hopsworks.api.kibana.ProxyServlet.java
/** * Copy cookie from the proxy to the servlet client. * Replaces cookie path to local path and renames cookie to avoid collisions. *//*from w w w . j a va 2 s .co m*/ protected void copyProxyCookie(HttpServletRequest servletRequest, HttpServletResponse servletResponse, String header) { List<HttpCookie> cookies = HttpCookie.parse(header); String path = servletRequest.getContextPath(); // path starts with / or is empty string path += servletRequest.getServletPath(); // servlet path starts with / or is empty string for (HttpCookie cookie : cookies) { //set cookie name prefixed w/ a proxy value so it won't collide w/ other cookies String proxyCookieName = getCookieNamePrefix() + cookie.getName(); Cookie servletCookie = new Cookie(proxyCookieName, cookie.getValue()); servletCookie.setComment(cookie.getComment()); servletCookie.setMaxAge((int) cookie.getMaxAge()); servletCookie.setPath(path); //set to the path of the proxy servlet // don't set cookie domain servletCookie.setSecure(cookie.getSecure()); servletCookie.setVersion(cookie.getVersion()); servletResponse.addCookie(servletCookie); } }
From source file:org.apache.jetspeed.modules.actions.JLoginUser.java
public void doPerform(RunData rundata) throws Exception { JetspeedRunData data = (JetspeedRunData) rundata; String username = data.getParameters().getString("username", ""); String password = data.getParameters().getString("password", ""); boolean newUserApproval = JetspeedResources.getBoolean("newuser.approval.enable", false); String secretkey = (String) data.getParameters().getString("secretkey", null); if (secretkey != null) { // its the first logon - we are verifying the secretkey // handle the buttons on the ConfirmRegistration page String button1 = data.getParameters().getString("submit1", null); if (button1 != null && button1.equalsIgnoreCase("Cancel")) { data.setScreenTemplate(TurbineTemplate.getDefaultScreen()); return; }// w w w. jav a 2 s.c o m // check to make sure the user entered the right confirmation key // if not, then send them to the ConfirmRegistration screen JetspeedUser user = JetspeedSecurity.getUser(username); if (user == null) { logger.warn("JLogin User: Unexpected condition : user is NULL"); return; } String confirm_value = user.getConfirmed(); if (!secretkey.equals(confirm_value) && !confirm_value.equals(JetspeedResources.CONFIRM_VALUE)) { if (newUserApproval) { data.setMessage(Localization.getString(rundata, "JLOGINUSER_KEYNOTVALID")); data.setScreenTemplate("NewUserAwaitingAcceptance"); return; } else { if (user.getConfirmed().equals(JetspeedResources.CONFIRM_VALUE_REJECTED)) { data.setMessage(Localization.getString(rundata, "JLOGINUSER_KEYNOTVALID")); data.setScreenTemplate("NewUserRejected"); return; } else { data.setMessage(Localization.getString(rundata, "JLOGINUSER_KEYNOTVALID")); data.setScreenTemplate("ConfirmRegistration"); return; } } } user.setConfirmed(JetspeedResources.CONFIRM_VALUE); data.setMessage(Localization.getString(rundata, "JLOGINUSER_WELCOME")); JetspeedSecurity.saveUser(user); } JetspeedUser user = null; try { user = JetspeedSecurity.login(username, password); JetspeedSecurity.saveUser(user); } catch (LoginException e) { data.setScreenTemplate(JetspeedResources.getString(TurbineConstants.TEMPLATE_LOGIN)); String message = e.getMessage() != null ? e.getMessage() : e.toString(); data.setMessage(message); data.setUser(JetspeedSecurity.getAnonymousUser()); data.getUser().setHasLoggedIn(new Boolean(false)); if (e instanceof FailedLoginException) { if (!disableCheck(data)) { logger.info("JLoginUser: Credential Failure on login for user: " + username); data.setMessage(Localization.getString(rundata, "PASSWORDFORM_FAILED_MSG")); } } else if (e instanceof AccountExpiredException) { logger.info("JLoginUser: Account Expired for user " + username); } else if (e instanceof CredentialExpiredException) { logger.info("JLoginUser: Credentials expired for user: " + username); data.setScreenTemplate( JetspeedResources.getString(JetspeedResources.CHANGE_PASSWORD_TEMPLATE, "ChangePassword")); data.setMessage(Localization.getString(rundata, "PASSWORDFORM_EXPIRED_MSG")); data.getParameters().setString("username", username); } return; } catch (Throwable other) { data.setScreenTemplate(JetspeedResources.getString(TurbineConstants.TEMPLATE_ERROR)); String message = other.getMessage() != null ? other.getMessage() : other.toString(); data.setMessage(message); data.setStackTrace(org.apache.turbine.util.StringUtils.stackTrace(other), other); JetspeedUser juser = new FakeJetspeedUser(JetspeedSecurity.getAnonymousUserName(), false); data.setUser(juser); return; } if ("T".equals(user.getDisabled())) { data.setMessage(Localization.getString(rundata, "JLOGINUSER_ACCOUNT_DISABLED")); data.setScreenTemplate(JetspeedResources.getString("logon.disabled.form")); data.getUser().setHasLoggedIn(new Boolean(false)); return; } // check for being confirmed before allowing someone to finish logging in if (data.getUser().hasLoggedIn()) { if (JetspeedSecurity.isDisableAccountCheckEnabled()) { // dst: this needs some refactoring. I don't believe this api is necessary JetspeedSecurity.resetDisableAccountCheck(data.getParameters().getString("username", "")); } String confirmed = data.getUser().getConfirmed(); if (confirmed == null || !confirmed.equals(JetspeedResources.CONFIRM_VALUE)) { if (confirmed != null && confirmed.equals(JetspeedResources.CONFIRM_VALUE_REJECTED)) { data.setMessage(Localization.getString(rundata, "JLOGINUSER_KEYNOTVALID")); data.setScreenTemplate("NewUserRejected"); data.getUser().setHasLoggedIn(new Boolean(false)); return; } else { data.setMessage(Localization.getString(rundata, "JLOGINUSER_CONFIRMFIRST")); data.setScreenTemplate("ConfirmRegistration"); data.getUser().setHasLoggedIn(new Boolean(false)); return; } } // user has logged in successfully at this point boolean automaticLogonEnabled = JetspeedResources.getBoolean("automatic.logon.enable", false); if (automaticLogonEnabled) { //Does the user want to use this facility? boolean userRequestsRememberMe = data.getParameters().getBoolean("rememberme", false); if (userRequestsRememberMe) { //save cookies on the users machine. int maxage = JetspeedResources.getInt("automatic.logon.cookie.maxage", -1); String comment = JetspeedResources.getString("automatic.logon.cookie.comment", ""); String domain = JetspeedResources.getString("automatic.logon.cookie.domain"); String path = JetspeedResources.getString("automatic.logon.cookie.path", "/"); if (domain == null) { String server = data.getServerName(); domain = "." + server; } String loginCookieValue = null; if (JetspeedResources.getString("automatic.logon.cookie.generation", "everylogon") .equals("everylogon")) { loginCookieValue = "" + Math.random(); data.getUser().setPerm("logincookie", loginCookieValue); JetspeedSecurity.saveUser(data.getJetspeedUser()); } else { loginCookieValue = (String) data.getUser().getPerm("logincookie"); if (loginCookieValue == null || loginCookieValue.length() == 0) { loginCookieValue = "" + Math.random(); data.getUser().setPerm("logincookie", loginCookieValue); JetspeedSecurity.saveUser(data.getJetspeedUser()); } } Cookie userName = new Cookie("username", data.getUser().getUserName()); Cookie loginCookie = new Cookie("logincookie", loginCookieValue); userName.setMaxAge(maxage); userName.setComment(comment); userName.setDomain(domain); userName.setPath(path); loginCookie.setMaxAge(maxage); loginCookie.setComment(comment); loginCookie.setDomain(domain); loginCookie.setPath(path); data.getResponse().addCookie(userName); data.getResponse().addCookie(loginCookie); } } } else { disableCheck(data); } }
From source file:com.tremolosecurity.proxy.filters.PreAuthFilter.java
@Override public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception { AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)) .getAuthInfo();// w ww . j a va 2s.c om ConfigManager cfg = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ); List<Cookie> cookies = null; if (userData.getAuthLevel() > 0 && userData.isAuthComplete()) { UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG); HttpSession session = request.getSession(); String uid = (String) session.getAttribute("TREMOLO_PRE_AUTH"); if (uid == null || !uid.equals(userData.getUserDN())) { session.setAttribute("TREMOLO_PRE_AUTH", userData.getUserDN()); HashMap<String, String> uriParams = new HashMap<String, String>(); uriParams.put("fullURI", this.uri); UrlHolder remHolder = cfg.findURL(this.url); org.apache.http.client.methods.HttpRequestBase method = null; if (this.postSAML) { PrivateKey pk = holder.getConfig().getPrivateKey(this.keyAlias); java.security.cert.X509Certificate cert = holder.getConfig().getCertificate(this.keyAlias); Saml2Assertion assertion = new Saml2Assertion( userData.getAttribs().get(this.nameIDAttribute).getValues().get(0), pk, cert, null, this.issuer, this.assertionConsumerURL, this.audience, this.signAssertion, this.signResponse, false, this.nameIDType, this.authnCtxClassRef); String respXML = ""; try { respXML = assertion.generateSaml2Response(); } catch (Exception e) { throw new ServletException("Could not generate SAMLResponse", e); } List<NameValuePair> formparams = new ArrayList<NameValuePair>(); String base64 = Base64.encodeBase64String(respXML.getBytes("UTF-8")); formparams.add(new BasicNameValuePair("SAMLResponse", base64)); if (this.relayState != null && !this.relayState.isEmpty()) { formparams.add(new BasicNameValuePair("RelayState", this.relayState)); } UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8"); HttpPost post = new HttpPost(this.assertionConsumerURL); post.setEntity(entity); method = post; } else { HttpGet get = new HttpGet(remHolder.getProxyURL(uriParams)); method = get; } LastMileUtil.addLastMile(cfg, userData.getAttribs().get(loginAttribute).getValues().get(0), this.loginAttribute, method, lastMileKeyAlias, true); BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager( cfg.getHttpClientSocketRegistry()); try { CloseableHttpClient httpclient = HttpClients.custom().setConnectionManager(bhcm) .setDefaultRequestConfig(cfg.getGlobalHttpClientConfig()).build(); HttpResponse resp = httpclient.execute(method); if (resp.getStatusLine().getStatusCode() == 500) { BufferedReader in = new BufferedReader( new InputStreamReader(resp.getEntity().getContent())); StringBuffer error = new StringBuffer(); String line = null; while ((line = in.readLine()) != null) { error.append(line).append('\n'); } logger.warn("Pre-Auth Failed : " + error); } org.apache.http.Header[] headers = resp.getAllHeaders(); StringBuffer stmp = new StringBuffer(); cookies = new ArrayList<Cookie>(); for (org.apache.http.Header header : headers) { if (header.getName().equalsIgnoreCase("set-cookie") || header.getName().equalsIgnoreCase("set-cookie2")) { //System.out.println(header.getValue()); String cookieVal = header.getValue(); /*if (cookieVal.endsWith("HttpOnly")) { cookieVal = cookieVal.substring(0,cookieVal.indexOf("HttpOnly")); } //System.out.println(cookieVal);*/ List<HttpCookie> cookiesx = HttpCookie.parse(cookieVal); for (HttpCookie cookie : cookiesx) { String cookieFinalName = cookie.getName(); if (cookieFinalName.equalsIgnoreCase("JSESSIONID")) { stmp.setLength(0); stmp.append("JSESSIONID").append('-') .append(holder.getApp().getName().replaceAll(" ", "|")); cookieFinalName = stmp.toString(); } //logger.info("Adding cookie name '" + cookieFinalName + "'='" + cookie.getValue() + "'"); Cookie respcookie = new Cookie(cookieFinalName, cookie.getValue()); respcookie.setComment(cookie.getComment()); if (cookie.getDomain() != null) { //respcookie.setDomain(cookie.getDomain()); } respcookie.setMaxAge((int) cookie.getMaxAge()); respcookie.setPath(cookie.getPath()); respcookie.setSecure(cookie.getSecure()); respcookie.setVersion(cookie.getVersion()); cookies.add(respcookie); if (request.getCookieNames().contains(respcookie.getName())) { request.removeCookie(cookieFinalName); } request.addCookie(new Cookie(cookie.getName(), cookie.getValue())); } } } } finally { bhcm.shutdown(); } } } chain.nextFilter(request, response, chain); if (cookies != null) { for (Cookie cookie : cookies) { response.addCookie(cookie); } } }
From source file:com.fuseim.webapp.ProxyServlet.java
/** * Copy cookie from the proxy to the servlet client. Replaces cookie path to local path and * renames cookie to avoid collisions.//from ww w . j a va 2 s . com */ protected void copyProxyCookie(HttpServletRequest servletRequest, HttpServletResponse servletResponse, String headerValue) { List<HttpCookie> cookies = HttpCookie.parse(headerValue); String path = servletRequest.getContextPath(); // path starts with / or is empty string path += servletRequest.getServletPath(); // servlet path starts with / or is empty string for (HttpCookie cookie : cookies) { //set cookie name prefixed w/ a proxy value so it won't collide w/ other cookies String proxyCookieName = doPreserveCookies ? cookie.getName() : getCookieNamePrefix(cookie.getName()) + cookie.getName(); Cookie servletCookie = new Cookie(proxyCookieName, cookie.getValue()); servletCookie.setComment(cookie.getComment()); servletCookie.setMaxAge((int) cookie.getMaxAge()); servletCookie.setPath(path); //set to the path of the proxy servlet // don't set cookie domain servletCookie.setSecure(cookie.getSecure()); servletCookie.setVersion(cookie.getVersion()); servletResponse.addCookie(servletCookie); } }
From source file:com.qlkh.client.server.proxy.ProxyServlet.java
/** * Executes the {@link org.apache.commons.httpclient.HttpMethod} passed in and sends the proxy response * back to the client via the given {@link javax.servlet.http.HttpServletResponse} * * @param httpMethodProxyRequest An object representing the proxy request to be made * @param httpServletResponse An object by which we can send the proxied * response back to the client * @throws java.io.IOException Can be thrown by the {@link org.apache.commons.httpclient.HttpClient}.executeMethod * @throws javax.servlet.ServletException Can be thrown to indicate that another error has occurred *//* w ww. j a va 2 s . com*/ private void executeProxyRequest(HttpMethod httpMethodProxyRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException { if (httpServletRequest.isSecure()) { Protocol.registerProtocol("https", new Protocol("https", new EasySSLProtocolSocketFactory(), 443)); } // Create a default HttpClient HttpClient httpClient = new HttpClient(); httpMethodProxyRequest.setFollowRedirects(false); // Execute the request int intProxyResponseCode = httpClient.executeMethod(httpMethodProxyRequest); InputStream response = httpMethodProxyRequest.getResponseBodyAsStream(); // Check if the proxy response is a redirect // The following code is adapted from org.tigris.noodle.filters.CheckForRedirect // Hooray for open source software if (intProxyResponseCode >= HttpServletResponse.SC_MULTIPLE_CHOICES /* 300 */ && intProxyResponseCode < HttpServletResponse.SC_NOT_MODIFIED /* 304 */) { String stringStatusCode = Integer.toString(intProxyResponseCode); String stringLocation = httpMethodProxyRequest.getResponseHeader(STRING_LOCATION_HEADER).getValue(); if (stringLocation == null) { throw new ServletException("Received status code: " + stringStatusCode + " but no " + STRING_LOCATION_HEADER + " header was found in the response"); } // Modify the redirect to go to this proxy servlet rather that the proxied host String stringMyHostName = httpServletRequest.getServerName(); if (httpServletRequest.getServerPort() != 80) { stringMyHostName += ":" + httpServletRequest.getServerPort(); } stringMyHostName += httpServletRequest.getContextPath(); if (followRedirects) { if (stringLocation.contains("jsessionid")) { Cookie cookie = new Cookie("JSESSIONID", stringLocation.substring(stringLocation.indexOf("jsessionid=") + 11)); cookie.setPath("/"); httpServletResponse.addCookie(cookie); //debug("redirecting: set jessionid (" + cookie.getValue() + ") cookie from URL"); } else if (httpMethodProxyRequest.getResponseHeader("Set-Cookie") != null) { Header header = httpMethodProxyRequest.getResponseHeader("Set-Cookie"); String[] cookieDetails = header.getValue().split(";"); String[] nameValue = cookieDetails[0].split("="); Cookie cookie = new Cookie(nameValue[0], nameValue[1]); cookie.setPath("/"); //debug("redirecting: setting cookie: " + cookie.getName() + ":" + cookie.getValue() + " on " + cookie.getPath()); httpServletResponse.addCookie(cookie); } httpServletResponse.sendRedirect( stringLocation.replace(getProxyHostAndPort() + this.getProxyPath(), stringMyHostName)); return; } } else if (intProxyResponseCode == HttpServletResponse.SC_NOT_MODIFIED) { // 304 needs special handling. See: // http://www.ics.uci.edu/pub/ietf/http/rfc1945.html#Code304 // We get a 304 whenever passed an 'If-Modified-Since' // header and the data on disk has not changed; server // responds w/ a 304 saying I'm not going to send the // body because the file has not changed. httpServletResponse.setIntHeader(STRING_CONTENT_LENGTH_HEADER_NAME, 0); httpServletResponse.setStatus(HttpServletResponse.SC_NOT_MODIFIED); return; } // Pass the response code back to the client httpServletResponse.setStatus(intProxyResponseCode); // Pass response headers back to the client Header[] headerArrayResponse = httpMethodProxyRequest.getResponseHeaders(); for (Header header : headerArrayResponse) { if (header.getName().equals("Transfer-Encoding") && header.getValue().equals("chunked") || header.getName().equals("Content-Encoding") && header.getValue().equals("gzip") || // don't copy gzip header header.getName().equals("WWW-Authenticate")) { // don't copy WWW-Authenticate header so browser doesn't prompt on failed basic auth // proxy servlet does not support chunked encoding } else { httpServletResponse.setHeader(header.getName(), header.getValue()); } } List<Header> responseHeaders = Arrays.asList(headerArrayResponse); if (isBodyParameterGzipped(responseHeaders)) { debug("GZipped: true"); int length = 0; if (!followRedirects && intProxyResponseCode == HttpServletResponse.SC_MOVED_TEMPORARILY) { String gz = httpMethodProxyRequest.getResponseHeader(STRING_LOCATION_HEADER).getValue(); httpServletResponse.setStatus(HttpServletResponse.SC_OK); intProxyResponseCode = HttpServletResponse.SC_OK; httpServletResponse.setHeader(STRING_LOCATION_HEADER, gz); } else { final byte[] bytes = ungzip(httpMethodProxyRequest.getResponseBody()); length = bytes.length; response = new ByteArrayInputStream(bytes); } httpServletResponse.setContentLength(length); } // Send the content to the client debug("Received status code: " + intProxyResponseCode, "Response: " + response); //httpServletResponse.getWriter().write(response); copy(response, httpServletResponse.getOutputStream()); }
From source file:org.josso.agent.http.HttpSSOAgent.java
/** * This creates a new JOSSO Cookie for the given path and value. * * @param path the path associated with the cookie, normaly the partner application context. * @param value the SSO Session ID/*from w w w . j a va2s . c o m*/ * @return */ public Cookie newJossoCookie(String path, String value) { // Some browsers don't like cookies without paths. This is useful for partner applications configured in the root context if (path == null || "".equals(path)) path = "/"; Cookie ssoCookie = new Cookie(org.josso.gateway.Constants.JOSSO_SINGLE_SIGN_ON_COOKIE, value); ssoCookie.setMaxAge(-1); ssoCookie.setPath(path); // TODO : Check domain / secure ? //ssoCookie.setDomain(cfg.getSessionTokenScope()); //ssoCookie.setSecure(true); return ssoCookie; }
From source file:com.google.ie.web.controller.UserController.java
/** * Delete all the cookies related to the user from the system * //from ww w . j a v a2 s . c om * @param request {@link HttpServletRequest} object * @param response {@link HttpServletResponse} object */ private void removeCookieFromSystem(HttpServletRequest request, HttpServletResponse response) { Cookie[] cookies = request.getCookies(); if (cookies != null) { for (int i = 0; i < cookies.length; i++) { Cookie cookie = cookies[i]; // Don't remove access token cookie if (!StringUtils.equals(cookie.getName(), AuthenticationFilter.ACCESS_TOKEN)) { /* Set the max age to zero so that the cookie is deleted */ cookie.setMaxAge(WebConstants.ZERO); cookie.setPath("/"); response.addCookie(cookie); } } } if (isDebugEnabled) { LOGGER.debug("The age of the cookies related to the " + "user has been set to zero and the cookies set into the response"); } }