List of usage examples for javax.servlet.http Cookie setSecure
public void setSecure(boolean flag)
From source file:org.keysupport.shibboleth.idp.x509.X509AuthServlet.java
/** {@inheritDoc} */ @Override/*from w w w .ja v a 2 s .co m*/ protected void service(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse) throws ServletException, IOException { try { final String key = ExternalAuthentication.startExternalAuthentication(httpRequest); final X509Certificate[] certs = (X509Certificate[]) httpRequest .getAttribute("javax.servlet.request.X509Certificate"); log.debug("{} X.509 Certificate(s) found in request", certs != null ? certs.length : 0); if (certs == null || certs.length < 1) { log.error("No X.509 Certificates found in request"); httpRequest.setAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY, AuthnEventIds.NO_CREDENTIALS); ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); return; } final X509Certificate cert = certs[0]; log.debug("End-entity X.509 certificate found with subject '{}', issued by '{}'", cert.getSubjectDN().getName(), cert.getIssuerDN().getName()); if (trustEngine != null) { try { final BasicX509Credential cred = new BasicX509Credential(cert); cred.setEntityCertificateChain(Arrays.asList(certs)); if (trustEngine.validate(cred, new CriteriaSet())) { log.debug("Trust engine validated X.509 certificate"); } else { log.warn("Trust engine failed to validate X.509 certificate"); httpRequest.setAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY, AuthnEventIds.INVALID_CREDENTIALS); ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); return; } } catch (final SecurityException e) { log.error("Exception raised by trust engine", e); httpRequest.setAttribute(ExternalAuthentication.AUTHENTICATION_EXCEPTION_KEY, e); ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); return; } } final String passthrough = httpRequest.getParameter(PASSTHROUGH_PARAM); if (passthrough != null && Boolean.parseBoolean(passthrough)) { log.debug("Setting UI passthrough cookie"); final Cookie cookie = new Cookie(PASSTHROUGH_PARAM, "1"); cookie.setPath(httpRequest.getContextPath()); cookie.setMaxAge(60 * 60 * 24 * 365); cookie.setSecure(true); httpResponse.addCookie(cookie); } final Subject subject = new Subject(); subject.getPublicCredentials().add(cert); subject.getPrincipals().add(cert.getSubjectX500Principal()); httpRequest.setAttribute(ExternalAuthentication.SUBJECT_KEY, subject); // final String revokeConsent = httpRequest // .getParameter(ProfileInterceptorFlowDescriptor.REVOKE_CONSENT_PARAM); // if (revokeConsent != null // && ("1".equals(revokeConsent) || "true" // .equals(revokeConsent))) { // httpRequest.setAttribute( // ExternalAuthentication.REVOKECONSENT_KEY, Boolean.TRUE); // } ExternalAuthentication.finishExternalAuthentication(key, httpRequest, httpResponse); } catch (final ExternalAuthenticationException e) { throw new ServletException("Error processing external authentication request", e); } }
From source file:au.gov.dto.springframework.security.web.csrf.CookieCsrfTokenRepository.java
@Override public void saveToken(CsrfToken token, HttpServletRequest request, HttpServletResponse response) { Cookie csrfCookie; if (token == null) { csrfCookie = new Cookie(csrfCookieName, ""); csrfCookie.setMaxAge(0);//from w w w. j a va2 s.c om } else { csrfCookie = new Cookie(csrfCookieName, token.getToken()); csrfCookie.setMaxAge(csrfCookieMaxAgeSeconds); } csrfCookie.setHttpOnly(true); csrfCookie.setSecure(request.isSecure()); csrfCookie.setPath(csrfCookiePath); response.addCookie(csrfCookie); }
From source file:org.jsecurity.web.attr.CookieAttribute.java
public void onStoreValue(T value, ServletRequest servletRequest, ServletResponse servletResponse) { HttpServletRequest request = toHttp(servletRequest); HttpServletResponse response = toHttp(servletResponse); String name = getName();/*from www . jav a 2 s. c o m*/ int maxAge = getMaxAge(); String path = getPath() != null ? getPath() : request.getContextPath(); String stringValue = toStringValue(value); Cookie cookie = new Cookie(name, stringValue); cookie.setMaxAge(maxAge); cookie.setPath(path); if (isSecure()) { cookie.setSecure(true); } response.addCookie(cookie); if (log.isTraceEnabled()) { log.trace("Added Cookie [" + name + "] to path [" + path + "] with value [" + stringValue + "] to the HttpServletResponse."); } }
From source file:com.thoughtworks.go.http.mocks.MockHttpServletResponseAssert.java
public SELF hasCookie(String path, String name, String value, int maxAge, boolean secured, boolean httpOnly) { Cookie actualCookie = actual.getCookie(name); Cookie expectedCookie = new Cookie(name, value); expectedCookie.setDomain(""); expectedCookie.setPath(path);//w w w . j a v a2 s .c om expectedCookie.setMaxAge(maxAge); expectedCookie.setSecure(secured); expectedCookie.setHttpOnly(httpOnly); if (!EqualsBuilder.reflectionEquals(expectedCookie, actualCookie)) { this.as("cookie"); throw Failures.instance().failure(info, shouldBeEqual(ReflectionToStringBuilder.toString(actualCookie, ToStringStyle.MULTI_LINE_STYLE), ReflectionToStringBuilder.toString(expectedCookie, ToStringStyle.MULTI_LINE_STYLE), info.representation())); } return myself; }
From source file:org.springframework.web.util.CookieGenerator.java
/** * Add a cookie with the given value to the response, * using the cookie descriptor settings of this generator. * <p>Delegates to {@link #createCookie} for cookie creation. * @param response the HTTP response to add the cookie to * @param cookieValue the value of the cookie to add * @see #setCookieName/*from w w w.j av a 2 s .co m*/ * @see #setCookieDomain * @see #setCookiePath * @see #setCookieMaxAge */ public void addCookie(HttpServletResponse response, String cookieValue) { Assert.notNull(response, "HttpServletResponse must not be null"); Cookie cookie = createCookie(cookieValue); Integer maxAge = getCookieMaxAge(); if (maxAge != null) { cookie.setMaxAge(maxAge); } if (isCookieSecure()) { cookie.setSecure(true); } if (isCookieHttpOnly()) { cookie.setHttpOnly(true); } response.addCookie(cookie); if (logger.isDebugEnabled()) { logger.debug("Added cookie with name [" + getCookieName() + "] and value [" + cookieValue + "]"); } }
From source file:eu.semlibproject.annotationserver.managers.CookiesManager.java
/** * Generate a new cookie for the annotation server * //from ww w . j av a 2 s. c om * @param accessToken the accessToken * @return the new generated cookie */ public Cookie generateNewASCookie(String accessToken) { if (accessToken != null) { Cookie cookie = new Cookie(SemlibConstants.COOCKIE_NAME, accessToken); cookie.setComment(SemlibConstants.COOCKIE_DESCRIPTION); cookie.setPath(SemlibConstants.COOKIE_PATH); cookie.setMaxAge(SemlibConstants.COOKIE_TIME); cookie.setVersion(1); cookie.setSecure(false); return cookie; } return null; }
From source file:org.jasig.portal.portlet.container.services.SessionOnlyPortletCookieImpl.java
@Override public Cookie toCookie() { Cookie cookie = new Cookie(name, value); cookie.setComment(comment);/*from ww w.j av a2 s. co m*/ if (domain != null) { cookie.setDomain(domain); } cookie.setMaxAge(getMaxAge()); cookie.setPath(path); cookie.setSecure(secure); cookie.setVersion(version); return cookie; }
From source file:com.vmware.identity.openidconnect.server.AuthenticationRequestProcessor.java
private Cookie loggedInSessionCookie(SessionID sessionId) { Cookie cookie = new Cookie(SessionManager.getSessionCookieName(this.tenant), sessionId.getValue()); cookie.setPath("/openidconnect"); cookie.setSecure(true); cookie.setHttpOnly(true);/*from w w w.j av a 2 s. c o m*/ return cookie; }
From source file:com.qut.middleware.esoe.authn.servlet.AuthnServlet.java
/** * Clears a provided session identifying cookie when some invalid value has been presented * /*from www .jav a2s . c om*/ * @param data * Local request AuthnProcessoreData bean */ private void clearSessionCookie(AuthnProcessorData data) { /* Remove the value of the users session cookie at the ESOE */ Cookie sessionCookie = new Cookie(this.sessionTokenName, ""); //$NON-NLS-1$ sessionCookie.setDomain(this.sessionDomain); sessionCookie.setSecure(false); data.getHttpResponse().addCookie(sessionCookie); }
From source file:org.piwik.ResponseData.java
public List<Cookie> getCookies() { List<Cookie> cookies = new ArrayList<Cookie>(); for (String key : headerData.keySet()) { List<String> headerParts = headerData.get(key); StringBuilder cookieInfo = new StringBuilder(); for (String part : headerParts) { cookieInfo.append(part);//from w w w. j a va 2 s .c om } if (key == null && cookieInfo.toString().equals("")) { LOGGER.debug("No more headers, not proceeding"); return null; } if (key == null) { LOGGER.debug("The header value contains the server's HTTP version, not proceeding"); } else if (key.equals("Set-Cookie")) { List<HttpCookie> httpCookies = HttpCookie.parse(cookieInfo.toString()); for (HttpCookie h : httpCookies) { Cookie c = new Cookie(h.getName(), h.getValue()); c.setComment(h.getComment()); if (h.getDomain() != null) { c.setDomain(h.getDomain()); } c.setMaxAge(Long.valueOf(h.getMaxAge()).intValue()); c.setPath(h.getPath()); c.setSecure(h.getSecure()); c.setVersion(h.getVersion()); cookies.add(c); } } else { LOGGER.debug("The provided key (" + key + ") with value (" + cookieInfo + ") were not processed because the key is unknown"); } } return cookies; }