List of usage examples for javax.servlet.http Cookie setSecure
public void setSecure(boolean flag)
From source file:org.owasp.benchmark.testcode.BenchmarkTest01958.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = request.getHeader("vector"); if (param == null) param = ""; String bar = doSomething(param); double value = java.lang.Math.random(); String rememberMeKey = Double.toString(value).substring(2); // Trim off the 0. at the front. String user = "Doug"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber;//from w w w . ja va2s . co m String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.lang.Math.random() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest02756.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request);// w w w. j a v a 2 s. c om String param = scr.getTheValue("vector"); String bar = doSomething(param); int r = new java.util.Random().nextInt(); String rememberMeKey = Integer.toString(r); String user = "Ingrid"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextInt() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest01311.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = request.getParameter("vector"); if (param == null) param = ""; String bar = new Test().doSomething(param); int r = new java.util.Random().nextInt(); String rememberMeKey = Integer.toString(r); String user = "Ingrid"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber;/*from www. j av a 2 s .c o m*/ String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextInt() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest02558.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String[] values = request.getParameterValues("vector"); String param;//w w w.ja va2 s . co m if (values != null && values.length > 0) param = values[0]; else param = ""; String bar = doSomething(param); int randNumber = new java.util.Random().nextInt(99); String rememberMeKey = Integer.toString(randNumber); String user = "Inga"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextInt(int) executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest01554.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request);//from w w w .j a v a 2s .c o m String param = scr.getTheParameter("vector"); if (param == null) param = ""; String bar = new Test().doSomething(param); byte[] bytes = new byte[10]; new java.util.Random().nextBytes(bytes); String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(bytes, true); String user = "Byron"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.util.Random.nextBytes() executed"); }
From source file:org.sonar.server.authentication.CsrfVerifier.java
public String generateState(HttpServletResponse response) { // Create a state token to prevent request forgery. // Store it in the session for later validation. String state = new BigInteger(130, new SecureRandom()).toString(32); Cookie cookie = new Cookie(CSRF_STATE_COOKIE, sha256Hex(state)); cookie.setPath("/"); cookie.setHttpOnly(true);/*from w w w. j a v a 2s. c o m*/ cookie.setMaxAge(-1); cookie.setSecure(server.isSecured()); response.addCookie(cookie); return state; }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00342.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("vector"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }//from w ww. ja v a2s. c o m String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); try { int r = java.security.SecureRandom.getInstance("SHA1PRNG").nextInt(); String rememberMeKey = Integer.toString(r); String user = "SafeIngrid"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing SecureRandom.nextInt() - TestCase"); throw new ServletException(e); } response.getWriter().println("Weak Randomness Test java.security.SecureRandom.nextInt() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00344.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; java.util.Enumeration<String> headers = request.getHeaders("vector"); if (headers.hasMoreElements()) { param = headers.nextElement(); // just grab first element }//from w w w .ja v a 2s . co m String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); try { long l = java.security.SecureRandom.getInstance("SHA1PRNG").nextLong(); String rememberMeKey = Long.toString(l); String user = "SafeLogan"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); for (int i = 0; cookies != null && ++i < cookies.length && !foundUser;) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } } catch (java.security.NoSuchAlgorithmException e) { System.out.println("Problem executing SecureRandom.nextLong() - TestCase"); throw new ServletException(e); } response.getWriter().println("Weak Randomness Test java.security.SecureRandom.nextLong() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00461.java
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); java.util.Map<String, String[]> map = request.getParameterMap(); String param = ""; if (!map.isEmpty()) { String[] values = map.get("BenchmarkTest00461"); if (values != null) param = values[0];/*from ww w .j ava 2 s . c o m*/ } String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param); double value = java.lang.Math.random(); String rememberMeKey = Double.toString(value).substring(2); // Trim off the 0. at the front. String user = "Doug"; String fullClassName = this.getClass().getName(); String testCaseNumber = fullClassName .substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length()); user += testCaseNumber; String cookieName = "rememberMe" + testCaseNumber; boolean foundUser = false; javax.servlet.http.Cookie[] cookies = request.getCookies(); if (cookies != null) { for (int i = 0; !foundUser && i < cookies.length; i++) { javax.servlet.http.Cookie cookie = cookies[i]; if (cookieName.equals(cookie.getName())) { if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) { foundUser = true; } } } } if (foundUser) { response.getWriter().println("Welcome back: " + user + "<br/>"); } else { javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey); rememberMe.setSecure(true); // rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName()); rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet // e.g., /benchmark/sql-01/BenchmarkTest01001 request.getSession().setAttribute(cookieName, rememberMeKey); response.addCookie(rememberMe); response.getWriter().println(user + " has been remembered with cookie: " + rememberMe.getName() + " whose value is: " + rememberMe.getValue() + "<br/>"); } response.getWriter().println("Weak Randomness Test java.lang.Math.random() executed"); }
From source file:org.owasp.benchmark.testcode.BenchmarkTest00098.java
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { javax.servlet.http.Cookie userCookie = new javax.servlet.http.Cookie("BenchmarkTest00098", "my_user_id"); userCookie.setMaxAge(60 * 3); //Store cookie for 3 minutes userCookie.setSecure(true); userCookie.setPath(request.getRequestURI()); response.addCookie(userCookie);/*from w w w . ja v a2s . c om*/ javax.servlet.RequestDispatcher rd = request.getRequestDispatcher("/trustbound-00/BenchmarkTest00098.html"); rd.include(request, response); }