Example usage for javax.servlet.http HttpServletResponseWrapper addCookie

List of usage examples for javax.servlet.http HttpServletResponseWrapper addCookie

  1. HOME
  2. Java
  3. javax
  4. javax.servlet.http.*
  5. HttpServletResponseWrapper
  6. addCookie

Introduction

In this page you can find the example usage for javax.servlet.http HttpServletResponseWrapper addCookie.

Prototype

@Override
public void addCookie(Cookie cookie)

Source Link

Document

The default behavior of this method is to call addCookie(Cookie cookie) on the wrapped response object.

Usage

From source file:com.perimeterx.api.PerimeterX.java

/**
 * Verify http request using cookie or PX server call
 *
 * @param req             - current http call examined by PX
 * @param responseWrapper - response wrapper on which we will set the response according to PX verification. {@see javax.xml.ws.ResponseWrapper}
 * @throws PXException//from  w w w. j  av a  2s.c o  m
 */
public boolean pxVerify(HttpServletRequest req, HttpServletResponseWrapper responseWrapper) throws PXException {
    if (!moduleEnabled()) {
        logger.info("PerimeterX verification SDK is disabled");
        return true;
    }

    // Remove captcha cookie to prevent re-use
    Cookie cookie = new Cookie(Constants.COOKIE_CAPTCHA_KEY, StringUtils.EMPTY);
    cookie.setMaxAge(0);
    responseWrapper.addCookie(cookie);

    PXContext context = new PXContext(req, this.ipProvider, configuration.getAppId());
    if (captchaValidator.verify(context)) {
        return handleVerification(context, responseWrapper, BlockReason.COOKIE);
    }
    S2SCallReason callReason = cookieValidator.verify(context);
    logger.info("Risk API call reason: {}", callReason);
    // Cookie is valid (exists and not expired) so we can block according to it's score
    if (callReason == S2SCallReason.NONE) {
        logger.info("No risk API Call is needed, using cookie");
        return handleVerification(context, responseWrapper, BlockReason.COOKIE);
    }

    context.setS2sCallReason(callReason);
    // Calls risk_api and populate the data retrieved to the context
    RiskRequest request = RiskRequest.fromContext(context);
    RiskResponse response = serverValidator.verify(request);
    context.setScore(response.getScores().getNonHuman());
    context.setUuid(response.getUuid());
    return handleVerification(context, responseWrapper, BlockReason.SERVER);
}