Java Code Examples for javax.servlet.SessionTrackingMode

The following are top voted examples for showing how to use javax.servlet.SessionTrackingMode. These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system to generate more good examples.
Example 1
Project: tomcat7   File: Request.java   View source code 6 votes vote down vote up
/**
 * Change the ID of the session that this request is associated with. There
 * are several things that may trigger an ID change. These include moving
 * between nodes in a cluster and session fixation prevention during the
 * authentication process.
 *
 * @param newSessionId   The session to change the session ID for
 */
public void changeSessionId(String newSessionId) {
    // This should only ever be called if there was an old session ID but
    // double check to be sure
    if (requestedSessionId != null && requestedSessionId.length() > 0) {
        requestedSessionId = newSessionId;
    }

    if (context != null && !context.getServletContext()
            .getEffectiveSessionTrackingModes().contains(
                    SessionTrackingMode.COOKIE)) {
        return;
    }

    if (response != null) {
        Cookie newCookie =
            ApplicationSessionCookieConfig.createSessionCookie(context,
                    newSessionId, secure);
        response.addSessionCookieInternal(newCookie);
    }
}
 
Example 2
Project: tomcat7   File: ApplicationContext.java   View source code 6 votes vote down vote up
private void populateSessionTrackingModes() {
    // URL re-writing is always enabled by default
    defaultSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);
    supportedSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);

    if (context.getCookies()) {
        defaultSessionTrackingModes.add(SessionTrackingMode.COOKIE);
        supportedSessionTrackingModes.add(SessionTrackingMode.COOKIE);
    }

    // SSL not enabled by default as it can only used on its own
    // Context > Host > Engine > Service
    Service s = ((Engine) context.getParent().getParent()).getService();
    Connector[] connectors = s.findConnectors();
    // Need at least one SSL enabled connector to use the SSL session ID.
    for (Connector connector : connectors) {
        if (Boolean.TRUE.equals(connector.getAttribute("SSLEnabled"))) {
            supportedSessionTrackingModes.add(SessionTrackingMode.SSL);
            break;
        }
    }
}
 
Example 3
Project: lams   File: ServletContextImpl.java   View source code 6 votes vote down vote up
public void initDone() {
    initialized = true;
    Set<SessionTrackingMode> trackingMethods = sessionTrackingModes;
    SessionConfig sessionConfig = sessionCookieConfig;
    if (trackingMethods != null && !trackingMethods.isEmpty()) {
        if (sessionTrackingModes.contains(SessionTrackingMode.SSL)) {
            sessionConfig = new SslSessionConfig(deployment.getSessionManager());
        } else {
            if (sessionTrackingModes.contains(SessionTrackingMode.COOKIE) && sessionTrackingModes.contains(SessionTrackingMode.URL)) {
                sessionCookieConfig.setFallback(new PathParameterSessionConfig(sessionCookieConfig.getName().toLowerCase(Locale.ENGLISH)));
            } else if (sessionTrackingModes.contains(SessionTrackingMode.URL)) {
                sessionConfig = new PathParameterSessionConfig(sessionCookieConfig.getName().toLowerCase(Locale.ENGLISH));
            }
        }
    }
    SessionConfigWrapper wrapper = deploymentInfo.getSessionConfigWrapper();
    if (wrapper != null) {
        sessionConfig = wrapper.wrap(sessionConfig, deployment);
    }
    this.sessionConfig = sessionConfig;
}
 
Example 4
Project: apache-tomcat-7.0.73-with-comment   File: Request.java   View source code 6 votes vote down vote up
/**
 * Change the ID of the session that this request is associated with. There
 * are several things that may trigger an ID change. These include moving
 * between nodes in a cluster and session fixation prevention during the
 * authentication process.
 *
 * @param newSessionId   The session to change the session ID for
 */
public void changeSessionId(String newSessionId) {
    // This should only ever be called if there was an old session ID but
    // double check to be sure
    if (requestedSessionId != null && requestedSessionId.length() > 0) {
        requestedSessionId = newSessionId;
    }

    if (context != null && !context.getServletContext()
            .getEffectiveSessionTrackingModes().contains(
                    SessionTrackingMode.COOKIE)) {
        return;
    }

    if (response != null) {
        Cookie newCookie =
            ApplicationSessionCookieConfig.createSessionCookie(context,
                    newSessionId, secure);
        response.addSessionCookieInternal(newCookie);
    }
}
 
Example 5
Project: lazycat   File: Request.java   View source code 6 votes vote down vote up
/**
 * Change the ID of the session that this request is associated with. There
 * are several things that may trigger an ID change. These include moving
 * between nodes in a cluster and session fixation prevention during the
 * authentication process.
 *
 * @param newSessionId
 *            The session to change the session ID for
 */
public void changeSessionId(String newSessionId) {
	// This should only ever be called if there was an old session ID but
	// double check to be sure
	if (requestedSessionId != null && requestedSessionId.length() > 0) {
		requestedSessionId = newSessionId;
	}

	if (context != null && !context.getServletContext().getEffectiveSessionTrackingModes()
			.contains(SessionTrackingMode.COOKIE)) {
		return;
	}

	if (response != null) {
		Cookie newCookie = ApplicationSessionCookieConfig.createSessionCookie(context, newSessionId, secure);
		response.addSessionCookieInternal(newCookie);
	}
}
 
Example 6
Project: lazycat   File: ApplicationContext.java   View source code 6 votes vote down vote up
private void populateSessionTrackingModes() {
	// URL re-writing is always enabled by default
	defaultSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);
	supportedSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);

	if (context.getCookies()) {
		defaultSessionTrackingModes.add(SessionTrackingMode.COOKIE);
		supportedSessionTrackingModes.add(SessionTrackingMode.COOKIE);
	}

	// SSL not enabled by default as it can only used on its own
	// Context > Host > Engine > Service
	Service s = ((Engine) context.getParent().getParent()).getService();
	Connector[] connectors = s.findConnectors();
	// Need at least one SSL enabled connector to use the SSL session ID.
	for (Connector connector : connectors) {
		if (Boolean.TRUE.equals(connector.getAttribute("SSLEnabled"))) {
			supportedSessionTrackingModes.add(SessionTrackingMode.SSL);
			break;
		}
	}
}
 
Example 7
Project: camunda-bpm-spring-boot-starter   File: CamundaBpmWebappInitializer.java   View source code 6 votes vote down vote up
@Override
public void onStartup(ServletContext servletContext) throws ServletException {
  this.servletContext = servletContext;
  servletContext.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.COOKIE));
  servletContext.addListener(new WelcomeContainerBootstrap());
  servletContext.addListener(new CockpitContainerBootstrap());
  servletContext.addListener(new AdminContainerBootstrap());
  servletContext.addListener(new TasklistContainerBootstrap());

  registerFilter("Authentication Filter", AuthenticationFilter.class, "/*");

  registerFilter("Security Filter", LazySecurityFilter.class, singletonMap("configFile", properties.getWebapp().getSecurityConfigFile()), "/*");

  registerFilter("Engines Filter", LazyProcessEnginesFilter.class, "/app/*");
  registerFilter("CacheControlFilter", CacheControlFilter.class, "/api/*");

  registerServlet("Cockpit Api", CockpitApplication.class, "/api/cockpit/*");
  registerServlet("Admin Api", AdminApplication.class, "/api/admin/*");
  registerServlet("Tasklist Api", TasklistApplication.class, "/api/tasklist/*");
  registerServlet("Engine Api", EngineRestApplication.class, "/api/engine/*");
}
 
Example 8
Project: sitemonitoring-production   File: WebXmlCommon.java   View source code 6 votes vote down vote up
public static void initialize(ServletContext servletContext, boolean dev) throws ServletException {
	FacesInitializer facesInitializer = new FacesInitializer();

	servletContext.setInitParameter("primefaces.FONT_AWESOME", "true");
	servletContext.setInitParameter("javax.faces.FACELETS_SKIP_COMMENTS", "true");
	if (dev) {
		servletContext.setInitParameter("javax.faces.FACELETS_REFRESH_PERIOD", "0");
		servletContext.setInitParameter("javax.faces.PROJECT_STAGE", "Development");
	} else {
		servletContext.setInitParameter("javax.faces.FACELETS_REFRESH_PERIOD", "-1");
		servletContext.setInitParameter("javax.faces.PROJECT_STAGE", "Production");
	}
	servletContext.setSessionTrackingModes(ImmutableSet.of(SessionTrackingMode.COOKIE));

	Set<Class<?>> clazz = new HashSet<Class<?>>();
	clazz.add(WebXmlSpringBoot.class);
	facesInitializer.onStartup(clazz, servletContext);

	Dynamic startBrowserServlet = servletContext.addServlet("StartBrowserServlet", StartBrowserServlet.class);
	startBrowserServlet.setLoadOnStartup(2);
}
 
Example 9
Project: class-guard   File: Request.java   View source code 6 votes vote down vote up
/**
 * Change the ID of the session that this request is associated with. There
 * are several things that may trigger an ID change. These include moving
 * between nodes in a cluster and session fixation prevention during the
 * authentication process.
 *
 * @param newSessionId   The session to change the session ID for
 */
public void changeSessionId(String newSessionId) {
    // This should only ever be called if there was an old session ID but
    // double check to be sure
    if (requestedSessionId != null && requestedSessionId.length() > 0) {
        requestedSessionId = newSessionId;
    }

    if (context != null && !context.getServletContext()
            .getEffectiveSessionTrackingModes().contains(
                    SessionTrackingMode.COOKIE)) {
        return;
    }

    if (response != null) {
        Cookie newCookie =
            ApplicationSessionCookieConfig.createSessionCookie(context,
                    newSessionId, secure);
        response.addSessionCookieInternal(newCookie);
    }
}
 
Example 10
Project: class-guard   File: ApplicationContext.java   View source code 6 votes vote down vote up
private void populateSessionTrackingModes() {
    // URL re-writing is always enabled by default
    defaultSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);
    supportedSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);

    if (context.getCookies()) {
        defaultSessionTrackingModes.add(SessionTrackingMode.COOKIE);
        supportedSessionTrackingModes.add(SessionTrackingMode.COOKIE);
    }

    // SSL not enabled by default as it can only used on its own
    // Context > Host > Engine > Service
    Service s = ((Engine) context.getParent().getParent()).getService();
    Connector[] connectors = s.findConnectors();
    // Need at least one SSL enabled connector to use the SSL session ID.
    for (Connector connector : connectors) {
        if (Boolean.TRUE.equals(connector.getAttribute("SSLEnabled"))) {
            supportedSessionTrackingModes.add(SessionTrackingMode.SSL);
            break;
        }
    }
}
 
Example 11
Project: apache-tomcat-7.0.57   File: Request.java   View source code 6 votes vote down vote up
/**
 * Change the ID of the session that this request is associated with. There
 * are several things that may trigger an ID change. These include moving
 * between nodes in a cluster and session fixation prevention during the
 * authentication process.
 *
 * @param newSessionId   The session to change the session ID for
 */
public void changeSessionId(String newSessionId) {
    // This should only ever be called if there was an old session ID but
    // double check to be sure
    if (requestedSessionId != null && requestedSessionId.length() > 0) {
        requestedSessionId = newSessionId;
    }

    if (context != null && !context.getServletContext()
            .getEffectiveSessionTrackingModes().contains(
                    SessionTrackingMode.COOKIE)) {
        return;
    }

    if (response != null) {
        Cookie newCookie =
            ApplicationSessionCookieConfig.createSessionCookie(context,
                    newSessionId, secure);
        response.addSessionCookieInternal(newCookie);
    }
}
 
Example 12
Project: apache-tomcat-7.0.57   File: ApplicationContext.java   View source code 6 votes vote down vote up
private void populateSessionTrackingModes() {
    // URL re-writing is always enabled by default
    defaultSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);
    supportedSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);

    if (context.getCookies()) {
        defaultSessionTrackingModes.add(SessionTrackingMode.COOKIE);
        supportedSessionTrackingModes.add(SessionTrackingMode.COOKIE);
    }

    // SSL not enabled by default as it can only used on its own
    // Context > Host > Engine > Service
    Service s = ((Engine) context.getParent().getParent()).getService();
    Connector[] connectors = s.findConnectors();
    // Need at least one SSL enabled connector to use the SSL session ID.
    for (Connector connector : connectors) {
        if (Boolean.TRUE.equals(connector.getAttribute("SSLEnabled"))) {
            supportedSessionTrackingModes.add(SessionTrackingMode.SSL);
            break;
        }
    }
}
 
Example 13
Project: apache-tomcat-7.0.57   File: Request.java   View source code 6 votes vote down vote up
/**
 * Change the ID of the session that this request is associated with. There
 * are several things that may trigger an ID change. These include moving
 * between nodes in a cluster and session fixation prevention during the
 * authentication process.
 *
 * @param newSessionId   The session to change the session ID for
 */
public void changeSessionId(String newSessionId) {
    // This should only ever be called if there was an old session ID but
    // double check to be sure
    if (requestedSessionId != null && requestedSessionId.length() > 0) {
        requestedSessionId = newSessionId;
    }

    if (context != null && !context.getServletContext()
            .getEffectiveSessionTrackingModes().contains(
                    SessionTrackingMode.COOKIE)) {
        return;
    }

    if (response != null) {
        Cookie newCookie =
            ApplicationSessionCookieConfig.createSessionCookie(context,
                    newSessionId, secure);
        response.addSessionCookieInternal(newCookie);
    }
}
 
Example 14
Project: apache-tomcat-7.0.57   File: ApplicationContext.java   View source code 6 votes vote down vote up
private void populateSessionTrackingModes() {
    // URL re-writing is always enabled by default
    defaultSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);
    supportedSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);

    if (context.getCookies()) {
        defaultSessionTrackingModes.add(SessionTrackingMode.COOKIE);
        supportedSessionTrackingModes.add(SessionTrackingMode.COOKIE);
    }

    // SSL not enabled by default as it can only used on its own
    // Context > Host > Engine > Service
    Service s = ((Engine) context.getParent().getParent()).getService();
    Connector[] connectors = s.findConnectors();
    // Need at least one SSL enabled connector to use the SSL session ID.
    for (Connector connector : connectors) {
        if (Boolean.TRUE.equals(connector.getAttribute("SSLEnabled"))) {
            supportedSessionTrackingModes.add(SessionTrackingMode.SSL);
            break;
        }
    }
}
 
Example 15
Project: gocd   File: WebappSessionConfigIntegrationTest.java   View source code 6 votes vote down vote up
@Test
public void shouldSetSessionTrackingModeToCookieOnly() throws Exception {
    Server server = new Server(1234);
    WebAppContext webAppContext = new WebAppContext();
    webAppContext.setWar(webapp.getAbsolutePath());
    webAppContext.setContextPath("/");
    server.setHandler(webAppContext);
    try {
        server.start();
        Set<SessionTrackingMode> effectiveSessionTrackingModes = ((WebAppContext) server.getHandlers()[0]).getServletContext().getEffectiveSessionTrackingModes();
        assertThat(effectiveSessionTrackingModes.size(), is(1));
        assertThat(effectiveSessionTrackingModes.contains(SessionTrackingMode.COOKIE), is(true));
    } finally {
        server.stop();
    }
}
 
Example 16
Project: WBSAirback   File: Request.java   View source code 6 votes vote down vote up
/**
 * Change the ID of the session that this request is associated with. There
 * are several things that may trigger an ID change. These include moving
 * between nodes in a cluster and session fixation prevention during the
 * authentication process.
 * 
 * @param newSessionId   The session to change the session ID for
 */
public void changeSessionId(String newSessionId) {
    // This should only ever be called if there was an old session ID but
    // double check to be sure
    if (requestedSessionId != null && requestedSessionId.length() > 0) {
        requestedSessionId = newSessionId;
    }
    
    if (context != null && !context.getServletContext()
            .getEffectiveSessionTrackingModes().contains(
                    SessionTrackingMode.COOKIE))
        return;
    
    if (response != null) {
        Cookie newCookie =
            ApplicationSessionCookieConfig.createSessionCookie(context,
                    newSessionId, secure);
        response.addSessionCookieInternal(newCookie);
    }
}
 
Example 17
Project: WBSAirback   File: ApplicationContext.java   View source code 6 votes vote down vote up
private void populateSessionTrackingModes() {
    // URL re-writing is always enabled by default
    defaultSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL); 
    supportedSessionTrackingModes = EnumSet.of(SessionTrackingMode.URL);
    
    if (context.getCookies()) {
        defaultSessionTrackingModes.add(SessionTrackingMode.COOKIE);
        supportedSessionTrackingModes.add(SessionTrackingMode.COOKIE);
    }

    // SSL not enabled by default as it can only used on its own 
    // Context > Host > Engine > Service
    Service s = ((Engine) context.getParent().getParent()).getService();
    Connector[] connectors = s.findConnectors();
    // Need at least one SSL enabled connector to use the SSL session ID.
    for (Connector connector : connectors) {
        if (Boolean.TRUE.equals(connector.getAttribute("SSLEnabled"))) {
            supportedSessionTrackingModes.add(SessionTrackingMode.SSL);
            break;
        }
    } 
}
 
Example 18
Project: commafeed   File: SessionManagerFactory.java   View source code 6 votes vote down vote up
public SessionManager build() throws IOException {
	HashSessionManager manager = new HashSessionManager();
	manager.setSessionTrackingModes(ImmutableSet.of(SessionTrackingMode.COOKIE));
	manager.setHttpOnly(true);
	manager.getSessionCookieConfig().setHttpOnly(true);
	manager.setDeleteUnrestorableSessions(true);

	manager.setStoreDirectory(new File(getPath()));
	manager.getSessionCookieConfig().setMaxAge((int) cookieMaxAge.toSeconds());
	manager.setRefreshCookieAge((int) cookieRefreshAge.toSeconds());
	manager.setMaxInactiveInterval((int) maxInactiveInterval.toSeconds());
	manager.setIdleSavePeriod((int) idleSavePeriod.toSeconds());
	manager.setSavePeriod((int) savePeriod.toSeconds());
	manager.setScavengePeriod((int) scavengePeriod.toSeconds());
	return manager;
}
 
Example 19
Project: Spring-5.0-Cookbook   File: SpringWebInitializer.java   View source code 5 votes vote down vote up
private void addRootContext(ServletContext container) {
  // Create the application context
  AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
  rootContext.register(SpringContextConfig.class); 
	 
  // Register application context with ContextLoaderListener
  container.addListener(new ContextLoaderListener(rootContext));
  container.addListener(new AppSessionListener());
  container.setInitParameter("contextConfigLocation", "org.packt.secured.mvc.core");
  container.setSessionTrackingModes(EnumSet.of(SessionTrackingMode.COOKIE)); // if URL, enable sessionManagement URL rewriting   
}
 
Example 20
Project: Spring-5.0-Cookbook   File: SpringWebinitializer.java   View source code 5 votes vote down vote up
private void addRootContext(ServletContext container) {
  // Create the application context
  AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
  rootContext.register(SpringContextConfig.class); 
	 
  // Register application context with ContextLoaderListener
  container.addListener(new ContextLoaderListener(rootContext));
 container.setInitParameter("contextConfigLocation", "org.packt.web.reactor.security.config");
 container.setSessionTrackingModes(EnumSet.of(SessionTrackingMode.COOKIE)); // if URL, enable sessionManagement URL rewriting   
	 
}
 
Example 21
Project: Spring-5.0-Cookbook   File: SpringWebinitializer.java   View source code 5 votes vote down vote up
private void addRootContext(ServletContext container) {
  // Create the application context
  AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
  rootContext.register(SpringContextConfig.class); 
	 
  // Register application context with ContextLoaderListener
  container.addListener(new ContextLoaderListener(rootContext));
  container.addListener(new AppSessionListener());
  container.setInitParameter("contextConfigLocation", "org.packt.secured.mvc.core");
  container.setSessionTrackingModes(EnumSet.of(SessionTrackingMode.COOKIE)); // if URL, enable sessionManagement URL rewriting   
}
 
Example 22
Project: tomcat7   File: ApplicationContextFacade.java   View source code 5 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getDefaultSessionTrackingModes() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (Set<SessionTrackingMode>)
            doPrivileged("getDefaultSessionTrackingModes", null);
    } else {
        return context.getDefaultSessionTrackingModes();
    }
}
 
Example 23
Project: tomcat7   File: ApplicationContextFacade.java   View source code 5 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (Set<SessionTrackingMode>)
            doPrivileged("getEffectiveSessionTrackingModes", null);
    } else {
        return context.getEffectiveSessionTrackingModes();
    }
}
 
Example 24
Project: tomcat7   File: ApplicationContextFacade.java   View source code 5 votes vote down vote up
@Override
public void setSessionTrackingModes(
        Set<SessionTrackingMode> sessionTrackingModes) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        doPrivileged("setSessionTrackingModes",
                new Object[]{sessionTrackingModes});
    } else {
        context.setSessionTrackingModes(sessionTrackingModes);
    }
}
 
Example 25
Project: tomcat7   File: ApplicationContext.java   View source code 5 votes vote down vote up
/**
 * Return the supplied value if one was previously set, else return the
 * defaults.
 */
@Override
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
    if (sessionTrackingModes != null) {
        return sessionTrackingModes;
    }
    return defaultSessionTrackingModes;
}
 
Example 26
Project: tomcat7   File: ApplicationContext.java   View source code 5 votes vote down vote up
/**
 * @throws IllegalStateException if the context has already been initialised
 * @throws IllegalArgumentException If SSL is requested in combination with
 *                                  anything else or if an unsupported
 *                                  tracking mode is requested
 */
@Override
public void setSessionTrackingModes(
        Set<SessionTrackingMode> sessionTrackingModes) {

    if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
        throw new IllegalStateException(
                sm.getString("applicationContext.setSessionTracking.ise",
                        getContextPath()));
    }

    // Check that only supported tracking modes have been requested
    for (SessionTrackingMode sessionTrackingMode : sessionTrackingModes) {
        if (!supportedSessionTrackingModes.contains(sessionTrackingMode)) {
            throw new IllegalArgumentException(sm.getString(
                    "applicationContext.setSessionTracking.iae.invalid",
                    sessionTrackingMode.toString(), getContextPath()));
        }
    }

    // Check SSL has not be configured with anything else
    if (sessionTrackingModes.contains(SessionTrackingMode.SSL)) {
        if (sessionTrackingModes.size() > 1) {
            throw new IllegalArgumentException(sm.getString(
                    "applicationContext.setSessionTracking.iae.ssl",
                    getContextPath()));
        }
    }

    this.sessionTrackingModes = sessionTrackingModes;
}
 
Example 27
Project: tomcat7   File: TesterRequest.java   View source code 5 votes vote down vote up
public TesterRequest(boolean withSession) {
    context = new TesterContext();
    servletContext = new TesterServletContext();
    context.setServletContext(servletContext);
    if (withSession) {
        Set<SessionTrackingMode> modes = new HashSet<SessionTrackingMode>();
        modes.add(SessionTrackingMode.URL);
        modes.add(SessionTrackingMode.COOKIE);
        servletContext.setSessionTrackingModes(modes);
        session = new StandardSession(null);
        session.setId("1234", false);
        session.setValid(true);
    }
}
 
Example 28
Project: lams   File: ServletContextImpl.java   View source code 5 votes vote down vote up
@Override
public void setSessionTrackingModes(final Set<SessionTrackingMode> sessionTrackingModes) {
    ensureNotProgramaticListener();
    ensureNotInitialized();
    if (sessionTrackingModes.size() > 1 && sessionTrackingModes.contains(SessionTrackingMode.SSL)) {
        throw UndertowServletMessages.MESSAGES.sslCannotBeCombinedWithAnyOtherMethod();
    }
    this.sessionTrackingModes = new HashSet<>(sessionTrackingModes);
    //TODO: actually make this work
}
 
Example 29
Project: lams   File: HttpServletResponseImpl.java   View source code 5 votes vote down vote up
/**
 * Return <code>true</code> if the specified URL should be encoded with
 * a session identifier.  This will be true if all of the following
 * conditions are met:
 * <ul>
 * <li>The request we are responding to asked for a valid session
 * <li>The requested session ID was not received via a cookie
 * <li>The specified URL points back to somewhere within the web
 * application that is responding to this request
 * </ul>
 *
 * @param location Absolute URL to be validated
 */
private boolean isEncodeable(final String location) {

    if (location == null)
        return (false);

    // Is this an intra-document reference?
    if (location.startsWith("#"))
        return (false);

    // Are we in a valid session that is not using cookies?
    final HttpServletRequestImpl hreq = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getOriginalRequest();

    // Is URL encoding permitted
    if (!originalServletContext.getEffectiveSessionTrackingModes().contains(SessionTrackingMode.URL)) {
        return false;
    }

    final HttpSession session = hreq.getSession(false);
    if (session == null) {
        return false;
    } else if (!hreq.isRequestedSessionIdFromURL() && !session.isNew()) {
        return false;
    }

    return doIsEncodeable(hreq, session, location);
}
 
Example 30
Project: apache-tomcat-7.0.73-with-comment   File: ApplicationContextFacade.java   View source code 5 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getDefaultSessionTrackingModes() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (Set<SessionTrackingMode>)
            doPrivileged("getDefaultSessionTrackingModes", null);
    } else {
        return context.getDefaultSessionTrackingModes();
    }
}
 
Example 31
Project: apache-tomcat-7.0.73-with-comment   File: ApplicationContextFacade.java   View source code 5 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (Set<SessionTrackingMode>)
            doPrivileged("getEffectiveSessionTrackingModes", null);
    } else {
        return context.getEffectiveSessionTrackingModes();
    }
}
 
Example 32
Project: apache-tomcat-7.0.73-with-comment   File: ApplicationContextFacade.java   View source code 5 votes vote down vote up
@Override
public void setSessionTrackingModes(
        Set<SessionTrackingMode> sessionTrackingModes) {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        doPrivileged("setSessionTrackingModes",
                new Object[]{sessionTrackingModes});
    } else {
        context.setSessionTrackingModes(sessionTrackingModes);
    }
}
 
Example 33
Project: apache-tomcat-7.0.73-with-comment   File: TesterRequest.java   View source code 5 votes vote down vote up
public TesterRequest(boolean withSession) {
    context = new TesterContext();
    servletContext = new TesterServletContext();
    context.setServletContext(servletContext);
    if (withSession) {
        Set<SessionTrackingMode> modes = new HashSet<SessionTrackingMode>();
        modes.add(SessionTrackingMode.URL);
        modes.add(SessionTrackingMode.COOKIE);
        servletContext.setSessionTrackingModes(modes);
        session = new StandardSession(null);
        session.setId("1234", false);
        session.setValid(true);
    }
}
 
Example 34
Project: marathon-auth-plugin   File: ServletContextHandler.java   View source code 5 votes vote down vote up
@Override
public Set<SessionTrackingMode> getDefaultSessionTrackingModes()
{
    if (_sessionHandler!=null)
        return _sessionHandler.getSessionManager().getDefaultSessionTrackingModes();
    return null;
}
 
Example 35
Project: marathon-auth-plugin   File: ServletContextHandler.java   View source code 5 votes vote down vote up
@Override
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes()
{
    if (_sessionHandler!=null)
        return _sessionHandler.getSessionManager().getEffectiveSessionTrackingModes();
    return null;
}
 
Example 36
Project: marathon-auth-plugin   File: ServletContextHandler.java   View source code 5 votes vote down vote up
@Override
public void setSessionTrackingModes(Set<SessionTrackingMode> sessionTrackingModes)
{
    if (!isStarting())
        throw new IllegalStateException();
    if (!_enabled)
        throw new UnsupportedOperationException();


    if (_sessionHandler!=null)
        _sessionHandler.getSessionManager().setSessionTrackingModes(sessionTrackingModes);
}
 
Example 37
Project: lazycat   File: Response.java   View source code 5 votes vote down vote up
/**
 * Return <code>true</code> if the specified URL should be encoded with a
 * session identifier. This will be true if all of the following conditions
 * are met:
 * <ul>
 * <li>The request we are responding to asked for a valid session
 * <li>The requested session ID was not received via a cookie
 * <li>The specified URL points back to somewhere within the web application
 * that is responding to this request
 * </ul>
 *
 * @param location
 *            Absolute URL to be validated
 */
protected boolean isEncodeable(final String location) {

	if (location == null) {
		return (false);
	}

	// Is this an intra-document reference?
	if (location.startsWith("#")) {
		return (false);
	}

	// Are we in a valid session that is not using cookies?
	final Request hreq = request;
	final Session session = hreq.getSessionInternal(false);
	if (session == null) {
		return (false);
	}
	if (hreq.isRequestedSessionIdFromCookie()) {
		return (false);
	}

	// Is URL encoding permitted
	if (!hreq.getServletContext().getEffectiveSessionTrackingModes().contains(SessionTrackingMode.URL)) {
		return false;
	}

	if (SecurityUtil.isPackageProtectionEnabled()) {
		return (AccessController.doPrivileged(new PrivilegedAction<Boolean>() {

			@Override
			public Boolean run() {
				return Boolean.valueOf(doIsEncodeable(hreq, session, location));
			}
		})).booleanValue();
	} else {
		return doIsEncodeable(hreq, session, location);
	}
}
 
Example 38
Project: lazycat   File: ApplicationContextFacade.java   View source code 5 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getDefaultSessionTrackingModes() {
	if (SecurityUtil.isPackageProtectionEnabled()) {
		return (Set<SessionTrackingMode>) doPrivileged("getDefaultSessionTrackingModes", null);
	} else {
		return context.getDefaultSessionTrackingModes();
	}
}
 
Example 39
Project: lazycat   File: ApplicationContextFacade.java   View source code 5 votes vote down vote up
@Override
@SuppressWarnings("unchecked") // doPrivileged() returns the correct type
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes() {
	if (SecurityUtil.isPackageProtectionEnabled()) {
		return (Set<SessionTrackingMode>) doPrivileged("getEffectiveSessionTrackingModes", null);
	} else {
		return context.getEffectiveSessionTrackingModes();
	}
}
 
Example 40
Project: lazycat   File: ApplicationContextFacade.java   View source code 5 votes vote down vote up
@Override
public void setSessionTrackingModes(Set<SessionTrackingMode> sessionTrackingModes) {
	if (SecurityUtil.isPackageProtectionEnabled()) {
		doPrivileged("setSessionTrackingModes", new Object[] { sessionTrackingModes });
	} else {
		context.setSessionTrackingModes(sessionTrackingModes);
	}
}