Java Code Examples for javax.servlet.http.HttpServletRequest.getRequestedSessionId()

The following are Jave code examples for showing how to use getRequestedSessionId() of the javax.servlet.http.HttpServletRequest class. You can vote up the examples you like. Your votes will be used in our system to get more good examples.
+ Save this method
Example 1
Project: Android_Code_Arbiter   File: BasicServlet.java   View Source Code Vote up 7 votes
@Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        useParameters(req);

        resp.getWriter().print("<!--" + req.getContentType() + "-->");
        resp.getWriter().print("<h1>Welcome to " + req.getServerName());

        String sqlQuery = "UPDATE sessions(last_visit) VALUES(now()) WHERE where sid = '" + req.getRequestedSessionId() + "')";
        resp.getWriter().print("<!--" + req.getQueryString() + "-->");

        String referrer = req.getHeader("Referer"); //Should have a higher priority
        if (referrer != null && referrer.startsWith("http://company.ca")) {
            req.getHeader("Host");
            req.getHeader("User-Agent");
            req.getHeader("X-Requested-With");
//            req.getHeader("X-Forwarded-For");
//            req.getHeader("X-ATT-DeviceId");
//            req.getHeader("X-Wap-Profile");
        }
    }
 
Example 2
Project: tomcat7   File: TestCoyoteAdapter.java   View Source Code Vote up 5 votes
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
        throws ServletException, IOException {
    resp.setContentType("text/plain");
    PrintWriter pw = resp.getWriter();
    String sessionId = req.getRequestedSessionId();
    if (sessionId == null) {
        sessionId = "none";
    }
    pw.write(sessionId);
}
 
Example 3
Project: lams   File: IncludeTag.java   View Source Code Vote up 5 votes
/**
 *  Add a session id cookie if appropriate. Can be overloaded to
 *  support a cluster.
 * @param conn
 * @param urlString
 * @param request
 * @since Struts 1.2.0
 */
protected void addCookie(URLConnection conn, String urlString, HttpServletRequest request) {
    if ((conn instanceof HttpURLConnection)
        && urlString.startsWith(request.getContextPath())
        && (request.getRequestedSessionId() != null)
        && request.isRequestedSessionIdFromCookie()) {
        StringBuffer sb = new StringBuffer("JSESSIONID=");
        sb.append(request.getRequestedSessionId());
        conn.setRequestProperty("Cookie", sb.toString());
    }
}
 
Example 4
Project: parabuild-ci   File: Batch.java   View Source Code Vote up 5 votes
/**
 * Check that this request is not subject to a CSRF attack
 * @param request The original browser's request
 * @param sessionCookieName "JSESSIONID" unless it has been overridden
 */
private void checkNotCsrfAttack(HttpServletRequest request, String sessionCookieName)
{
    // A check to see that this isn't a csrf attack
    // http://en.wikipedia.org/wiki/Cross-site_request_forgery
    // http://www.tux.org/~peterw/csrf.txt
    if (request.isRequestedSessionIdValid() && request.isRequestedSessionIdFromCookie())
    {
        String headerSessionId = request.getRequestedSessionId();
        if (headerSessionId.length() > 0)
        {
            String bodySessionId = getHttpSessionId();

            // Normal case; if same session cookie is supplied by DWR and
            // in HTTP header then all is ok
            if (headerSessionId.equals(bodySessionId))
            {
                return;
            }

            // Weblogic adds creation time to the end of the incoming
            // session cookie string (even for request.getRequestedSessionId()).
            // Use the raw cookie instead
            Cookie[] cookies = request.getCookies();
            for (int i = 0; i < cookies.length; i++)
            {
                Cookie cookie = cookies[i];
                if (cookie.getName().equals(sessionCookieName) &&
                        cookie.getValue().equals(bodySessionId))
                {
                    return;
                }
            }

            // Otherwise error
            log.error("A request has been denied as a potential CSRF attack.");
            throw new SecurityException("Session Error");
        }
    }
}
 
Example 5
Project: apache-tomcat-7.0.73-with-comment   File: TestCoyoteAdapter.java   View Source Code Vote up 5 votes
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
        throws ServletException, IOException {
    resp.setContentType("text/plain");
    PrintWriter pw = resp.getWriter();
    String sessionId = req.getRequestedSessionId();
    if (sessionId == null) {
        sessionId = "none";
    }
    pw.write(sessionId);
}
 
Example 6
Project: Spring-web-shop-project   File: Login.java   View Source Code Vote up 5 votes
@RequestMapping(value = "login", method = RequestMethod.GET)
public String loginSite(HttpServletRequest request, HttpServletResponse response) {
    if (request.getRequestedSessionId() != null) {
        if (rememberMeService.autoLogin(request, response) != null)
            return "userAccount/userAccount";
    }
    return "loginAndRegistration/login";
}
 
Example 7
Project: Spring-web-shop-project   File: Shop.java   View Source Code Vote up 5 votes
@RequestMapping(value = "", method = RequestMethod.GET)
public String start(HttpServletRequest request, HttpServletResponse response, Model model) {

    if (request.getRequestedSessionId() != null)
        rememberMeService.autoLogin(request, response);

    if (!(SecurityContextHolder.getContext().getAuthentication().getName().equals("anonymousUser")))
        model.addAttribute("logged", true);
    else
        model.addAttribute("logged", false);

    Iterable<Category> categories = categoriesService.findAll();
    model.addAttribute("categories", categories);
    return "shopStartPage";
}
 
Example 8
Project: springboot_op   File: LoggerInterceptor.java   View Source Code Vote up 4 votes
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
		throws Exception {
    //创建日志实体
       LoggerEntity loggerEntity = new LoggerEntity();
       
       //获取请求sessionId
       String sessionId = request.getRequestedSessionId();
       //设置sessionId
       loggerEntity.setSessionId(sessionId);
       
       //设置请求方法
       String method = request.getMethod();
       loggerEntity.setMethod(method);
       
       //设置访问协议
       String protocol = request.getProtocol();
       loggerEntity.setProtocol(protocol);
       
       //请求路径
       String url = request.getRequestURI();
       //设置请求地址
       loggerEntity.setUrl(url);
       
       //获取请求参数信息
       String paramData = JSON.toJSONString(request.getParameterMap(),
               SerializerFeature.DisableCircularReferenceDetect,
               SerializerFeature.WriteMapNullValue);
       //设置请求参数内容json字符串
       loggerEntity.setParamData(paramData);
       
       //设置客户端ip
       loggerEntity.setClientIp(LoggerUtils.getCliectIp(request));
       
       long requestTime = System.currentTimeMillis();
       loggerEntity.setTime(new Timestamp(requestTime));
       
       //设置请求开始时间
       request.setAttribute(LOGGER_SEND_TIME, requestTime);
       request.setAttribute(LOGGER_ENTITY, loggerEntity);
	return true;
}
 
Example 9
Project: jerrydog   File: StandardHostValve.java   View Source Code Vote up 4 votes
/**
 * Select the appropriate child Context to process this request,
 * based on the specified request URI.  If no matching Context can
 * be found, return an appropriate HTTP error.
 *
 * @param request Request to be processed
 * @param response Response to be produced
 * @param valveContext Valve context used to forward to the next Valve
 *
 * @exception IOException if an input/output error occurred
 * @exception ServletException if a servlet error occurred
 */
public void invoke(Request request, Response response,
                   ValveContext valveContext)
    throws IOException, ServletException {

    // Validate the request and response object types
    if (!(request.getRequest() instanceof HttpServletRequest) ||
        !(response.getResponse() instanceof HttpServletResponse)) {
        return;     // NOTE - Not much else we can do generically
    }

    // Select the Context to be used for this Request
    StandardHost host = (StandardHost) getContainer();
    Context context = (Context) host.map(request, true);
    if (context == null) {
        ((HttpServletResponse) response.getResponse()).sendError
            (HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
             sm.getString("standardHost.noContext"));
        return;
    }

    // Bind the context CL to the current thread
    Thread.currentThread().setContextClassLoader
        (context.getLoader().getClassLoader());

    // Update the session last access time for our session (if any)
    HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
    String sessionId = hreq.getRequestedSessionId();
    if (sessionId != null) {
        Manager manager = context.getManager();
        if (manager != null) {
            Session session = manager.findSession(sessionId);
            if ((session != null) && session.isValid())
                session.access();
        }
    }

    // Ask this Context to process this request
    context.invoke(request, response);

}
 
Example 10
Project: ontology_setting   File: LoggerInterceptor.java   View Source Code Vote up 4 votes
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
		throws Exception {
    //创建日志实体
       LoggerEntity loggerEntity = new LoggerEntity();
       
       //获取请求sessionId
       String sessionId = request.getRequestedSessionId();
       //设置sessionId
       loggerEntity.setSessionId(sessionId);
       
       //设置请求方法
       String method = request.getMethod();
       loggerEntity.setMethod(method);
       
       //设置访问协议
       String protocol = request.getProtocol();
       loggerEntity.setProtocol(protocol);
       
       //请求路径
       String url = request.getRequestURI();
       //设置请求地址
       loggerEntity.setUrl(url);
       
       //获取请求参数信息
       String paramData = JSON.toJSONString(request.getParameterMap(),
               SerializerFeature.DisableCircularReferenceDetect,
               SerializerFeature.WriteMapNullValue);
       //设置请求参数内容json字符串
       loggerEntity.setParamData(paramData);
       
       //设置客户端ip
       loggerEntity.setClientIp(LoggerUtils.getCliectIp(request));
       
       long requestTime = System.currentTimeMillis();
       loggerEntity.setTime(new Timestamp(requestTime));
       
       //设置请求开始时间
       request.setAttribute(LOGGER_SEND_TIME, requestTime);
       request.setAttribute(LOGGER_ENTITY, loggerEntity);
	return true;
}