Java Code Examples for javax.servlet.SessionCookieConfig#setHttpOnly()

The following examples show how to use javax.servlet.SessionCookieConfig#setHttpOnly() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AppLauncher.java    From VulnerableJavaWebApplication with MIT License 5 votes vote down vote up
@SuppressWarnings("deprecation")
@Bean
public ServletContextInitializer servletContextInitializer() {
	return new ServletContextInitializer() {
		@Override
		public void onStartup(ServletContext servletContext) throws ServletException {
			servletContext.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.COOKIE));
			SessionCookieConfig sessionCookieConfig = servletContext.getSessionCookieConfig();
			sessionCookieConfig.setHttpOnly(true);
		}
	};

}
 
Example 2
Source File: SpringBootInitializer.java    From alf.io with GNU General Public License v3.0 5 votes vote down vote up
@Bean
public ServletContextInitializer servletContextInitializer() {
    return servletContext -> {
        WebApplicationContext ctx = getRequiredWebApplicationContext(servletContext);
        ConfigurableEnvironment environment = ctx.getBean(ConfigurableEnvironment.class);
        SessionCookieConfig config = servletContext.getSessionCookieConfig();
        config.setHttpOnly(true);
        config.setSecure(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)));
        // force log initialization, then disable it
        XRLog.setLevel(XRLog.EXCEPTION, Level.WARNING);
        XRLog.setLoggingEnabled(false);
    };
}
 
Example 3
Source File: Initializer.java    From alf.io with GNU General Public License v3.0 5 votes vote down vote up
private void configureSessionCookie(ServletContext servletContext) {
    SessionCookieConfig config = servletContext.getSessionCookieConfig();

    config.setHttpOnly(true);
    
    Validate.notNull(environment, "environment cannot be null!");
    // set secure cookie only if current environment doesn't strictly need HTTP
    config.setSecure(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)));

    // https://issues.jboss.org/browse/WFLY-3448 ?
    config.setPath(servletContext.getContextPath() + "/");
}
 
Example 4
Source File: SeedServletContainerInitializer.java    From seed with Mozilla Public License 2.0 5 votes vote down vote up
private void copyConfig(WebConfig.SessionsConfig.CookieConfig src, SessionCookieConfig dest) {
    Optional.ofNullable(src.getComment()).ifPresent(dest::setComment);
    Optional.ofNullable(src.getDomain()).ifPresent(dest::setDomain);
    Optional.ofNullable(src.getName()).ifPresent(dest::setName);
    Optional.ofNullable(src.getPath()).ifPresent(dest::setPath);
    dest.setHttpOnly(src.isHttpOnly());
    dest.setSecure(src.isSecure());
    dest.setMaxAge(src.getMaxAge());
}
 
Example 5
Source File: Jetty9Server.java    From gocd with Apache License 2.0 5 votes vote down vote up
@Override
public void setSessionConfig() {
    SessionHandler sessionHandler = webAppContext.getSessionHandler();
    SessionCookieConfig sessionCookieConfig = sessionHandler.getSessionCookieConfig();
    sessionCookieConfig.setHttpOnly(true);
    sessionCookieConfig.setSecure(systemEnvironment.isSessionCookieSecure());
    sessionCookieConfig.setMaxAge(systemEnvironment.sessionCookieMaxAgeInSeconds());
    sessionHandler.setMaxInactiveInterval(systemEnvironment.sessionTimeoutInSeconds());
}