Java Code Examples for javax.servlet.http.HttpServletResponse#addCookie()
The following examples show how to use
javax.servlet.http.HttpServletResponse#addCookie() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: CookieGenerator.java From spring-analysis-note with MIT License | 6 votes |
|
/**
* Add a cookie with the given value to the response,
* using the cookie descriptor settings of this generator.
* <p>Delegates to {@link #createCookie} for cookie creation.
* @param response the HTTP response to add the cookie to
* @param cookieValue the value of the cookie to add
* @see #setCookieName
* @see #setCookieDomain
* @see #setCookiePath
* @see #setCookieMaxAge
*/
public void addCookie(HttpServletResponse response, String cookieValue) {
Assert.notNull(response, "HttpServletResponse must not be null");
Cookie cookie = createCookie(cookieValue);
Integer maxAge = getCookieMaxAge();
if (maxAge != null) {
cookie.setMaxAge(maxAge);
}
if (isCookieSecure()) {
cookie.setSecure(true);
}
if (isCookieHttpOnly()) {
cookie.setHttpOnly(true);
}
response.addCookie(cookie);
if (logger.isTraceEnabled()) {
logger.trace("Added cookie [" + getCookieName() + "=" + cookieValue + "]");
}
}
Example 2
| Source File: LoginInterceptor.java From Spring-5.0-Cookbook with MIT License | 5 votes |
|
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
System.out.println("INFO LOG ...... Beginning login transaction.....");
Long startLog = System.currentTimeMillis();
Cookie startTime = new Cookie("startLog",startLog.toString());
response.addCookie(startTime);
System.out.println("INFO LOG ...... Done Computing Start Time.....");
return true;
}
Example 3
| Source File: Servlets.java From howsun-javaee-framework with Apache License 2.0 | 5 votes |
|
/**
*
* @param response
* @param name
* @param value
* @param domain
* @param expiry 有效期(秒)
* @param uri
*/
public static void setCookieValue(HttpServletResponse response, String name, String value, String domain, Integer expiry, String uri){
Cookie cookie = new Cookie(name, value);
if(domain != null){
cookie.setDomain(domain);
}
if(expiry != null){
cookie.setMaxAge(expiry);
}
if(uri != null){
cookie.setPath(uri);
}
response.addCookie(cookie);
}
Example 4
| Source File: BenchmarkTest00970.java From Benchmark with GNU General Public License v2.0 | 5 votes |
|
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
javax.servlet.http.Cookie userCookie = new javax.servlet.http.Cookie("BenchmarkTest00970", "ECHOOO");
userCookie.setMaxAge(60*3); //Store cookie for 3 minutes
userCookie.setSecure(true);
userCookie.setPath(request.getRequestURI());
response.addCookie(userCookie);
javax.servlet.RequestDispatcher rd = request.getRequestDispatcher("/cmdi-01/BenchmarkTest00970.html");
rd.include(request, response);
}
Example 5
| Source File: LoginController.java From gpmall with Apache License 2.0 | 5 votes |
|
@GetMapping("/loginOut")
public ResponseData loginOut(HttpServletRequest request,HttpServletResponse response){
Cookie[] cookies = request.getCookies();
if (null!=cookies) {
for(Cookie cookie : cookies){
if(cookie.getName().equals(TokenIntercepter.ACCESS_TOKEN)){
cookie.setValue(null);
cookie.setMaxAge(0);// 立即销毁cookie
cookie.setPath("/");
response.addCookie(cookie); //覆盖原来的token
}
}
}
return new ResponseUtil().setData(null);
}
Example 6
| Source File: SessionUtil.java From two-token-sw with Apache License 2.0 | 5 votes |
|
public static void setSessionCookie(HttpServletResponse response, String cookieName,
String domain, String cookieValue, int maxAge) {
Cookie cookie = new Cookie(cookieName, cookieValue);
cookie.setDomain(domain);
maxAge = maxAge > 0 ? maxAge : 0;
cookie.setMaxAge(maxAge);
cookie.setPath("/");
response.addCookie(cookie);
}
Example 7
| Source File: BenchmarkTest00091.java From Benchmark with GNU General Public License v2.0 | 5 votes |
|
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
javax.servlet.http.Cookie userCookie = new javax.servlet.http.Cookie("BenchmarkTest00091", "FOO%3Decho+Injection");
userCookie.setMaxAge(60*3); //Store cookie for 3 minutes
userCookie.setSecure(true);
userCookie.setPath(request.getRequestURI());
response.addCookie(userCookie);
javax.servlet.RequestDispatcher rd = request.getRequestDispatcher("/cmdi-00/BenchmarkTest00091.html");
rd.include(request, response);
}
Example 8
| Source File: CookieUtil.java From xxl-sso with GNU General Public License v3.0 | 5 votes |
|
/**
* 保存
*
* @param response
* @param key
* @param value
* @param maxAge
*/
private static void set(HttpServletResponse response, String key, String value, String domain, String path, int maxAge, boolean isHttpOnly) {
Cookie cookie = new Cookie(key, value);
if (domain != null) {
cookie.setDomain(domain);
}
cookie.setPath(path);
cookie.setMaxAge(maxAge);
cookie.setHttpOnly(isHttpOnly);
response.addCookie(cookie);
}
Example 9
| Source File: BenchmarkTest01829.java From Benchmark with GNU General Public License v2.0 | 5 votes |
|
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
javax.servlet.http.Cookie userCookie = new javax.servlet.http.Cookie("BenchmarkTest01829", "someSecret");
userCookie.setMaxAge(60*3); //Store cookie for 3 minutes
userCookie.setSecure(true);
userCookie.setPath(request.getRequestURI());
response.addCookie(userCookie);
javax.servlet.RequestDispatcher rd = request.getRequestDispatcher("/crypto-02/BenchmarkTest01829.html");
rd.include(request, response);
}
Example 10
| Source File: BenchmarkTest01849.java From Benchmark with GNU General Public License v2.0 | 5 votes |
|
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
javax.servlet.http.Cookie userCookie = new javax.servlet.http.Cookie("BenchmarkTest01849", "someSecret");
userCookie.setMaxAge(60*3); //Store cookie for 3 minutes
userCookie.setSecure(true);
userCookie.setPath(request.getRequestURI());
response.addCookie(userCookie);
javax.servlet.RequestDispatcher rd = request.getRequestDispatcher("/hash-02/BenchmarkTest01849.html");
rd.include(request, response);
}
Example 11
| Source File: BenchmarkTest00661.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request );
String param = scr.getTheParameter("BenchmarkTest00661");
if (param == null) param = "";
String bar = param;
try {
java.security.SecureRandom secureRandomGenerator = java.security.SecureRandom.getInstance("SHA1PRNG");
// Get 40 random bytes
byte[] randomBytes = new byte[40];
secureRandomGenerator.nextBytes(randomBytes);
String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(randomBytes, true);
String user = "SafeByron";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextBytes() - TestCase");
throw new ServletException(e);
} finally {
response.getWriter().println(
"Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed"
);
}
}
Example 12
| Source File: LoginUser.java From live-chat-engine with Apache License 2.0 | 4 votes |
|
public void addNeedCaptchaCookie(HttpServletResponse resp) {
resp.addCookie(cookie(NEED_CAPTCHA_COOKIE_NAME, "1", false, INVALID_LOGINS_CACHE_LIVETIME_SEC));
}
Example 13
| Source File: BenchmarkTest00819.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String queryString = request.getQueryString();
String paramval = "BenchmarkTest00819"+"=";
int paramLoc = -1;
if (queryString != null) paramLoc = queryString.indexOf(paramval);
if (paramLoc == -1) {
response.getWriter().println("getQueryString() couldn't find expected parameter '" + "BenchmarkTest00819" + "' in query string.");
return;
}
String param = queryString.substring(paramLoc + paramval.length()); // 1st assume "BenchmarkTest00819" param is last parameter in query string.
// And then check to see if its in the middle of the query string and if so, trim off what comes after.
int ampersandLoc = queryString.indexOf("&", paramLoc);
if (ampersandLoc != -1) {
param = queryString.substring(paramLoc + paramval.length(), ampersandLoc);
}
param = java.net.URLDecoder.decode(param, "UTF-8");
String bar;
// Simple ? condition that assigns param to bar on false condition
int num = 106;
bar = (7*42) - num > 200 ? "This should never happen" : param;
long l = new java.util.Random().nextLong();
String rememberMeKey = Long.toString(l);
String user = "Logan";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
response.getWriter().println(
"Weak Randomness Test java.util.Random.nextLong() executed"
);
}
Example 14
| Source File: BenchmarkTest00913.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request );
String param = scr.getTheValue("BenchmarkTest00913");
String bar;
String guess = "ABC";
char switchTarget = guess.charAt(1); // condition 'B', which is safe
// Simple case statement that assigns param to bar on conditions 'A', 'C', or 'D'
switch (switchTarget) {
case 'A':
bar = param;
break;
case 'B':
bar = "bob";
break;
case 'C':
case 'D':
bar = param;
break;
default:
bar = "bob's your uncle";
break;
}
try {
java.security.SecureRandom secureRandomGenerator = java.security.SecureRandom.getInstance("SHA1PRNG");
// Get 40 random bytes
byte[] randomBytes = new byte[40];
secureRandomGenerator.nextBytes(randomBytes);
String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(randomBytes, true);
String user = "SafeByron";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextBytes() - TestCase");
throw new ServletException(e);
} finally {
response.getWriter().println(
"Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed"
);
}
}
Example 15
| Source File: BenchmarkTest02075.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String param = "";
java.util.Enumeration<String> headers = request.getHeaders("BenchmarkTest02075");
if (headers != null && headers.hasMoreElements()) {
param = headers.nextElement(); // just grab first element
}
// URL Decode the header value since req.getHeaders() doesn't. Unlike req.getParameters().
param = java.net.URLDecoder.decode(param, "UTF-8");
String bar = doSomething(request, param);
try {
java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG");
double rand = getNextNumber(numGen);
String rememberMeKey = Double.toString(rand).substring(2); // Trim off the 0. at the front.
String user = "SafeDonatella";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextDouble() - TestCase");
throw new ServletException(e);
}
response.getWriter().println(
"Weak Randomness Test java.security.SecureRandom.nextDouble() executed"
);
}
Example 16
| Source File: BenchmarkTest01070.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String param = "";
if (request.getHeader("BenchmarkTest01070") != null) {
param = request.getHeader("BenchmarkTest01070");
}
// URL Decode the header value since req.getHeader() doesn't. Unlike req.getParameter().
param = java.net.URLDecoder.decode(param, "UTF-8");
String bar = new Test().doSomething(request, param);
try {
java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG");
// Get 40 random bytes
byte[] randomBytes = new byte[40];
getNextNumber(numGen, randomBytes);
String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(randomBytes, true);
String user = "SafeBystander";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextBytes() - TestCase");
throw new ServletException(e);
} finally {
response.getWriter().println(
"Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed"
);
}
}
Example 17
| Source File: BenchmarkTest00916.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request );
String param = scr.getTheValue("BenchmarkTest00916");
String bar = param;
if (param != null && param.length() > 1) {
bar = param.substring(0,param.length()-1);
}
try {
double rand = java.security.SecureRandom.getInstance("SHA1PRNG").nextDouble();
String rememberMeKey = Double.toString(rand).substring(2); // Trim off the 0. at the front.
String user = "SafeDonna";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextDouble() - TestCase");
throw new ServletException(e);
}
response.getWriter().println(
"Weak Randomness Test java.security.SecureRandom.nextDouble() executed"
);
}
Example 18
| Source File: BenchmarkTest02720.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request );
String param = scr.getTheValue("BenchmarkTest02720");
String bar = doSomething(request, param);
try {
long l = java.security.SecureRandom.getInstance("SHA1PRNG").nextLong();
String rememberMeKey = Long.toString(l);
String user = "SafeLogan";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextLong() - TestCase");
throw new ServletException(e);
}
response.getWriter().println(
"Weak Randomness Test java.security.SecureRandom.nextLong() executed"
);
}
Example 19
| Source File: BenchmarkTest00502.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
java.util.Map<String,String[]> map = request.getParameterMap();
String param = "";
if (!map.isEmpty()) {
String[] values = map.get("BenchmarkTest00502");
if (values != null) param = values[0];
}
org.owasp.benchmark.helpers.ThingInterface thing = org.owasp.benchmark.helpers.ThingFactory.createThing();
String bar = thing.doSomething(param);
try {
java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG");
// Get 40 random bytes
byte[] randomBytes = new byte[40];
getNextNumber(numGen, randomBytes);
String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(randomBytes, true);
String user = "SafeBystander";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextBytes() - TestCase");
throw new ServletException(e);
} finally {
response.getWriter().println(
"Randomness Test java.security.SecureRandom.nextBytes(byte[]) executed"
);
}
}
Example 20
| Source File: CookieUtils.java From DWSurvey with GNU Affero General Public License v3.0 | 3 votes |
|
/**
* 设置cookie
*
* @param response
* @param name
* cookie名字
* @param value
* cookie值
* @param maxAge
* cookie生命周期 以秒为单位
*/
public static void addCookie(HttpServletResponse response, String name,
String value, int maxAge) {
Cookie cookie = new Cookie(name, value);
cookie.setPath("/");
if (maxAge > 0)
cookie.setMaxAge(maxAge);
response.addCookie(cookie);
}
