Java Code Examples for javax.servlet.http.Cookie#isHttpOnly()

The following examples show how to use javax.servlet.http.Cookie#isHttpOnly() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: Response.java    From onedev with MIT License 6 votes vote down vote up
@Override
public void addCookie(Cookie cookie)
{
    if (StringUtil.isBlank(cookie.getName()))
        throw new IllegalArgumentException("Cookie.name cannot be blank/null");

    String comment = cookie.getComment();
    // HttpOnly was supported as a comment in cookie flags before the java.net.HttpCookie implementation so need to check that
    boolean httpOnly = cookie.isHttpOnly() || HttpCookie.isHttpOnlyInComment(comment);
    SameSite sameSite = HttpCookie.getSameSiteFromComment(comment);
    comment = HttpCookie.getCommentWithoutAttributes(comment);

    addCookie(new HttpCookie(
        cookie.getName(),
        cookie.getValue(),
        cookie.getDomain(),
        cookie.getPath(),
        (long)cookie.getMaxAge(),
        httpOnly,
        cookie.getSecure(),
        comment,
        cookie.getVersion(),
        sameSite));
}
 
Example 2
Source File: DefaultWebApplicationResponse.java    From piranha with BSD 3-Clause "New" or "Revised" License 6 votes vote down vote up
/**
 * Write out a cookie.
 *
 * @param cookie the cookie.
 * @throws IOException when an I/O error occurs.
 */
private void writeCookie(Cookie cookie) throws IOException {
    outputStream.write("Set-Cookie: ".getBytes());
    outputStream.write(cookie.getName().getBytes());
    outputStream.write("=".getBytes());
    if (cookie.getValue() != null) {
        outputStream.write(cookie.getValue().getBytes());
    }

    if (cookie.getSecure()) {
        outputStream.write("; Secure".getBytes());
    }

    if (cookie.isHttpOnly()) {
        outputStream.write("; HttpOnly".getBytes());
    }

    if (cookie.getPath() != null) {
        outputStream.write(("; Path=" + cookie.getPath()).getBytes());
    }

    outputStream.write("\n".getBytes());
}
 
Example 3
Source File: MockHttpServletResponse.java    From spring-analysis-note with MIT License 5 votes vote down vote up
private String getCookieHeader(Cookie cookie) {
	StringBuilder buf = new StringBuilder();
	buf.append(cookie.getName()).append('=').append(cookie.getValue() == null ? "" : cookie.getValue());
	if (StringUtils.hasText(cookie.getPath())) {
		buf.append("; Path=").append(cookie.getPath());
	}
	if (StringUtils.hasText(cookie.getDomain())) {
		buf.append("; Domain=").append(cookie.getDomain());
	}
	int maxAge = cookie.getMaxAge();
	if (maxAge >= 0) {
		buf.append("; Max-Age=").append(maxAge);
		buf.append("; Expires=");
		HttpHeaders headers = new HttpHeaders();
		headers.setExpires(maxAge > 0 ? System.currentTimeMillis() + 1000L * maxAge : 0);
		buf.append(headers.getFirst(HttpHeaders.EXPIRES));
	}

	if (cookie.getSecure()) {
		buf.append("; Secure");
	}
	if (cookie.isHttpOnly()) {
		buf.append("; HttpOnly");
	}
	if (cookie instanceof MockCookie) {
		MockCookie mockCookie = (MockCookie) cookie;
		if (StringUtils.hasText(mockCookie.getSameSite())) {
			buf.append("; SameSite=").append(mockCookie.getSameSite());
		}
	}
	return buf.toString();
}
 
Example 4
Source File: MockHttpServletResponse.java    From spring-analysis-note with MIT License 5 votes vote down vote up
private String getCookieHeader(Cookie cookie) {
	StringBuilder buf = new StringBuilder();
	buf.append(cookie.getName()).append('=').append(cookie.getValue() == null ? "" : cookie.getValue());
	if (StringUtils.hasText(cookie.getPath())) {
		buf.append("; Path=").append(cookie.getPath());
	}
	if (StringUtils.hasText(cookie.getDomain())) {
		buf.append("; Domain=").append(cookie.getDomain());
	}
	int maxAge = cookie.getMaxAge();
	if (maxAge >= 0) {
		buf.append("; Max-Age=").append(maxAge);
		buf.append("; Expires=");
		HttpHeaders headers = new HttpHeaders();
		headers.setExpires(maxAge > 0 ? System.currentTimeMillis() + 1000L * maxAge : 0);
		buf.append(headers.getFirst(HttpHeaders.EXPIRES));
	}

	if (cookie.getSecure()) {
		buf.append("; Secure");
	}
	if (cookie.isHttpOnly()) {
		buf.append("; HttpOnly");
	}
	if (cookie instanceof MockCookie) {
		MockCookie mockCookie = (MockCookie) cookie;
		if (StringUtils.hasText(mockCookie.getSameSite())) {
			buf.append("; SameSite=").append(mockCookie.getSameSite());
		}
	}
	return buf.toString();
}
 
Example 5
Source File: MockHttpServletResponse.java    From java-technology-stack with MIT License 5 votes vote down vote up
private String getCookieHeader(Cookie cookie) {
	StringBuilder buf = new StringBuilder();
	buf.append(cookie.getName()).append('=').append(cookie.getValue() == null ? "" : cookie.getValue());
	if (StringUtils.hasText(cookie.getPath())) {
		buf.append("; Path=").append(cookie.getPath());
	}
	if (StringUtils.hasText(cookie.getDomain())) {
		buf.append("; Domain=").append(cookie.getDomain());
	}
	int maxAge = cookie.getMaxAge();
	if (maxAge >= 0) {
		buf.append("; Max-Age=").append(maxAge);
		buf.append("; Expires=");
		HttpHeaders headers = new HttpHeaders();
		headers.setExpires(maxAge > 0 ? System.currentTimeMillis() + 1000L * maxAge : 0);
		buf.append(headers.getFirst(HttpHeaders.EXPIRES));
	}

	if (cookie.getSecure()) {
		buf.append("; Secure");
	}
	if (cookie.isHttpOnly()) {
		buf.append("; HttpOnly");
	}
	if (cookie instanceof MockCookie) {
		MockCookie mockCookie = (MockCookie) cookie;
		if (StringUtils.hasText(mockCookie.getSameSite())) {
			buf.append("; SameSite=").append(mockCookie.getSameSite());
		}
	}
	return buf.toString();
}
 
Example 6
Source File: MockHttpServletResponse.java    From java-technology-stack with MIT License 5 votes vote down vote up
private String getCookieHeader(Cookie cookie) {
	StringBuilder buf = new StringBuilder();
	buf.append(cookie.getName()).append('=').append(cookie.getValue() == null ? "" : cookie.getValue());
	if (StringUtils.hasText(cookie.getPath())) {
		buf.append("; Path=").append(cookie.getPath());
	}
	if (StringUtils.hasText(cookie.getDomain())) {
		buf.append("; Domain=").append(cookie.getDomain());
	}
	int maxAge = cookie.getMaxAge();
	if (maxAge >= 0) {
		buf.append("; Max-Age=").append(maxAge);
		buf.append("; Expires=");
		HttpHeaders headers = new HttpHeaders();
		headers.setExpires(maxAge > 0 ? System.currentTimeMillis() + 1000L * maxAge : 0);
		buf.append(headers.getFirst(HttpHeaders.EXPIRES));
	}

	if (cookie.getSecure()) {
		buf.append("; Secure");
	}
	if (cookie.isHttpOnly()) {
		buf.append("; HttpOnly");
	}
	if (cookie instanceof MockCookie) {
		MockCookie mockCookie = (MockCookie) cookie;
		if (StringUtils.hasText(mockCookie.getSameSite())) {
			buf.append("; SameSite=").append(mockCookie.getSameSite());
		}
	}
	return buf.toString();
}
 
Example 7
Source File: AwsHttpServletResponse.java    From aws-serverless-java-container with Apache License 2.0 5 votes vote down vote up
@SuppressFBWarnings("COOKIE_USAGE")
@Override
public void addCookie(Cookie cookie) {
    if (request != null && request.getDispatcherType() == DispatcherType.INCLUDE && isCommitted()) {
        throw new IllegalStateException("Cannot add Cookies for include request when response is committed");
    }
    String cookieData = cookie.getName() + "=" + cookie.getValue();
    if (cookie.getPath() != null) {
        cookieData += "; Path=" + cookie.getPath();
    }
    if (cookie.getSecure()) {
        cookieData += "; Secure";
    }
    if (cookie.isHttpOnly()) {
        cookieData += "; HttpOnly";
    }
    if (cookie.getDomain() != null && !"".equals(cookie.getDomain().trim())) {
        cookieData += "; Domain=" + cookie.getDomain();
    }

    if (cookie.getMaxAge() > 0) {
        cookieData += "; Max-Age=" + cookie.getMaxAge();

        // we always set the timezone to GMT
        TimeZone gmtTimeZone = TimeZone.getTimeZone(COOKIE_DEFAULT_TIME_ZONE);
        Calendar currentTimestamp = Calendar.getInstance(gmtTimeZone);
        currentTimestamp.add(Calendar.SECOND, cookie.getMaxAge());
        SimpleDateFormat cookieDateFormatter = new SimpleDateFormat(HEADER_DATE_PATTERN);
        cookieDateFormatter.setTimeZone(gmtTimeZone);
        cookieData += "; Expires=" + cookieDateFormatter.format(currentTimestamp.getTime());
    }

    setHeader(HttpHeaders.SET_COOKIE, cookieData, false);
}
 
Example 8
Source File: LegacyCookieProcessor.java    From Tomcat8-Source-Read with MIT License 4 votes vote down vote up
@Override
public String generateHeader(Cookie cookie) {
    /*
     * The spec allows some latitude on when to send the version attribute
     * with a Set-Cookie header. To be nice to clients, we'll make sure the
     * version attribute is first. That means checking the various things
     * that can cause us to switch to a v1 cookie first.
     *
     * Note that by checking for tokens we will also throw an exception if a
     * control character is encountered.
     */
    int version = cookie.getVersion();
    String value = cookie.getValue();
    String path = cookie.getPath();
    String domain = cookie.getDomain();
    String comment = cookie.getComment();

    if (version == 0) {
        // Check for the things that require a v1 cookie
        if (needsQuotes(value, 0) || comment != null || needsQuotes(path, 0) || needsQuotes(domain, 0)) {
            version = 1;
        }
    }

    // Now build the cookie header
    StringBuffer buf = new StringBuffer(); // can't use StringBuilder due to DateFormat

    // Just use the name supplied in the Cookie
    buf.append(cookie.getName());
    buf.append("=");

    // Value
    maybeQuote(buf, value, version);

    // Add version 1 specific information
    if (version == 1) {
        // Version=1 ... required
        buf.append ("; Version=1");

        // Comment=comment
        if (comment != null) {
            buf.append ("; Comment=");
            maybeQuote(buf, comment, version);
        }
    }

    // Add domain information, if present
    if (domain != null) {
        buf.append("; Domain=");
        maybeQuote(buf, domain, version);
    }

    // Max-Age=secs ... or use old "Expires" format
    int maxAge = cookie.getMaxAge();
    if (maxAge >= 0) {
        if (version > 0) {
            buf.append ("; Max-Age=");
            buf.append (maxAge);
        }
        // IE6, IE7 and possibly other browsers don't understand Max-Age.
        // They do understand Expires, even with V1 cookies!
        if (version == 0 || getAlwaysAddExpires()) {
            // Wdy, DD-Mon-YY HH:MM:SS GMT ( Expires Netscape format )
            buf.append ("; Expires=");
            // To expire immediately we need to set the time in past
            if (maxAge == 0) {
                buf.append( ANCIENT_DATE );
            } else {
                COOKIE_DATE_FORMAT.get().format(
                        new Date(System.currentTimeMillis() + maxAge * 1000L),
                        buf,
                        new FieldPosition(0));
            }
        }
    }

    // Path=path
    if (path!=null) {
        buf.append ("; Path=");
        maybeQuote(buf, path, version);
    }

    // Secure
    if (cookie.getSecure()) {
      buf.append ("; Secure");
    }

    // HttpOnly
    if (cookie.isHttpOnly()) {
        buf.append("; HttpOnly");
    }

    SameSiteCookies sameSiteCookiesValue = getSameSiteCookies();

    if (!sameSiteCookiesValue.equals(SameSiteCookies.UNSET)) {
        buf.append("; SameSite=");
        buf.append(sameSiteCookiesValue.getValue());
    }

    return buf.toString();
}