javax.servlet.SessionCookieConfig Java Examples

The following examples show how to use javax.servlet.SessionCookieConfig. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SessionConfig.java    From Tomcat7.0.67 with Apache License 2.0 6 votes vote down vote up
private static String getConfiguredSessionCookieName(Context context) {

        // Priority is:
        // 1. Cookie name defined in context
        // 2. Cookie name configured for app
        // 3. Default defined by spec
        if (context != null) {
            String cookieName = context.getSessionCookieName();
            if (cookieName != null && cookieName.length() > 0) {
                return cookieName;
            }

            SessionCookieConfig scc =
                context.getServletContext().getSessionCookieConfig();
            cookieName = scc.getName();
            if (cookieName != null && cookieName.length() > 0) {
                return cookieName;
            }
        }

        return null;
    }
 
Example #2
Source File: SessionConfig.java    From Tomcat8-Source-Read with MIT License 6 votes vote down vote up
private static String getConfiguredSessionCookieName(Context context) {

        // Priority is:
        // 1. Cookie name defined in context
        // 2. Cookie name configured for app
        // 3. Default defined by spec
        if (context != null) {
            String cookieName = context.getSessionCookieName();
            if (cookieName != null && cookieName.length() > 0) {
                return cookieName;
            }

            SessionCookieConfig scc =
                context.getServletContext().getSessionCookieConfig();
            cookieName = scc.getName();
            if (cookieName != null && cookieName.length() > 0) {
                return cookieName;
            }
        }

        return null;
    }
 
Example #3
Source File: SessionConfig.java    From tomcatsrc with Apache License 2.0 6 votes vote down vote up
private static String getConfiguredSessionCookieName(Context context) {

        // Priority is:
        // 1. Cookie name defined in context
        // 2. Cookie name configured for app
        // 3. Default defined by spec
        if (context != null) {
            String cookieName = context.getSessionCookieName();
            if (cookieName != null && cookieName.length() > 0) {
                return cookieName;
            }

            SessionCookieConfig scc =
                context.getServletContext().getSessionCookieConfig();
            cookieName = scc.getName();
            if (cookieName != null && cookieName.length() > 0) {
                return cookieName;
            }
        }

        return null;
    }
 
Example #4
Source File: Jetty9ServerTest.java    From gocd with Apache License 2.0 6 votes vote down vote up
@Test
public void shouldSetSessionCookieConfig() throws Exception {
    when(systemEnvironment.isSessionCookieSecure()).thenReturn(true);
    jetty9Server.configure();
    jetty9Server.setSessionConfig();
    jetty9Server.startHandlers();

    WebAppContext webAppContext = (WebAppContext) getLoadedHandlers().get(WebAppContext.class);
    SessionCookieConfig sessionCookieConfig = webAppContext.getSessionHandler().getSessionCookieConfig();
    assertThat(sessionCookieConfig.isHttpOnly(), is(true));
    assertThat(sessionCookieConfig.isSecure(), is(true));
    assertThat(sessionCookieConfig.getMaxAge(), is(5678));

    when(systemEnvironment.isSessionCookieSecure()).thenReturn(false);
    jetty9Server.setSessionConfig();
    assertThat(sessionCookieConfig.isSecure(), is(false));
}
 
Example #5
Source File: GatewayServer.java    From knox with Apache License 2.0 6 votes vote down vote up
private WebAppContext createWebAppContext( Topology topology, File warFile, String warPath ) {
  String topoName = topology.getName();
  WebAppContext context = new WebAppContext();
  String contextPath;
  contextPath = "/" + Urls.trimLeadingAndTrailingSlashJoin( config.getGatewayPath(), topoName, warPath );
  context.setContextPath( contextPath );
  SessionCookieConfig sessionCookieConfig = context.getServletContext().getSessionCookieConfig();
  sessionCookieConfig.setName(KNOXSESSIONCOOKIENAME);
  context.setWar( warFile.getAbsolutePath() );
  context.setAttribute( GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE, topoName );
  context.setAttribute( "org.apache.knox.gateway.frontend.uri", getFrontendUri( context, config ) );
  context.setAttribute( GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE, config );
  // Add support for JSPs.
  context.setAttribute(
      "org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern",
      ".*/[^/]*servlet-api-[^/]*\\.jar$|.*/javax.servlet.jsp.jstl-.*\\.jar$|.*/[^/]*taglibs.*\\.jar$" );
  context.setTempDirectory( FileUtils.getFile( warFile, "META-INF", "temp" ) );
  context.setErrorHandler( createErrorHandler() );
  context.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
  ClassLoader jspClassLoader = new URLClassLoader(new URL[0], this.getClass().getClassLoader());
  context.setClassLoader(jspClassLoader);
  return context;
}
 
Example #6
Source File: SessionConfig.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
/**
 * Determine the value to use for the session cookie path for the provided
 * context.
 *
 * @param context The context
 * @return the parameter name for the session
 */
public static String getSessionCookiePath(Context context) {

    SessionCookieConfig scc = context.getServletContext().getSessionCookieConfig();

    String contextPath = context.getSessionCookiePath();
    if (contextPath == null || contextPath.length() == 0) {
        contextPath = scc.getPath();
    }
    if (contextPath == null || contextPath.length() == 0) {
        contextPath = context.getEncodedPath();
    }
    if (context.getSessionCookiePathUsesTrailingSlash()) {
        // Handle special case of ROOT context where cookies require a path of
        // '/' but the servlet spec uses an empty string
        // Also ensure the cookies for a context with a path of /foo don't get
        // sent for requests with a path of /foobar
        if (!contextPath.endsWith("/")) {
            contextPath = contextPath + "/";
        }
    } else {
        // Only handle special case of ROOT context where cookies require a
        // path of '/' but the servlet spec uses an empty string
        if (contextPath.length() == 0) {
            contextPath = "/";
        }
    }

    return contextPath;
}
 
Example #7
Source File: ApplicationContextFacade.java    From Tomcat7.0.67 with Apache License 2.0 5 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (SessionCookieConfig)
            doPrivileged("getSessionCookieConfig", null);
    } else {
        return context.getSessionCookieConfig();
    }
}
 
Example #8
Source File: AppLauncher.java    From VulnerableJavaWebApplication with MIT License 5 votes vote down vote up
@SuppressWarnings("deprecation")
@Bean
public ServletContextInitializer servletContextInitializer() {
	return new ServletContextInitializer() {
		@Override
		public void onStartup(ServletContext servletContext) throws ServletException {
			servletContext.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.COOKIE));
			SessionCookieConfig sessionCookieConfig = servletContext.getSessionCookieConfig();
			sessionCookieConfig.setHttpOnly(true);
		}
	};

}
 
Example #9
Source File: SpringHttpSessionConfiguration.java    From spring-session with Apache License 2.0 5 votes vote down vote up
private CookieSerializer createDefaultCookieSerializer() {
	DefaultCookieSerializer cookieSerializer = new DefaultCookieSerializer();
	if (this.servletContext != null) {
		SessionCookieConfig sessionCookieConfig = null;
		try {
			sessionCookieConfig = this.servletContext.getSessionCookieConfig();
		}
		catch (UnsupportedOperationException ex) {
			this.logger.warn("Unable to obtain SessionCookieConfig: " + ex.getMessage());
		}
		if (sessionCookieConfig != null) {
			if (sessionCookieConfig.getName() != null) {
				cookieSerializer.setCookieName(sessionCookieConfig.getName());
			}
			if (sessionCookieConfig.getDomain() != null) {
				cookieSerializer.setDomainName(sessionCookieConfig.getDomain());
			}
			if (sessionCookieConfig.getPath() != null) {
				cookieSerializer.setCookiePath(sessionCookieConfig.getPath());
			}
			if (sessionCookieConfig.getMaxAge() != -1) {
				cookieSerializer.setCookieMaxAge(sessionCookieConfig.getMaxAge());
			}
		}
	}
	if (this.usesSpringSessionRememberMeServices) {
		cookieSerializer.setRememberMeRequestAttribute(SpringSessionRememberMeServices.REMEMBER_ME_LOGIN_ATTR);
	}
	return cookieSerializer;
}
 
Example #10
Source File: SpringBootInitializer.java    From alf.io with GNU General Public License v3.0 5 votes vote down vote up
@Bean
public ServletContextInitializer servletContextInitializer() {
    return servletContext -> {
        WebApplicationContext ctx = getRequiredWebApplicationContext(servletContext);
        ConfigurableEnvironment environment = ctx.getBean(ConfigurableEnvironment.class);
        SessionCookieConfig config = servletContext.getSessionCookieConfig();
        config.setHttpOnly(true);
        config.setSecure(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)));
        // force log initialization, then disable it
        XRLog.setLevel(XRLog.EXCEPTION, Level.WARNING);
        XRLog.setLoggingEnabled(false);
    };
}
 
Example #11
Source File: Initializer.java    From alf.io with GNU General Public License v3.0 5 votes vote down vote up
private void configureSessionCookie(ServletContext servletContext) {
    SessionCookieConfig config = servletContext.getSessionCookieConfig();

    config.setHttpOnly(true);
    
    Validate.notNull(environment, "environment cannot be null!");
    // set secure cookie only if current environment doesn't strictly need HTTP
    config.setSecure(environment.acceptsProfiles(Profiles.of(Initializer.PROFILE_LIVE)));

    // https://issues.jboss.org/browse/WFLY-3448 ?
    config.setPath(servletContext.getContextPath() + "/");
}
 
Example #12
Source File: BootstrapUtil.java    From ldp4j with Apache License 2.0 5 votes vote down vote up
private static void addSessionCookieConfigMessages(Map<String, Object> messages, SessionCookieConfig sessionCookieConfig) {
	if(sessionCookieConfig==null) {
		return;
	}
	StringBuilder builder=new StringBuilder();
	builder.append(NEW_LINE).append(VALUE_PREFIX).append("Name").append(VALUE_SEPARATOR).append(sessionCookieConfig.getName());
	builder.append(NEW_LINE).append(VALUE_PREFIX).append("Comment").append(VALUE_SEPARATOR).append(sessionCookieConfig.getComment());
	builder.append(NEW_LINE).append(VALUE_PREFIX).append("Domain").append(VALUE_SEPARATOR).append(sessionCookieConfig.getDomain());
	builder.append(NEW_LINE).append(VALUE_PREFIX).append("Path").append(VALUE_SEPARATOR).append(sessionCookieConfig.getPath());
	builder.append(NEW_LINE).append(VALUE_PREFIX).append("Max age").append(VALUE_SEPARATOR).append(sessionCookieConfig.getMaxAge());
	addMessage(messages,"Session cookie config",builder.toString());
}
 
Example #13
Source File: ApplicationContextFacade.java    From tomcatsrc with Apache License 2.0 5 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (SessionCookieConfig)
            doPrivileged("getSessionCookieConfig", null);
    } else {
        return context.getSessionCookieConfig();
    }
}
 
Example #14
Source File: Jetty9Server.java    From gocd with Apache License 2.0 5 votes vote down vote up
@Override
public void setSessionConfig() {
    SessionHandler sessionHandler = webAppContext.getSessionHandler();
    SessionCookieConfig sessionCookieConfig = sessionHandler.getSessionCookieConfig();
    sessionCookieConfig.setHttpOnly(true);
    sessionCookieConfig.setSecure(systemEnvironment.isSessionCookieSecure());
    sessionCookieConfig.setMaxAge(systemEnvironment.sessionCookieMaxAgeInSeconds());
    sessionHandler.setMaxInactiveInterval(systemEnvironment.sessionTimeoutInSeconds());
}
 
Example #15
Source File: SeedServletContainerInitializer.java    From seed with Mozilla Public License 2.0 5 votes vote down vote up
private void copyConfig(WebConfig.SessionsConfig.CookieConfig src, SessionCookieConfig dest) {
    Optional.ofNullable(src.getComment()).ifPresent(dest::setComment);
    Optional.ofNullable(src.getDomain()).ifPresent(dest::setDomain);
    Optional.ofNullable(src.getName()).ifPresent(dest::setName);
    Optional.ofNullable(src.getPath()).ifPresent(dest::setPath);
    dest.setHttpOnly(src.isHttpOnly());
    dest.setSecure(src.isSecure());
    dest.setMaxAge(src.getMaxAge());
}
 
Example #16
Source File: ApplicationContextFacade.java    From Tomcat8-Source-Read with MIT License 5 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
    if (SecurityUtil.isPackageProtectionEnabled()) {
        return (SessionCookieConfig)
            doPrivileged("getSessionCookieConfig", null);
    } else {
        return context.getSessionCookieConfig();
    }
}
 
Example #17
Source File: MockServletContext.java    From pulsar with Apache License 2.0 4 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
    return null;
}
 
Example #18
Source File: MockServletContext.java    From everrest with Eclipse Public License 2.0 4 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
    throw new UnsupportedOperationException("not supported");
}
 
Example #19
Source File: MockServletContext.java    From knox with Apache License 2.0 4 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
  return null;
}
 
Example #20
Source File: ServletContextSimulator.java    From birt with Eclipse Public License 1.0 4 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig( )
{
	// TODO Auto-generated method stub
	return null;
}
 
Example #21
Source File: MockServletContext.java    From para with Apache License 2.0 4 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
	throw new UnsupportedOperationException("Not supported yet.");
}
 
Example #22
Source File: ThreadLocalServletContext.java    From cxf with Apache License 2.0 4 votes vote down vote up
public SessionCookieConfig getSessionCookieConfig() {
    return get().getSessionCookieConfig();
}
 
Example #23
Source File: AttributeOnlyServletContext.java    From lucene-solr with Apache License 2.0 4 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
  return null;
}
 
Example #24
Source File: MockServletContext.java    From live-chat-engine with Apache License 2.0 4 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
	// TODO Auto-generated method stub
	return null;
}
 
Example #25
Source File: JspCServletContext.java    From packagedrone with Eclipse Public License 1.0 4 votes vote down vote up
public SessionCookieConfig getSessionCookieConfig() {
    throw new UnsupportedOperationException();
}
 
Example #26
Source File: MockServletContext.java    From deltaspike with Apache License 2.0 4 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig()
{
    return null;
}
 
Example #27
Source File: TesterServletContext.java    From tomcatsrc with Apache License 2.0 4 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
    return sessionCookieConfig;
}
 
Example #28
Source File: JspCServletContext.java    From tomcatsrc with Apache License 2.0 4 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
    return null;
}
 
Example #29
Source File: ApplicationSessionCookieConfig.java    From tomcatsrc with Apache License 2.0 4 votes vote down vote up
/**
 * Creates a new session cookie for the given session ID
 *
 * @param context     The Context for the web application
 * @param sessionId   The ID of the session for which the cookie will be
 *                    created
 * @param secure      Should session cookie be configured as secure
 */
public static Cookie createSessionCookie(Context context,
        String sessionId, boolean secure) {

    SessionCookieConfig scc =
        context.getServletContext().getSessionCookieConfig();

    // NOTE: The priority order for session cookie configuration is:
    //       1. Context level configuration
    //       2. Values from SessionCookieConfig
    //       3. Defaults

    Cookie cookie = new Cookie(
            SessionConfig.getSessionCookieName(context), sessionId);
   
    // Just apply the defaults.
    cookie.setMaxAge(scc.getMaxAge());
    cookie.setComment(scc.getComment());
   
    if (context.getSessionCookieDomain() == null) {
        // Avoid possible NPE
        if (scc.getDomain() != null) {
            cookie.setDomain(scc.getDomain());
        }
    } else {
        cookie.setDomain(context.getSessionCookieDomain());
    }

    // Always set secure if the request is secure
    if (scc.isSecure() || secure) {
        cookie.setSecure(true);
    }

    // Always set httpOnly if the context is configured for that
    if (scc.isHttpOnly() || context.getUseHttpOnly()) {
        cookie.setHttpOnly(true);
    }
   
    String contextPath = context.getSessionCookiePath();
    if (contextPath == null || contextPath.length() == 0) {
        contextPath = scc.getPath();
    }
    if (contextPath == null || contextPath.length() == 0) {
        contextPath = context.getEncodedPath();
    }
    if (context.getSessionCookiePathUsesTrailingSlash()) {
        // Handle special case of ROOT context where cookies require a path of
        // '/' but the servlet spec uses an empty string
        // Also ensure the cookies for a context with a path of /foo don't get
        // sent for requests with a path of /foobar
        if (!contextPath.endsWith("/")) {
            contextPath = contextPath + "/";
        }
    } else {
        // Only handle special case of ROOT context where cookies require a
        // path of '/' but the servlet spec uses an empty string
        if (contextPath.length() == 0) {
            contextPath = "/";
        }
    }
    cookie.setPath(contextPath);

    return cookie;
}
 
Example #30
Source File: ApplicationContext.java    From tomcatsrc with Apache License 2.0 4 votes vote down vote up
@Override
public SessionCookieConfig getSessionCookieConfig() {
    return sessionCookieConfig;
}