Java Code Examples for javax.servlet.http.HttpServletRequest#changeSessionId()

The following examples show how to use javax.servlet.http.HttpServletRequest#changeSessionId() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: ignite   File: WebSessionFilter.java    License: Apache License 2.0 6 votes vote down vote up
/** {@inheritDoc} */
@Override public String changeSessionId() {
    final HttpServletRequest req = (HttpServletRequest) getRequest();

    final String newId = req.changeSessionId();

    if (!F.eq(newId, ses.getId())) {
        try {
            ses = createSessionV2(ses, newId);
        }
        catch (IOException e) {
            throw new IgniteException(e);
        }
    }

    return newId;
}
 
Example 2
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
    HttpSession session = req.getSession(true);
    String old = session.getId();
    req.changeSessionId();
    String newId = session.getId();
    resp.getWriter().write(old + " "+ newId);
}
 
Example 3
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

    switch (req.getParameter("action")) {
        case "create":
            req.getSession(true);
            resp.getWriter().write(req.getRequestedSessionId());
            break;
        case "destroy":
            req.getSession().invalidate();
            resp.getWriter().write(req.getRequestedSessionId());
            break;
        case "destroycreate":
            req.getSession().invalidate();
            req.getSession(true);
            resp.getWriter().write(req.getRequestedSessionId());
            break;
        case "change":
            req.changeSessionId();
            resp.getWriter().write(req.getRequestedSessionId());
            break;
        case "timeout":
            req.getSession(true).setMaxInactiveInterval(1);
            resp.getWriter().write(req.getRequestedSessionId());
            break;
        case "isvalid":
            resp.getWriter().write(req.isRequestedSessionIdValid() + "");
            break;
        case "default":
            resp.getWriter().write(req.getRequestedSessionId());
            break;
    }

}
 
Example 4
Source Project: HttpSessionReplacer   File: SwitchServlet.java    License: MIT License 5 votes vote down vote up
/**
 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
 *      response)
 */
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
  log(request);
  PrintWriter w = response.getWriter();
  request.changeSessionId();
  w.println("Previous value of attribute: " + request.getSession().getAttribute("A"));
  request.getSession(true).setAttribute("A", "S");
  w.println("New value of attribute: " + request.getSession().getAttribute("A"));
  w.println("Encoded url: " + response.encodeURL("/"));
  w.append("Served at: ").append(request.getContextPath()).append(" ");
}
 
Example 5
protected void presentLoginForm(MCRServletJob job)
    throws IOException, TransformerException, SAXException, JAXBException {
    HttpServletRequest req = job.getRequest();
    HttpServletResponse res = job.getResponse();
    if (LOCAL_LOGIN_SECURE_ONLY && !req.isSecure()) {
        res.sendError(HttpServletResponse.SC_FORBIDDEN, getErrorI18N("component.user2.login", "httpsOnly"));
        return;
    }

    String returnURL = getReturnURL(req);
    String formAction = req.getRequestURI();
    MCRLogin loginForm = new MCRLogin(MCRSessionMgr.getCurrentSession().getUserInformation(), returnURL,
        formAction);
    String uid = getProperty(req, "uid");
    String pwd = getProperty(req, "pwd");
    if (uid != null) {
        MCRUser user = MCRUserManager.login(uid, pwd);
        if (user == null) {
            res.setStatus(HttpServletResponse.SC_BAD_REQUEST);
            loginForm.setLoginFailed(true);
        } else {
            //user logged in
            // MCR-1154
            req.changeSessionId();
            LOGGER.info("user {} logged in successfully.", uid);
            res.sendRedirect(res.encodeRedirectURL(getReturnURL(req)));
            return;
        }
    }
    addFormFields(loginForm, job.getRequest().getParameter(REALM_URL_PARAMETER));
    getLayoutService().doLayout(req, res, new MCRJAXBContent<>(JAXBContext.newInstance(MCRLogin.class), loginForm));
}
 
Example 6
public void doGetPost(MCRServletJob job) throws Exception {
    HttpServletRequest req = job.getRequest();
    HttpServletResponse res = job.getResponse();

    String ticket = req.getParameter("ticket");
    if ((ticket == null) || (ticket.trim().length() == 0)) {
        res.sendError(HttpServletResponse.SC_BAD_REQUEST);
        return;
    }

    // Validate ticket at CAS server
    Cas20ProxyTicketValidator sv = new Cas20ProxyTicketValidator(serverURL);
    sv.setAcceptAnyProxy(true);
    Assertion a = sv.validate(ticket, clientURL);
    AttributePrincipal principal = a.getPrincipal();

    // Get user name logged in
    String userName = principal.getName();
    LOGGER.info("Login {}", userName);

    MCRUser user;
    boolean userExists = MCRUserManager.exists(userName, realmID);
    if (userExists) {
        user = MCRUserManager.getUser(userName, realmID);
    } else {
        user = new MCRUser(userName, realmID);
    }

    // Get user properties from LDAP server
    boolean userChanged = MCRLDAPClient.instance().updateUserProperties(user);
    if (userChanged && userExists) {
        MCRUserManager.updateUser(user);
    }

    // Store login user in session and redirect browser to target url
    MCRSessionMgr.getCurrentSession().setUserInformation(user);
    // MCR-1154
    req.changeSessionId();
    MCRLoginServlet.redirect(res);
}
 
Example 7
Source Project: ignite   File: WebSessionFilter.java    License: Apache License 2.0 5 votes vote down vote up
/** {@inheritDoc} */
@Override public String changeSessionId() {
    HttpServletRequest req = (HttpServletRequest)getRequest();

    String newId = req.changeSessionId();

    this.ses.setId(newId);

    this.ses = createSession(ses, newId);
    this.ses.servletContext(ctx);
    this.ses.filter(WebSessionFilter.this);
    this.ses.resetUpdates();

    return newId;
}
 
Example 8
/**
 * Register the user in the Http session
 * 
 * @param request The Http request
 * @param user    The current user
 */
public void registerUser( HttpServletRequest request, LuteceUser user )
{
    HttpSession session = request.getSession( true );

    // change session Id 
    request.changeSessionId( );

    session.setAttribute( ATTRIBUTE_LUTECE_USER, user );
}
 
Example 9
Source Project: JavaSecurity   File: LoginServlet.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) {
    String currentSessionId = request.getSession().getId();

    log.info("Original session ID {}", currentSessionId);

    // changes the session id in the session, returns the new one
    String newSessionId = request.changeSessionId();

    log.info("New session ID {}", newSessionId);

    response.setContentType("text/html");

    try (PrintWriter out = response.getWriter()) {
        out.println("<html><head>");
        out.println("<title>Session Handling</title>");
        out.println("<link rel=\"stylesheet\" type=\"text/css\" href=\"resources/css/styles.css\" />");
        out.println("</head>");
        out.println("<body>");
        out.println("<h1>Session Handling</h1>");
        out.println("<p><strong>Original Session ID: </strong> " + currentSessionId + "</p>");
        out.println("<p><strong>New Session ID: </strong> " + newSessionId + "</p>");
        out.println("<p><a href=\"index.jsp\">Home</a></p>");
        out.println("</body>");
        out.println("</html>");
    } catch (IOException ex) {
        log.error(ex.getMessage(), ex);
    }
}
 
Example 10
public void doGetPost(MCRServletJob job) throws Exception {
    HttpServletRequest req = job.getRequest();
    HttpServletResponse res = job.getResponse();

    String msg = null;

    String uid = (String) req.getAttribute("uid");
    String userId = uid != null ? uid : req.getRemoteUser();

    if (userId != null) {
        final String realmId = userId.contains("@") ? userId.substring(userId.indexOf("@") + 1) : null;
        if (realmId != null && MCRRealmFactory.getRealm(realmId) != null) {
            userId = realmId != null ? userId.replace("@" + realmId, "") : userId;

            final Map<String, Object> attributes = new HashMap<>();

            final MCRUserAttributeMapper attributeMapper = MCRRealmFactory.getAttributeMapper(realmId);
            for (final String key : attributeMapper.getAttributeNames()) {
                final Object value = req.getAttribute(key);
                if (value != null) {
                    LOGGER.info("received {}:{}", key, value);
                    attributes.put(key, value);
                }
            }

            MCRUserInformation userinfo;

            MCRUser user = MCRUserManager.getUser(userId, realmId);
            if (user != null) {
                LOGGER.debug("login existing user \"{}\"", user.getUserID());

                attributeMapper.mapAttributes(user, attributes);
                user.setLastLogin();
                MCRUserManager.updateUser(user);

                userinfo = user;
            } else {
                userinfo = new MCRShibbolethUserInformation(userId, realmId, attributes);
            }

            MCRSessionMgr.getCurrentSession().setUserInformation(userinfo);
            // MCR-1154
            req.changeSessionId();

            res.sendRedirect(res.encodeRedirectURL(req.getParameter("url")));
            return;
        } else {
            msg = "Login from realm \"" + realmId + "\" is not allowed.";
        }
    } else {
        msg = "Principal could not be received from IDP.";
    }

    job.getResponse().sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
}
 
Example 11
Source Project: ignite   File: WebSessionSelfTest.java    License: Apache License 2.0 4 votes vote down vote up
/** {@inheritDoc} */
@Override protected void doGet(HttpServletRequest req, HttpServletResponse res)
    throws ServletException, IOException {
    HttpSession ses = req.getSession();

    assertNotNull(ses);

    if (req.getPathInfo().equals("/chngsesid")) {

        ses.setAttribute("key1", "val1");

        X.println(">>>", "Created session: " + ses.getId(), ">>>");

        res.getWriter().println(req.getSession().getId());

        String newId = req.changeSessionId();

        // new id from genuine session.
        res.getWriter().println(newId);

        // new id from WebSession.
        res.getWriter().println(req.getSession().getId());

        res.getWriter().flush();
    }
    else if (req.getPathInfo().equals("/simple")) {
        res.getWriter().println(req.getSession().getId());

        res.getWriter().println(req.getSession().getAttribute("key1"));

        res.getWriter().println(req.isRequestedSessionIdValid());

        try {
            req.getSession().invalidate();

            res.getWriter().println(INVALIDATED);
        }
        catch (Exception ignored) {
            res.getWriter().println(FAILED);
        }

        res.getWriter().flush();
    }
    else
        throw new ServletException("Nonexisting path: " + req.getPathInfo());
}
 
Example 12
/**
 * Process GET method.
 *
 * @param request the request.
 * @param response the response.
 * @throws IOException when an I/O error occurs.
 * @throws ServletException when a Servlet error occurs.
 */
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
        throws IOException, ServletException {
    request.getServletContext().setAttribute("originalSessionId",
            request.getSession().getId());
    request.changeSessionId();
}