Java Code Examples for javax.servlet.http.HttpServletRequest#getCookies()
The following examples show how to use
javax.servlet.http.HttpServletRequest#getCookies() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SSOAssertionConsumerService.java From carbon-identity with Apache License 2.0 | 7 votes |
|
private Cookie getSSOTokenCookie(HttpServletRequest req) {
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if ("ssoTokenId".equals(cookie.getName())) {
return cookie;
}
}
}
return null;
}
Example 2
| Source File: WebUtil.java From live-chat-engine with Apache License 2.0 | 6 votes |
|
public static boolean isValid_CSRF_ProtectTokenInReq(HttpServletRequest req){
String token = get_CSRF_ProtectTokenFromSession(req);
if(token == null){
return true;
}
String cookieToken = null;
Cookie[] cookies = req.getCookies();
if(isEmpty(cookies)) return false;
for (Cookie cookie : cookies) {
if(CSRF_PROTECT_TOKEN.equals(cookie.getName())){
cookieToken = cookie.getValue();
break;
}
}
String reqToken = req.getParameter("token");
return token.equals(cookieToken) && token.equals(reqToken);
}
Example 3
| Source File: CookieUtil.java From paascloud-master with Apache License 2.0 | 6 votes |
|
/**
* 根据Cookie的名称得到Cookie对象.
*
* @param request the request
* @param name the name
*
* @return the cookie
*/
public static Cookie getCookie(HttpServletRequest request, String name) {
logger.info("获取指定名称的cookie. name={}", name);
Cookie[] cookies = request.getCookies();
if (cookies == null || StringUtils.isBlank(name)) {
return null;
}
Cookie cookie = null;
for (Cookie cooky : cookies) {
if (!cooky.getName().equals(name) || StringUtils.isBlank(cooky.getDomain())) {
continue;
}
cookie = cooky;
if (request.getServerName().contains(cookie.getDomain())) {
break;
}
}
return cookie;
}
Example 4
| Source File: GetCookie.java From journaldev with MIT License | 6 votes |
|
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
PrintWriter out = response.getWriter();
Cookie[] requestCookies = request.getCookies();
out.write("<html><head></head><body>");
out.write("<h3>Hello Browser!!</h3>");
if(requestCookies != null){
out.write("<h3>Request Cookies:</h3>");
for(Cookie c : requestCookies){
out.write("Name="+c.getName()+", Value="+c.getValue()+", Comment="+c.getComment()
+", Domain="+c.getDomain()+", MaxAge="+c.getMaxAge()+", Path="+c.getPath()
+", Version="+c.getVersion());
out.write("<br>");
//delete cookie
if(c.getName().equals("Test")){
c.setMaxAge(0);
response.addCookie(c);
}
}
}
out.write("</body></html>");
}
Example 5
| Source File: CookieInterceptor.java From microservices-platform with Apache License 2.0 | 6 votes |
|
@Override
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
// cookie
if (modelAndView!=null && ArrayUtils.isNotEmpty(request.getCookies())) {
HashMap<String, Cookie> cookieMap = new HashMap<String, Cookie>();
for (Cookie ck : request.getCookies()) {
cookieMap.put(ck.getName(), ck);
}
modelAndView.addObject("cookieMap", cookieMap);
}
// static method
if (modelAndView != null) {
modelAndView.addObject("I18nUtil", FtlUtil.generateStaticModel(I18nUtil.class.getName()));
}
super.postHandle(request, response, handler, modelAndView);
}
Example 6
| Source File: BenchmarkTest01864.java From Benchmark with GNU General Public License v2.0 | 5 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
javax.servlet.http.Cookie[] theCookies = request.getCookies();
String param = "noCookieValueSupplied";
if (theCookies != null) {
for (javax.servlet.http.Cookie theCookie : theCookies) {
if (theCookie.getName().equals("BenchmarkTest01864")) {
param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
break;
}
}
}
String bar = doSomething(request, param);
String cmd = "";
String osName = System.getProperty("os.name");
if (osName.indexOf("Windows") != -1) {
cmd = org.owasp.benchmark.helpers.Utils.getOSCommandString("echo");
}
String[] argsEnv = { "Foo=bar" };
Runtime r = Runtime.getRuntime();
try {
Process p = r.exec(cmd + bar, argsEnv);
org.owasp.benchmark.helpers.Utils.printOSCommandResults(p, response);
} catch (IOException e) {
System.out.println("Problem executing cmdi - TestCase");
response.getWriter().println(
org.owasp.esapi.ESAPI.encoder().encodeForHTML(e.getMessage())
);
return;
}
}
Example 7
| Source File: AdapterStateCookieRequestMatcher.java From keycloak with Apache License 2.0 | 5 votes |
|
@Override
public boolean matches(HttpServletRequest request) {
if (request.getCookies() == null) {
return false;
}
for (Cookie cookie: request.getCookies()) {
if (AdapterConstants.KEYCLOAK_ADAPTER_STATE_COOKIE.equals(cookie.getName())) {
return true;
}
}
return false;
}
Example 8
| Source File: BenchmarkTest00060.java From Benchmark with GNU General Public License v2.0 | 5 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
javax.servlet.http.Cookie[] theCookies = request.getCookies();
String param = "noCookieValueSupplied";
if (theCookies != null) {
for (javax.servlet.http.Cookie theCookie : theCookies) {
if (theCookie.getName().equals("BenchmarkTest00060")) {
param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
break;
}
}
}
String bar = "";
if (param != null) {
bar = new String( org.apache.commons.codec.binary.Base64.decodeBase64(
org.apache.commons.codec.binary.Base64.encodeBase64( param.getBytes() ) ));
}
java.io.File fileTarget = new java.io.File(new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir),bar);
response.getWriter().println(
"Access to file: '" + org.owasp.esapi.ESAPI.encoder().encodeForHTML(fileTarget.toString()) + "' created."
);
if (fileTarget.exists()) {
response.getWriter().println(
" And file already exists."
);
} else { response.getWriter().println(
" But file doesn't exist yet."
); }
}
Example 9
| Source File: Servlets.java From howsun-javaee-framework with Apache License 2.0 | 5 votes |
|
public static Cookie getCookie(HttpServletRequest request, String name){
Cookie cooikes[] = request.getCookies();
if(cooikes != null)
for(Cookie cookie : cooikes){
if(name.equals(cookie.getName())){
return cookie;
}
}
return null;
}
Example 10
| Source File: SessionSubject.java From keeper with Apache License 2.0 | 5 votes |
|
private Cookie getRenewCookie() {
HttpServletRequest request = WebUtil.currentRequest();
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
if (cookie.getName().equals(sessionConfig().getCookieName())) {
return cookie;
}
}
return null;
}
Example 11
| Source File: DatastoreSessionFilter.java From getting-started-java with Apache License 2.0 | 5 votes |
|
protected String getCookieValue(HttpServletRequest req, String cookieName) {
Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals(cookieName)) {
return cookie.getValue();
}
}
}
return "";
}
Example 12
| Source File: BenchmarkTest01867.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
javax.servlet.http.Cookie[] theCookies = request.getCookies();
String param = "noCookieValueSupplied";
if (theCookies != null) {
for (javax.servlet.http.Cookie theCookie : theCookies) {
if (theCookie.getName().equals("BenchmarkTest01867")) {
param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
break;
}
}
}
String bar = doSomething(request, param);
try {
java.util.Random numGen = java.security.SecureRandom.getInstance("SHA1PRNG");
double rand = getNextNumber(numGen);
String rememberMeKey = Double.toString(rand).substring(2); // Trim off the 0. at the front.
String user = "SafeDonatella";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextDouble() - TestCase");
throw new ServletException(e);
}
response.getWriter().println(
"Weak Randomness Test java.security.SecureRandom.nextDouble() executed"
);
}
Example 13
| Source File: BenchmarkTest02606.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String queryString = request.getQueryString();
String paramval = "BenchmarkTest02606"+"=";
int paramLoc = -1;
if (queryString != null) paramLoc = queryString.indexOf(paramval);
if (paramLoc == -1) {
response.getWriter().println("getQueryString() couldn't find expected parameter '" + "BenchmarkTest02606" + "' in query string.");
return;
}
String param = queryString.substring(paramLoc + paramval.length()); // 1st assume "BenchmarkTest02606" param is last parameter in query string.
// And then check to see if its in the middle of the query string and if so, trim off what comes after.
int ampersandLoc = queryString.indexOf("&", paramLoc);
if (ampersandLoc != -1) {
param = queryString.substring(paramLoc + paramval.length(), ampersandLoc);
}
param = java.net.URLDecoder.decode(param, "UTF-8");
String bar = doSomething(request, param);
float rand = new java.util.Random().nextFloat();
String rememberMeKey = Float.toString(rand).substring(2); // Trim off the 0. at the front.
String user = "Floyd";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
response.getWriter().println(
"Weak Randomness Test java.util.Random.nextFloat() executed"
);
}
Example 14
| Source File: BenchmarkTest00902.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request );
String param = scr.getTheValue("BenchmarkTest00902");
String bar = "safe!";
java.util.HashMap<String,Object> map21609 = new java.util.HashMap<String,Object>();
map21609.put("keyA-21609", "a-Value"); // put some stuff in the collection
map21609.put("keyB-21609", param); // put it in a collection
map21609.put("keyC", "another-Value"); // put some stuff in the collection
bar = (String)map21609.get("keyB-21609"); // get it back out
int r = new java.util.Random().nextInt();
String rememberMeKey = Integer.toString(r);
String user = "Ingrid";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
response.getWriter().println(
"Weak Randomness Test java.util.Random.nextInt() executed"
);
}
Example 15
| Source File: BenchmarkTest02443.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
org.owasp.benchmark.helpers.SeparateClassRequest scr = new org.owasp.benchmark.helpers.SeparateClassRequest( request );
String param = scr.getTheParameter("BenchmarkTest02443");
if (param == null) param = "";
String bar = doSomething(request, param);
try {
double stuff = java.security.SecureRandom.getInstance("SHA1PRNG").nextGaussian();
String rememberMeKey = Double.toString(stuff).substring(2); // Trim off the 0. at the front.
String user = "SafeGayle";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextGaussian() - TestCase");
throw new ServletException(e);
}
response.getWriter().println(
"Weak Randomness Test java.security.SecureRandom.nextGaussian() executed"
);
}
Example 16
| Source File: BenchmarkTest02010.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String param = "";
java.util.Enumeration<String> names = request.getHeaderNames();
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
if(org.owasp.benchmark.helpers.Utils.commonHeaders.contains(name)){
continue;
}
java.util.Enumeration<String> values = request.getHeaders(name);
if (values != null && values.hasMoreElements()) {
param = name;
break;
}
}
// Note: We don't URL decode header names because people don't normally do that
String bar = doSomething(request, param);
try {
double rand = java.security.SecureRandom.getInstance("SHA1PRNG").nextDouble();
String rememberMeKey = Double.toString(rand).substring(2); // Trim off the 0. at the front.
String user = "SafeDonna";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextDouble() - TestCase");
throw new ServletException(e);
}
response.getWriter().println(
"Weak Randomness Test java.security.SecureRandom.nextDouble() executed"
);
}
Example 17
| Source File: BenchmarkTest00165.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String param = "";
if (request.getHeader("BenchmarkTest00165") != null) {
param = request.getHeader("BenchmarkTest00165");
}
// URL Decode the header value since req.getHeader() doesn't. Unlike req.getParameter().
param = java.net.URLDecoder.decode(param, "UTF-8");
String bar = param;
if (param != null && param.length() > 1) {
bar = param.substring(0,param.length()-1);
}
int r = new java.util.Random().nextInt();
String rememberMeKey = Integer.toString(r);
String user = "Ingrid";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
response.getWriter().println(
"Weak Randomness Test java.util.Random.nextInt() executed"
);
}
Example 18
| Source File: BenchmarkTest01706.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
String queryString = request.getQueryString();
String paramval = "BenchmarkTest01706"+"=";
int paramLoc = -1;
if (queryString != null) paramLoc = queryString.indexOf(paramval);
if (paramLoc == -1) {
response.getWriter().println("getQueryString() couldn't find expected parameter '" + "BenchmarkTest01706" + "' in query string.");
return;
}
String param = queryString.substring(paramLoc + paramval.length()); // 1st assume "BenchmarkTest01706" param is last parameter in query string.
// And then check to see if its in the middle of the query string and if so, trim off what comes after.
int ampersandLoc = queryString.indexOf("&", paramLoc);
if (ampersandLoc != -1) {
param = queryString.substring(paramLoc + paramval.length(), ampersandLoc);
}
param = java.net.URLDecoder.decode(param, "UTF-8");
String bar = new Test().doSomething(request, param);
try {
int r = java.security.SecureRandom.getInstance("SHA1PRNG").nextInt();
String rememberMeKey = Integer.toString(r);
String user = "SafeIngrid";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextInt() - TestCase");
throw new ServletException(e);
}
response.getWriter().println(
"Weak Randomness Test java.security.SecureRandom.nextInt() executed"
);
}
Example 19
| Source File: BenchmarkTest00506.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
java.util.Map<String,String[]> map = request.getParameterMap();
String param = "";
if (!map.isEmpty()) {
String[] values = map.get("BenchmarkTest00506");
if (values != null) param = values[0];
}
// Chain a bunch of propagators in sequence
String a5528 = param; //assign
StringBuilder b5528 = new StringBuilder(a5528); // stick in stringbuilder
b5528.append(" SafeStuff"); // append some safe content
b5528.replace(b5528.length()-"Chars".length(),b5528.length(),"Chars"); //replace some of the end content
java.util.HashMap<String,Object> map5528 = new java.util.HashMap<String,Object>();
map5528.put("key5528", b5528.toString()); // put in a collection
String c5528 = (String)map5528.get("key5528"); // get it back out
String d5528 = c5528.substring(0,c5528.length()-1); // extract most of it
String e5528 = new String( org.apache.commons.codec.binary.Base64.decodeBase64(
org.apache.commons.codec.binary.Base64.encodeBase64( d5528.getBytes() ) )); // B64 encode and decode it
String f5528 = e5528.split(" ")[0]; // split it on a space
org.owasp.benchmark.helpers.ThingInterface thing = org.owasp.benchmark.helpers.ThingFactory.createThing();
String g5528 = "barbarians_at_the_gate"; // This is static so this whole flow is 'safe'
String bar = thing.doSomething(g5528); // reflection
try {
int r = java.security.SecureRandom.getInstance("SHA1PRNG").nextInt();
String rememberMeKey = Integer.toString(r);
String user = "SafeIngrid";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
} catch (java.security.NoSuchAlgorithmException e) {
System.out.println("Problem executing SecureRandom.nextInt() - TestCase");
throw new ServletException(e);
}
response.getWriter().println(
"Weak Randomness Test java.security.SecureRandom.nextInt() executed"
);
}
Example 20
| Source File: BenchmarkTest00461.java From Benchmark with GNU General Public License v2.0 | 4 votes |
|
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
java.util.Map<String,String[]> map = request.getParameterMap();
String param = "";
if (!map.isEmpty()) {
String[] values = map.get("BenchmarkTest00461");
if (values != null) param = values[0];
}
String bar = org.apache.commons.lang.StringEscapeUtils.escapeHtml(param);
double value = java.lang.Math.random();
String rememberMeKey = Double.toString(value).substring(2); // Trim off the 0. at the front.
String user = "Doug";
String fullClassName = this.getClass().getName();
String testCaseNumber = fullClassName.substring(fullClassName.lastIndexOf('.')+1+"BenchmarkTest".length());
user+= testCaseNumber;
String cookieName = "rememberMe" + testCaseNumber;
boolean foundUser = false;
javax.servlet.http.Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; !foundUser && i < cookies.length; i++) {
javax.servlet.http.Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
foundUser = true;
}
}
}
}
if (foundUser) {
response.getWriter().println(
"Welcome back: " + user + "<br/>"
);
} else {
javax.servlet.http.Cookie rememberMe = new javax.servlet.http.Cookie(cookieName, rememberMeKey);
rememberMe.setSecure(true);
// rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
rememberMe.setPath(request.getRequestURI()); // i.e., set path to JUST this servlet
// e.g., /benchmark/sql-01/BenchmarkTest01001
request.getSession().setAttribute(cookieName, rememberMeKey);
response.addCookie(rememberMe);
response.getWriter().println(
user + " has been remembered with cookie: " + rememberMe.getName()
+ " whose value is: " + rememberMe.getValue() + "<br/>"
);
}
response.getWriter().println(
"Weak Randomness Test java.lang.Math.random() executed"
);
}
