Java Code Examples for org.apache.shiro.web.servlet.Cookie#setName()
The following examples show how to use
org.apache.shiro.web.servlet.Cookie#setName() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ShiroConfig.java From MeetingFilm with Apache License 2.0 | 6 votes |
|
/**
* session管理器(单机环境)
*/
@Bean
@ConditionalOnProperty(prefix = "guns", name = "spring-session-open", havingValue = "false")
public DefaultWebSessionManager defaultWebSessionManager(CacheManager cacheShiroManager, GunsProperties gunsProperties) {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setCacheManager(cacheShiroManager);
sessionManager.setSessionValidationInterval(gunsProperties.getSessionValidationInterval() * 1000);
sessionManager.setGlobalSessionTimeout(gunsProperties.getSessionInvalidateTime() * 1000);
sessionManager.setDeleteInvalidSessions(true);
sessionManager.setSessionValidationSchedulerEnabled(true);
Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
cookie.setName("shiroCookie");
cookie.setHttpOnly(true);
sessionManager.setSessionIdCookie(cookie);
return sessionManager;
}
Example 2
| Source File: ShiroConfig.java From WebStack-Guns with MIT License | 6 votes |
|
/**
* session管理器(单机环境)
*/
@Bean
@ConditionalOnProperty(prefix = "guns", name = "spring-session-open", havingValue = "false")
public DefaultWebSessionManager defaultWebSessionManager(CacheManager cacheShiroManager, GunsProperties gunsProperties) {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setCacheManager(cacheShiroManager);
sessionManager.setSessionValidationInterval(gunsProperties.getSessionValidationInterval() * 1000);
sessionManager.setGlobalSessionTimeout(gunsProperties.getSessionInvalidateTime() * 1000);
sessionManager.setDeleteInvalidSessions(true);
sessionManager.setSessionValidationSchedulerEnabled(true);
Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
cookie.setName("shiroCookie");
cookie.setHttpOnly(true);
sessionManager.setSessionIdCookie(cookie);
return sessionManager;
}
Example 3
| Source File: AbstractIamAuthenticationFilter.java From super-cloudops with Apache License 2.0 | 6 votes |
|
/**
* Puts principal authorization info(roles/permissions) and common security
* headers to cookies.(if necessary)
*
* @param token
* @param request
* @param response
* @return
*/
protected Map<String, String> putAuthzInfoCookiesAndSecurityIfNecessary(AuthenticationToken token, ServletRequest request,
ServletResponse response) {
Map<String, String> authzInfo = new HashMap<>();
// Gets permits URl.
String permitUrl = getRFCBaseURI(toHttp(request), true) + URI_S_LOGIN_BASE + "/" + URI_S_LOGIN_PERMITS;
authzInfo.put(config.getParam().getAuthzPermitsName(), permitUrl);
if (isBrowser(toHttp(request))) {
// Sets authorizes permits info.
Cookie c = new IamCookie(config.getCookie());
c.setName(config.getParam().getAuthzPermitsName());
c.setValue(permitUrl);
c.setMaxAge(60);
c.saveTo(toHttp(request), toHttp(response));
// Sets common security headers.
setSecurityHeadersIfNecessary(token, request, response);
}
return authzInfo;
}
Example 4
| Source File: NexusWebSessionManager.java From nexus-public with Eclipse Public License 1.0 | 5 votes |
|
@Inject
public void configureProperties(
@Named("${shiro.globalSessionTimeout:-" + DEFAULT_GLOBAL_SESSION_TIMEOUT + "}") final long globalSessionTimeout,
@Named("${nexus.sessionCookieName:-" + DEFAULT_NEXUS_SESSION_COOKIE_NAME + "}") final String sessionCookieName)
{
setGlobalSessionTimeout(globalSessionTimeout);
log.info("Global session timeout: {} ms", getGlobalSessionTimeout());
Cookie cookie = getSessionIdCookie();
cookie.setName(sessionCookieName);
log.info("Session-cookie prototype: name={}", cookie.getName());
}
Example 5
| Source File: CookieXsrfTokenRepository.java From super-cloudops with Apache License 2.0 | 4 votes |
|
@Override
public void saveXToken(XsrfToken xtoken, HttpServletRequest request, HttpServletResponse response) {
String xtokenValue = isNull(xtoken) ? EMPTY : xtoken.getXsrfToken();
// Delete older xsrf token from cookie.
int version = -1;
Cookie oldCookie = IamCookie.build(getCookie(request, getXsrfTokenCookieName(request)));
if (!isNull(oldCookie)) {
version = oldCookie.getVersion();
oldCookie.removeFrom(request, response);
}
// New xsrf token to cookie.
Cookie cookie = new IamCookie(coreConfig.getCookie());
cookie.setName(getXsrfTokenCookieName(request));
cookie.setSecure(request.isSecure());
cookie.setValue(xtokenValue);
cookie.setVersion(++version);
if (!isBlank(xconfig.getCookiePath())) {
cookie.setPath(xconfig.getCookiePath());
} else {
// When the root path of web application access is path='/' and the
// front and back ends are separately deployed, the browser
// document.cookie can only get cookie of path='/'
cookie.setPath("/");
// cookie.setPath(getRequestContext(request));
}
if (isNull(xtoken)) {
cookie.setMaxAge(0);
} else {
cookie.setMaxAge(-1);
}
// For the implementation of xsrf token, for the front-end and back-end
// separation architecture, generally JS obtains and appends the cookie
// to the headers. At this time, httponly=true cannot be set
cookie.setHttpOnly(xconfig.isCookieHttpOnly());
// Note: due to the cross domain limitation of set cookie, it can only
// be set to the current domain or parent domain.
cookie.setDomain(getXsrfTokenCookieDomain(request));
cookie.saveTo(request, response);
}
