@Override public void clearSession(final HttpServerExchange exchange, final String sessionId) { Cookie cookie = new CookieImpl(cookieName, sessionId) .setPath(path) .setDomain(domain) .setDiscard(discard) .setSecure(secure) .setHttpOnly(httpOnly) .setMaxAge(0); exchange.setResponseCookie(cookie); UndertowLogger.SESSION_LOGGER.tracef("Clearing session cookie session id %s on %s", sessionId, exchange); }
private static void handleValue(CookieImpl cookie, String key, String value) { if (key.equalsIgnoreCase("path")) { cookie.setPath(value); } else if (key.equalsIgnoreCase("domain")) { cookie.setDomain(value); } else if (key.equalsIgnoreCase("max-age")) { cookie.setMaxAge(Integer.parseInt(value)); } else if (key.equalsIgnoreCase("expires")) { cookie.setExpires(DateUtils.parseDate(value)); } else if (key.equalsIgnoreCase("discard")) { cookie.setDiscard(true); } else if (key.equalsIgnoreCase("secure")) { cookie.setSecure(true); } else if (key.equalsIgnoreCase("httpOnly")) { cookie.setHttpOnly(true); } else if (key.equalsIgnoreCase("version")) { cookie.setVersion(Integer.parseInt(value)); } else if (key.equalsIgnoreCase("comment")) { cookie.setComment(value); } else if (key.equalsIgnoreCase("samesite")) { cookie.setSameSite(true); cookie.setSameSiteMode(value); } //otherwise ignore this key-value pair }
@Override public void setSessionId(final HttpServerExchange exchange, final String sessionId) { Cookie cookie = new CookieImpl(cookieName, sessionId) .setPath(path) .setDomain(domain) .setDiscard(discard) .setSecure(secure) .setHttpOnly(httpOnly) .setComment(comment); if (maxAge > 0) { cookie.setMaxAge(maxAge); } exchange.setResponseCookie(cookie); UndertowLogger.SESSION_LOGGER.tracef("Setting session cookie session id %s on %s", sessionId, exchange); }
@Override public void expiresSessionId(HttpServerExchange exchange) { final String sessionId = retrieveSessionIdFrom(exchange); final Cookie cookie = new CookieImpl( this.cookieName, sessionId ) .setPath( "/" ).setHttpOnly( true ).setExpires( Date.from( Instant.EPOCH ) ); exchange.setResponseCookie( cookie ); } }
@Override public void writeAttribute(final HttpServerExchange exchange, final String newValue) throws ReadOnlyAttributeException { exchange.setResponseCookie(new CookieImpl(cookieName, newValue)); }
/** * Attach a session cookie, identified by {@code sessionId}, into the current request. * * @param exchange * @param sessionId */ @Override public void attachSessionId(HttpServerExchange exchange, String sessionId ) { final Cookie cookie = new CookieImpl( this.cookieName, sessionId ).setPath( "/" ).setHttpOnly( true ); exchange.setResponseCookie( cookie ); }
@Override public void resetCookie(String name, String path) { CookieImpl cookie = new CookieImpl(name, ""); cookie.setMaxAge(0); cookie.setPath(path); exchange.setResponseCookie(cookie); }
@Override public void start(StartContext context) throws StartException { pathHandler.clearPaths(); SecureRandomSessionIdGenerator generator = new SecureRandomSessionIdGenerator(); pathHandler.addPrefixPath(AFFINITY_PATH, exchange -> { String resolved = exchange.getResolvedPath(); int index = resolved.lastIndexOf(AFFINITY_PATH); if(index > 0) { resolved = resolved.substring(0, index); } exchange.getResponseCookies().put("JSESSIONID", new CookieImpl("JSESSIONID", generator.createSessionId()).setPath(resolved)); }); }
@Override public void setSessionId(final HttpServerExchange exchange, final String sessionId) { Cookie cookie = new CookieImpl(cookieName, sessionId) .setPath(path) .setDomain(domain) .setDiscard(discard) .setSecure(secure) .setHttpOnly(httpOnly) .setComment(comment); if (maxAge > 0) { cookie.setMaxAge(maxAge); } exchange.setResponseCookie(cookie); UndertowLogger.SESSION_LOGGER.tracef("Setting session cookie session id %s on %s", sessionId, exchange); }
private void setSession(HttpServerExchange exchange) { if (this.session != null && this.session.hasChanges()) { String values = Joiner.on(Default.SPLITTER.toString()).withKeyValueSeparator(Default.SEPERATOR.toString()).join(this.session.getValues()); String sign = DigestUtils.sha512Hex(values + this.session.getAuthenticityToken() + this.session.getExpires() + config.getApplicationSecret()); String value = sign + Default.DELIMITER.toString() + this.session.getAuthenticityToken() + Default.DELIMITER.toString() + this.session.getExpires() + Default.DATA_DELIMITER.toString() + values; if (this.config.getBoolean(Key.COOKIE_ENCRYPTION, false)) { Crypto crypto = this.injector.getInstance(Crypto.class); value = crypto.encrypt(value); } Cookie cookie = new CookieImpl(config.getString(Key.COOKIE_NAME), value) .setHttpOnly(true) .setPath("/") .setExpires(Date.from(this.session.getExpires().atZone(ZoneId.systemDefault()).toInstant())); exchange.setResponseCookie(cookie); } }
if (c == ';') { if (cookie == null) { cookie = new CookieImpl(key, headerValue.substring(current, i)); } else { handleValue(cookie, key, headerValue.substring(current, i)); if (c == '"') { if (cookie == null) { cookie = new CookieImpl(key, headerValue.substring(current, i)); } else { handleValue(cookie, key, headerValue.substring(current, i)); if (current != headerValue.length()) { if(cookie == null) { cookie = new CookieImpl(key, headerValue.substring(current, headerValue.length())); } else { handleValue(cookie, key, headerValue.substring(current, headerValue.length()));
private void setFlash(HttpServerExchange exchange) { if (this.flash != null && !this.flash.isDiscard() && this.flash.hasContent()) { String values = Joiner.on("&").withKeyValueSeparator(":").join(this.flash.getValues()); Cookie cookie = new CookieImpl(this.config.getFlashCookieName(), values) .setHttpOnly(true) .setPath("/"); exchange.setResponseCookie(cookie); } else { Cookie cookie = exchange.getRequestCookies().get(this.config.getFlashCookieName()); if (cookie != null) { cookie.setHttpOnly(true) .setPath("/") .setMaxAge(0); exchange.setResponseCookie(cookie); } } }
@Override public void resetCookie(String name, String path) { CookieImpl cookie = new CookieImpl(name, ""); cookie.setMaxAge(0); cookie.setPath(path); exchange.setResponseCookie(cookie); }
@Override public void start(StartContext context) throws StartException { pathHandler.clearPaths(); SecureRandomSessionIdGenerator generator = new SecureRandomSessionIdGenerator(); pathHandler.addPrefixPath(AFFINITY_PATH, exchange -> { String resolved = exchange.getResolvedPath(); int index = resolved.lastIndexOf(AFFINITY_PATH); if(index > 0) { resolved = resolved.substring(0, index); } exchange.getResponseCookies().put("JSESSIONID", new CookieImpl("JSESSIONID", generator.createSessionId()).setPath(resolved)); }); }
private void clearSsoCookie(HttpServerExchange exchange) { exchange.getResponseCookies().put(cookieName, new CookieImpl(cookieName).setMaxAge(0).setHttpOnly(httpOnly).setSecure(secure).setDomain(domain).setPath(path)); }
private static void handleValue(CookieImpl cookie, String key, String value) { if (key.equalsIgnoreCase("path")) { cookie.setPath(value); } else if (key.equalsIgnoreCase("domain")) { cookie.setDomain(value); } else if (key.equalsIgnoreCase("max-age")) { cookie.setMaxAge(Integer.parseInt(value)); } else if (key.equalsIgnoreCase("expires")) { cookie.setExpires(DateUtils.parseDate(value)); } else if (key.equalsIgnoreCase("discard")) { cookie.setDiscard(true); } else if (key.equalsIgnoreCase("secure")) { cookie.setSecure(true); } else if (key.equalsIgnoreCase("httpOnly")) { cookie.setHttpOnly(true); } else if (key.equalsIgnoreCase("version")) { cookie.setVersion(Integer.parseInt(value)); } else if (key.equalsIgnoreCase("comment")) { cookie.setComment(value); } else if (key.equalsIgnoreCase("samesite")) { cookie.setSameSite(true); cookie.setSameSiteMode(value); } //otherwise ignore this key-value pair }
@Override public void setSessionId(final HttpServerExchange exchange, final String sessionId) { Cookie cookie = new CookieImpl(cookieName, sessionId) .setPath(path) .setDomain(domain) .setDiscard(discard) .setSecure(secure) .setHttpOnly(httpOnly) .setComment(comment); if (maxAge > 0) { cookie.setMaxAge(maxAge); } exchange.setResponseCookie(cookie); UndertowLogger.SESSION_LOGGER.tracef("Setting session cookie session id %s on %s", sessionId, exchange); }
private void setAuthentication(HttpServerExchange exchange) { if (this.authentication != null && this.authentication.hasAuthenticatedUser()) { Cookie cookie; String cookieName = this.config.getAuthenticationCookieName(); if (this.authentication.isLogout()) { cookie = exchange.getRequestCookies().get(cookieName); cookie.setMaxAge(0); cookie.setDiscard(true); } else { String sign = DigestUtils.sha512Hex(this.authentication.getAuthenticatedUser() + this.authentication.getExpires() + this.config.getString(Key.APPLICATION_SECRET)); String value = sign + Default.DELIMITER.toString() + this.authentication.getExpires() + Default.DATA_DELIMITER.toString() + this.authentication.getAuthenticatedUser(); if (this.config.getBoolean(Key.AUTH_COOKIE_ENCRYPT, false)) { value = this.injector.getInstance(Crypto.class).encrypt(value); } cookie = new CookieImpl(cookieName, value) .setHttpOnly(true) .setPath("/") .setExpires(Date.from(this.authentication.getExpires().atZone(ZoneId.systemDefault()).toInstant())); } exchange.setResponseCookie(cookie); } }
Cookie c = new CookieImpl(entry.getKey(), entry.getValue()); String domain = additional.get(DOMAIN); if (domain != null) {
@Override public void start(StartContext context) throws StartException { pathHandler.clearPaths(); SecureRandomSessionIdGenerator generator = new SecureRandomSessionIdGenerator(); pathHandler.addPrefixPath(AFFINITY_PATH, exchange -> { String resolved = exchange.getResolvedPath(); int index = resolved.lastIndexOf(AFFINITY_PATH); if(index > 0) { resolved = resolved.substring(0, index); } exchange.getResponseCookies().put("JSESSIONID", new CookieImpl("JSESSIONID", generator.createSessionId()).setPath(resolved)); }); }