private void createNewSession(RoutingContext context) { Session session = sessionStore.createSession(sessionTimeout, minLength); context.setSession(session); Cookie cookie = Cookie.cookie(sessionCookieName, session.value()); cookie.setPath(sessionCookiePath); cookie.setSecure(sessionCookieSecure); cookie.setHttpOnly(sessionCookieHttpOnly); // Don't set max age - it's a session cookie context.addCookie(cookie); addStoreSessionHandler(context); } }
/** * Determines if this cookie is HTTP only. * If set to true, this cookie cannot be accessed by a client * side script. However, this works only if the browser supports it. * For for information, please look * <a href="http://www.owasp.org/index.php/HTTPOnly">here</a>. * @param httpOnly True if the cookie is HTTP only, otherwise false. * @return */ public io.vertx.rxjava.ext.web.Cookie setHttpOnly(boolean httpOnly) { delegate.setHttpOnly(httpOnly); return this; }
/** * Determines if this cookie is HTTP only. * If set to true, this cookie cannot be accessed by a client * side script. However, this works only if the browser supports it. * For for information, please look * <a href="http://www.owasp.org/index.php/HTTPOnly">here</a>. * @param httpOnly True if the cookie is HTTP only, otherwise false. * @return */ public io.vertx.rxjava.ext.web.Cookie setHttpOnly(boolean httpOnly) { delegate.setHttpOnly(httpOnly); return this; }
.setHttpOnly(sessionCookieHttpOnly);
@Test public void testCookieFields() throws Exception { Cookie cookie = Cookie.cookie("foo", "bar"); assertEquals("foo", cookie.getName()); assertEquals("bar", cookie.getValue()); assertEquals("foo=bar", cookie.encode()); assertNull(cookie.getPath()); cookie.setPath("/somepath"); assertEquals("/somepath", cookie.getPath()); assertEquals("foo=bar; Path=/somepath", cookie.encode()); assertNull(cookie.getDomain()); cookie.setDomain("foo.com"); assertEquals("foo.com", cookie.getDomain()); assertEquals("foo=bar; Path=/somepath; Domain=foo.com", cookie.encode()); long maxAge = 30 * 60; cookie.setMaxAge(maxAge); long now = System.currentTimeMillis(); String encoded = cookie.encode(); int startPos = encoded.indexOf("Expires="); int endPos = encoded.indexOf(';', startPos); String expiresDate = encoded.substring(startPos + 8, endPos); Date d = dateTimeFormat.parse(expiresDate); assertTrue(d.getTime() - now >= maxAge); cookie.setMaxAge(Long.MIN_VALUE); cookie.setSecure(true); assertEquals("foo=bar; Path=/somepath; Domain=foo.com; Secure", cookie.encode()); cookie.setHttpOnly(true); assertEquals("foo=bar; Path=/somepath; Domain=foo.com; Secure; HTTPOnly", cookie.encode()); }
public Handler<RoutingContext> loginStatusHandler() { return rc -> { AuthenticatedUser user = AuthenticatedUser.from(rc); if (user != null) { rc.response().end(new JsonObject() .put("authenticated", true) // TODO issuer; acting principal; authority sets .put("accountId", user.getAuthenticatedAs()) .put("userDisplayName", user.getFullDisplayName()).encode()); } else { QueryStringEncoder params = new QueryStringEncoder(""); params.addParam("client_id", clientId); params.addParam("response_type", "code"); params.addParam("scope", scope); params.addParam("redirect_uri", redirectUri(rc)); String state = new TokenGenerator(secureRandom).create(15); params.addParam("state", state); rc.response().headers().add(SET_COOKIE, io.vertx.ext.web.Cookie.cookie("state", state) .setHttpOnly(true) .setSecure(redirectUri(rc).startsWith("https")).encode()); rc.response().end(new JsonObject() .put("authenticated", false) .put("loginUrl", authUrl + params).encode()); } }; }
public Handler<RoutingContext> loginStatusHandler() { return rc -> { AuthenticatedUser user = AuthenticatedUser.from(rc); if (user != null) { rc.response().end(new JsonObject() .put("authenticated", true) // TODO issuer; acting principal; authority sets .put("accountId", user.getAuthenticatedAs()) .put("userDisplayName", user.getFullDisplayName()).encode()); } else { QueryStringEncoder params = new QueryStringEncoder(""); params.addParam("client_id", clientId); params.addParam("response_type", "code"); params.addParam("scope", scope); params.addParam("redirect_uri", redirectUri(rc)); String state = new TokenGenerator(secureRandom).create(15); params.addParam("state", state); rc.response().headers().add(SET_COOKIE, io.vertx.ext.web.Cookie.cookie("state", state) .setHttpOnly(true) .setSecure(redirectUri(rc).startsWith("https")).encode()); rc.response().end(new JsonObject() .put("authenticated", false) .put("loginUrl", authUrl + params).encode()); } }; }
private void createNewSession(RoutingContext context) { Session session = sessionStore.createSession(sessionTimeout, minLength); context.setSession(session); Cookie cookie = Cookie.cookie(sessionCookieName, session.value()); cookie.setPath(sessionCookiePath); cookie.setSecure(sessionCookieSecure); cookie.setHttpOnly(sessionCookieHttpOnly); // Don't set max age - it's a session cookie context.addCookie(cookie); addStoreSessionHandler(context); } }
private void createNewSession(RoutingContext context) { Session session = sessionStore.createSession(sessionTimeout, minLength); context.setSession(session); Cookie cookie = Cookie.cookie(sessionCookieName, session.id()); cookie.setPath(sessionCookiePath); cookie.setSecure(sessionCookieSecure); cookie.setHttpOnly(sessionCookieHttpOnly); // Don't set max age - it's a session cookie context.addCookie(cookie); addStoreSessionHandler(context); }
private void createNewSession(RoutingContext context) { Session session = sessionStore.createSession(sessionTimeout, minLength); context.setSession(session); Cookie cookie = Cookie.cookie(sessionCookieName, session.id()); cookie.setPath(sessionCookiePath); cookie.setSecure(sessionCookieSecure); cookie.setHttpOnly(sessionCookieHttpOnly); // Don't set max age - it's a session cookie context.addCookie(cookie); addStoreSessionHandler(context); }
.setPath(sessionCookiePath) .setSecure(sessionCookieSecure) .setHttpOnly(sessionCookieHttpOnly);
.setHttpOnly(sessionCookieHttpOnly);
sessionToken).setHttpOnly(true) .setSecure(redirectUri(rc).startsWith("https")); io.vertx.ext.web.Cookie xsrfCookie = io.vertx.ext.web.Cookie.cookie("XSRF-TOKEN",
.setPath(sessionCookiePath) .setSecure(sessionCookieSecure) .setHttpOnly(sessionCookieHttpOnly);
sessionToken).setHttpOnly(true) .setSecure(redirectUri(rc).startsWith("https")); io.vertx.ext.web.Cookie xsrfCookie = io.vertx.ext.web.Cookie.cookie("XSRF-TOKEN",
@Test public void testCookieFields() throws Exception { Cookie cookie = Cookie.cookie("foo", "bar"); assertEquals("foo", cookie.getName()); assertEquals("bar", cookie.getValue()); assertEquals("foo=bar", cookie.encode()); assertNull(cookie.getPath()); cookie.setPath("/somepath"); assertEquals("/somepath", cookie.getPath()); assertEquals("foo=bar; Path=/somepath", cookie.encode()); assertNull(cookie.getDomain()); cookie.setDomain("foo.com"); assertEquals("foo.com", cookie.getDomain()); assertEquals("foo=bar; Path=/somepath; Domain=foo.com", cookie.encode()); long maxAge = 30 * 60; cookie.setMaxAge(maxAge); long now = System.currentTimeMillis(); String encoded = cookie.encode(); int startPos = encoded.indexOf("Expires="); int endPos = encoded.indexOf(';', startPos); String expiresDate = encoded.substring(startPos + 8, endPos); Date d = dateTimeFormat.parse(expiresDate); assertTrue(d.getTime() - now >= maxAge); cookie.setMaxAge(Long.MIN_VALUE); cookie.setSecure(true); assertEquals("foo=bar; Path=/somepath; Domain=foo.com; Secure", cookie.encode()); cookie.setHttpOnly(true); assertEquals("foo=bar; Path=/somepath; Domain=foo.com; Secure; HTTPOnly", cookie.encode()); }
.setHttpOnly(true) .setPath(rc.mountPoint() + "/") .setSecure(redirectUri(rc).startsWith("https")).encode()); .setHttpOnly(true) .setPath(rc.mountPoint() + "/") .setSecure(redirectUri(rc).startsWith("https")).encode()); .setHttpOnly(true) .setPath(rc.mountPoint() + "/") .setSecure(redirectUri(rc).startsWith("https")).encode());
.setHttpOnly(true) .setPath(rc.mountPoint() + "/") .setSecure(redirectUri(rc).startsWith("https")).encode()); .setHttpOnly(true) .setPath(rc.mountPoint() + "/") .setSecure(redirectUri(rc).startsWith("https")).encode());