String param = request.getParameter("param"); String value = request.getParameter("value"); PrintWriter out = response.getWriter(); case SET: session = request.getSession(); session.setAttribute(param, value); break; case SET_MAX_INACTIVE: session = request.getSession(); session.setMaxInactiveInterval(Integer.valueOf(value)); break; case GET: session = request.getSession(); String val = (String) session.getAttribute(param); if (val != null) { out.write(val); session = request.getSession(); session.invalidate(); break; case CALLBACK: Callback c = (Callback) context.getAttribute("callback"); c.call(request, response); break;
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (!SessionUtils.hasAuthenticationToken(request)) { LOGGER.debug("Authentication token is not created for the request."); filterChain.doFilter(request, response); return; } final AuthenticationToken<?> authenticationToken = SessionUtils.getAuthenticationToken(request); Assert.notNull(authenticationToken); synchronized (request.getSession(false).getId().intern()) { long localCopyOfLastChangedTime = lastChangedTime;//This is so that the volatile variable is accessed only once. Long previousLastChangedTime = (Long) request.getSession().getAttribute(SECURITY_CONFIG_LAST_CHANGE); if (previousLastChangedTime == null) { request.getSession().setAttribute(SECURITY_CONFIG_LAST_CHANGE, localCopyOfLastChangedTime); } else if (previousLastChangedTime < localCopyOfLastChangedTime) { request.getSession().setAttribute(SECURITY_CONFIG_LAST_CHANGE, localCopyOfLastChangedTime); LOGGER.debug("Invalidating existing token {}", authenticationToken); authenticationToken.invalidate(); } } filterChain.doFilter(request, response); }
/** * Set the session attribute with the given name to the given value. * Removes the session attribute if value is null, if a session existed at all. * Does not create a new session if not necessary! * @param request current HTTP request * @param name the name of the session attribute * @param value the value of the session attribute */ public static void setSessionAttribute(HttpServletRequest request, String name, @Nullable Object value) { Assert.notNull(request, "Request must not be null"); if (value != null) { request.getSession().setAttribute(name, value); } else { HttpSession session = request.getSession(false); if (session != null) { session.removeAttribute(name); } } }
public FakeHttpSession(HttpSession session) { this(session.getId(), session.getServletContext(), session.getLastAccessedTime(), session.getMaxInactiveInterval()); copyAttributes(session); }
@Override public boolean toggleCollapsed(String paneId) { final HttpSession session = Stapler.getCurrentRequest().getSession(); final String property = format(attribute, paneId); final Object collapsed = session.getAttribute(property); if (collapsed == null) { session.setAttribute(property, true); return true; } session.removeAttribute(property); return false; } }
public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String contextPath = request.getContextPath(); String servletPath = request.getServletPath(); String requestURI = request.getRequestURI(); response.setCharacterEncoding("utf-8"); String passwordParam = request.getParameter(PARAM_NAME_PASSWORD); if (username.equals(usernameParam) && password.equals(passwordParam)) { request.getSession().setAttribute(SESSION_USER_KEY, username); response.getWriter().print("success"); } else { response.getWriter().print("error"); fullUrl += "?" + request.getQueryString(); response.getWriter().print(process(fullUrl)); return;
HttpServletResponse httpResponse = (HttpServletResponse) response; try { HttpSession session = ((HttpServletRequest) request).getSession(false); Long userId = null; if (session != null) { userId = (Long) session.getAttribute(SessionResource.USER_ID_KEY); if (userId != null) { Context.getPermissionsManager().checkUserEnabled(userId); httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); return; String path = ((HttpServletRequest) request).getPathInfo(); String[] parts = path.split("/"); if (parts.length < 2 || parts.length == 2 && !path.endsWith("/")) { Context.getPermissionsManager().checkDevice(userId, device.getId()); } else { httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND); return; chain.doFilter(request, response); } catch (SecurityException e) { httpResponse.setStatus(HttpServletResponse.SC_FORBIDDEN); httpResponse.getWriter().println(Log.exceptionStack(e)); } catch (SQLException e) { httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST); httpResponse.getWriter().println(Log.exceptionStack(e));
@Override protected void doFilter(final HttpServletRequest request, final HttpServletResponse response, final FilterChain filterChain) throws IOException, ServletException { try { final JSONObject json = new JSONObject(); response.setContentType("application/json"); final String sessionId = (String) request.getSession().getAttribute("setup-session-id"); final InstantSetupStrategy.Step step = InstantSetupStrategy.Step.valueOf(request.getParameter("askingAboutStep").toUpperCase()); populateJsonWithSetupStatus(json, AsynchronousJiraSetupFactory.getInstance().getStatusOnceStepIsDone(sessionId, step)); final String result = json.toString(); response.getWriter().write(result); response.getWriter().flush(); } catch (final JSONException e) { throw new ServletException(e); } }
String page = httpRequest.getParameter("page"); Map<String, Object> referenceMap = new HashMap<>(); if (httpRequest.getSession().getAttribute(FilterUtil.LOCALE_ATTRIBUTE) != null) { referenceMap .put(FilterUtil.LOCALE_ATTRIBUTE, httpRequest.getSession().getAttribute(FilterUtil.LOCALE_ATTRIBUTE)); httpResponse.setContentType("text/html"); renderTemplate(REVIEW_CHANGES, referenceMap, httpResponse); return; httpRequest.getSession().setAttribute(FilterUtil.LOCALE_ATTRIBUTE, localeParameter); referenceMap.put(FilterUtil.LOCALE_ATTRIBUTE, localeParameter); throw new ServletException("Got interrupted while trying to sleep thread", e); httpResponse.setContentType("text/json"); httpResponse.setHeader("Cache-Control", "no-cache"); Map<String, Object> result = new HashMap<>(); if (updateJob != null) { httpResponse.getWriter().write(jsonText);
@Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { logger.debug("Export Get Action!"); try { Properties globalProps = (Properties) this.getServletContext().getAttribute("globalProps"); String zkServer = globalProps.getProperty("zkServer"); String[] zkServerLst = zkServer.split(","); String authRole = (String) request.getSession().getAttribute("authRole"); if (authRole == null) { authRole = ZooKeeperUtil.ROLE_USER; } String zkPath = request.getParameter("zkPath"); StringBuilder output = new StringBuilder(); output.append("#App Config Dashboard (ACD) dump created on :").append(new Date()).append("\n"); Set<LeafBean> leaves = ZooKeeperUtil.INSTANCE.exportTree(zkPath, ServletUtil.INSTANCE.getZookeeper(request, response, zkServerLst[0], globalProps), authRole); for (LeafBean leaf : leaves) { output.append(leaf.getPath()).append('=').append(leaf.getName()).append('=').append(ServletUtil.INSTANCE.externalizeNodeValue(leaf.getValue())).append('\n'); }// for all leaves response.setContentType("text/plain;charset=UTF-8"); try (PrintWriter out = response.getWriter()) { out.write(output.toString()); } } catch (InterruptedException | KeeperException ex) { logger.error(Arrays.toString(ex.getStackTrace())); ServletUtil.INSTANCE.renderError(request, response, ex.getMessage()); } } }
@Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; if (!request.getRequestURI().contains("/login") && !request.getRequestURI().contains("/acd/appconfig")) { RequestDispatcher dispatcher; HttpSession session = request.getSession(); if (session != null) { if (session.getAttribute("authName") == null || session.getAttribute("authRole") == null) { response.sendRedirect("/login"); return; } } else { request.setAttribute("fail_msg", "Session timed out!"); dispatcher = request.getRequestDispatcher("/Login"); dispatcher.forward(request, response); return; } } fc.doFilter(req, res); }
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { byte[] clientKeyStoreData = (byte[])request.getSession().getAttribute(CLIENT_KEYSTORE_DATA); request.getSession().removeAttribute(CLIENT_KEYSTORE_DATA); if (clientKeyStoreData == null) { throw new ServletException("No keystore file was specified."); } response.setContentType(MIME_TYPE); response.setContentLength(clientKeyStoreData.length); response.setHeader("Content-disposition", "attachment; filename="+extractFileName(request)); response.getOutputStream().write(clientKeyStoreData); response.getOutputStream().close(); }
private void showErrorPage(String errorMessage, Throwable cause, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { if (null == cause) { LOG.error("Error: " + errorMessage); } else { LOG.error("Error: " + errorMessage, cause); } if (null != this.errorMessageSessionAttribute) { request.getSession().setAttribute( this.errorMessageSessionAttribute, errorMessage); } if (null != this.errorPage) { response.sendRedirect(request.getContextPath() + this.errorPage); } else { throw new ServletException(errorMessage, cause); } }
String authRole = (String) request.getSession().getAttribute("authRole"); request.getSession().setAttribute("flashMsg", "Node created!"); dao.insertHistory((String) request.getSession().getAttribute("authName"), request.getRemoteAddr(), "Creating node: " + currentPath + newNode); request.getSession().setAttribute("flashMsg", "Property Saved!"); if (ZooKeeperUtil.INSTANCE.checkIfPwdField(newProperty)) { newValue = ZooKeeperUtil.INSTANCE.SOPA_PIPA; dao.insertHistory((String) request.getSession().getAttribute("authName"), request.getRemoteAddr(), "Saving Property: " + currentPath + "," + newProperty + "=" + newValue); request.getSession().setAttribute("flashMsg", "Property Updated!"); if (ZooKeeperUtil.INSTANCE.checkIfPwdField(newProperty)) { newValue = ZooKeeperUtil.INSTANCE.SOPA_PIPA; dao.insertHistory((String) request.getSession().getAttribute("authName"), request.getRemoteAddr(), "Updating Property: " + currentPath + "," + newProperty + "=" + newValue); List delPropLst = Arrays.asList(prop); ZooKeeperUtil.INSTANCE.deleteLeaves(delPropLst, ServletUtil.INSTANCE.getZookeeper(request, response, zkServerLst[0], globalProps)); request.getSession().setAttribute("flashMsg", "Delete Completed!"); dao.insertHistory((String) request.getSession().getAttribute("authName"), request.getRemoteAddr(), "Deleting Property: " + delPropLst.toString()); List delNodeLst = Arrays.asList(node); ZooKeeperUtil.INSTANCE.deleteFolders(delNodeLst, ServletUtil.INSTANCE.getZookeeper(request, response, zkServerLst[0], globalProps)); request.getSession().setAttribute("flashMsg", "Delete Completed!"); dao.insertHistory((String) request.getSession().getAttribute("authName"), request.getRemoteAddr(), "Deleting Nodes: " + delNodeLst.toString());
HttpSession session = request.getSession(); chain.doFilter(req, res); return; session.setAttribute(LOGIN_HINT, loginHint); } else { session.removeAttribute(LOGIN_HINT); response.sendRedirect(uriBuilder.toString()); return; response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied"); return; response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied"); return; if (session.getAttribute(PROMPTED) == null) { session.setAttribute(PROMPT_REQUESTED, Boolean.TRUE); session.removeAttribute(PROMPTED); chain.doFilter(req, res); Date authTime = (Date) session.getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP);
@Override public void authenticate(HttpServletRequest request, HttpServletResponse response, FilterChain chain, String authStateValue, String returnUri) throws IOException, ServletException { CasUser casUser = (CasUser) request.getSession().getAttribute(PostCasAuthenticationFilter.POST_CAS_AUTHENTICATION_INFO); if (casUser == null) { String uri = request.getRequestURI(); String queryString = request.getQueryString(); request.getSession().setAttribute(PostCasAuthenticationFilter.REDIRECT_URL, uri + "?" + queryString); response.sendRedirect("/cas"); return; } else { AuthenticatedPrincipal principal = new AuthenticatedPrincipal(casUser.getUid()); principal.setAdminPrincipal(casUser.isAdmin); super.setPrincipal(request, principal); super.setAuthStateValue(request, authStateValue); chain.doFilter(request, response); } } }
@Override public void call(HttpServletRequest request, HttpServletResponse response) throws IOException { HttpSession session = request.getSession(); // Hack to expose the session to our test context session.getServletContext().setAttribute("session", session); session.setAttribute("lastAccessTime", session.getLastAccessedTime()); try { Thread.sleep(100); } catch (InterruptedException ex) { } session.setAttribute("somethingElse", 1); request.getSession(); response.getWriter().write("done"); } };
@Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { boolean reAuthenticationRequired = false; HashMap<String, String[]> requestParams = new HashMap<>(request.getParameterMap()); if ("login".equals(request.getParameter("prompt"))) { reAuthenticationRequired = true; requestParams.remove("prompt"); } if (request.getParameter("max_age") != null && SecurityContextHolder.getContext().getAuthentication() instanceof UaaAuthentication) { UaaAuthentication auth = (UaaAuthentication) SecurityContextHolder.getContext().getAuthentication(); if ((System.currentTimeMillis() - auth.getAuthenticatedTime()) > (Long.valueOf(request.getParameter("max_age"))*1000)) { reAuthenticationRequired = true; requestParams.remove("max_age"); } } if (reAuthenticationRequired) { request.getSession().invalidate(); sendRedirect(request.getRequestURL().toString(), requestParams, request, response); } else { filterChain.doFilter(request, response); } }
@WebFilter("/*") public class LoginFilter implements Filter { @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; HttpSession session = request.getSession(false); String loginURI = request.getContextPath() + "/login"; boolean loggedIn = session != null && session.getAttribute("user") != null; boolean loginRequest = request.getRequestURI().equals(loginURI); if (loggedIn || loginRequest) { chain.doFilter(request, response); } else { response.sendRedirect(loginURI); } } // ... }
String requestURI; synchronized(requests) { sessionId = ((HttpServletRequest) request).getSession().getId(); requestURI = ((HttpServletRequest) request).getRequestURI(); if (requests.containsKey(sessionId) && requests.get(sessionId).contains(requestURI)) { ((HttpServletResponse) response).setStatus(HttpServletResponse.SC_NO_CONTENT); return; chain.doFilter(request, response); } finally { synchronized (requests) { chain.doFilter(request, response);