response.setHeader(HttpHeader.LAST_MODIFIED.asString(), ""); // not really the best wqy to remove this header but there is no other option if(expiresSeconds == 0){ response.setHeader(HttpHeader.CACHE_CONTROL.asString(), "public, no-store, max-age=" + Integer.toString(expiresSeconds)); response.setHeader(HttpHeader.CACHE_CONTROL.asString(), "public, max-age=" + Integer.toString(expiresSeconds)); response.setDateHeader(HttpHeader.EXPIRES.asString(), System.currentTimeMillis() + expiresSeconds * 1000);
private static String runRequestAndGetHstsHeaderValue( URI baseUri ) throws Exception { return runRequestAndGetHeaderValue( baseUri, STRICT_TRANSPORT_SECURITY.asString() ); }
private static String runRequestAndGetHeaderValue( URI baseUri, String header ) throws Exception { List<String> values = runRequestAndGetHeaderValues( baseUri, header ); if ( values.isEmpty() ) { return null; } else if ( values.size() == 1 ) { return values.get( 0 ); } else { throw new IllegalStateException( "Unexpected number of " + STRICT_TRANSPORT_SECURITY.asString() + " header values: " + values ); } }
private static void testNoJettyVersionInResponseHeaders( URI baseUri ) throws Exception { Map<String,List<String>> headers = runRequestAndGetHeaders( baseUri ); assertNull( headers.get( SERVER.asString() ) ); // no 'Server' header for ( List<String> values : headers.values() ) { assertFalse( values.stream().anyMatch( value -> value.toLowerCase().contains( "jetty" ) ) ); // no 'jetty' in other header values } }
HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString()); return Authentication.UNAUTHENTICATED; response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + _loginService.getName() + '"'); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); return Authentication.SEND_CONTINUE;
@Test public void testIncorrectUser() throws Exception { CloseableHttpClient httpclient = null; try { String username = "nouser"; String password = "aaaa"; httpclient = HttpClients.createDefault(); HttpGet httpGet = new HttpGet("http://" + host + ":" + webUIPort); String authB64Code = B64Code.encode(username + ":" + password, StringUtil.__ISO_8859_1); httpGet.setHeader(HttpHeader.AUTHORIZATION.asString(), "Basic " + authB64Code); CloseableHttpResponse response = httpclient.execute(httpGet); Assert.assertTrue(response.toString().contains(Integer.toString(HttpURLConnection.HTTP_UNAUTHORIZED))); } finally { if (httpclient != null) { httpclient.close(); } } }
@Test public void testIncorrectPassword() throws Exception { CloseableHttpClient httpclient = null; try { String username = "user1"; String password = "aaaa"; httpclient = HttpClients.createDefault(); HttpGet httpGet = new HttpGet("http://" + host + ":" + webUIPort); String authB64Code = B64Code.encode(username + ":" + password, StringUtil.__ISO_8859_1); httpGet.setHeader(HttpHeader.AUTHORIZATION.asString(), "Basic " + authB64Code); CloseableHttpResponse response = httpclient.execute(httpGet); Assert.assertTrue(response.toString().contains(Integer.toString(HttpURLConnection.HTTP_UNAUTHORIZED))); } finally { if (httpclient != null) { httpclient.close(); } } }
@Test public void testAuthorizedConnection() throws Exception { CloseableHttpClient httpclient = null; try { String username = "user1"; String password = "1"; httpclient = HttpClients.createDefault(); HttpGet httpGet = new HttpGet("http://" + host + ":" + webUIPort); String authB64Code = B64Code.encode(username + ":" + password, StringUtil.__ISO_8859_1); httpGet.setHeader(HttpHeader.AUTHORIZATION.asString(), "Basic " + authB64Code); CloseableHttpResponse response = httpclient.execute(httpGet); Assert.assertTrue(response.toString().contains(Integer.toString(HttpURLConnection.HTTP_OK))); } finally { if (httpclient != null) { httpclient.close(); } } }
private void connect(final String clientId, String sessionId) throws IOException { connectionLock.lock(); try { final WebSocketMessageRouter router; try { router = routers.getRouterOrFail(clientId); } catch (WebSocketConfigurationException e) { throw new IllegalStateException("Failed to get router due to: " + e, e); } final RoutingWebSocketListener listener = new RoutingWebSocketListener(router); listener.setSessionId(sessionId); final ClientUpgradeRequest request = new ClientUpgradeRequest(); if (!StringUtils.isEmpty(authorizationHeader)) { request.setHeader(HttpHeader.AUTHORIZATION.asString(), authorizationHeader); } final Future<Session> connect = client.connect(listener, webSocketUri, request); getLogger().info("Connecting to : {}", new Object[]{webSocketUri}); final Session session; try { session = connect.get(connectionTimeoutMillis, TimeUnit.MILLISECONDS); } catch (Exception e) { throw new IOException("Failed to connect " + webSocketUri + " due to: " + e, e); } getLogger().info("Connected, session={}", new Object[]{session}); activeSessions.put(clientId, listener.getSessionId()); } finally { connectionLock.unlock(); } }
/** * Determines if provided auth scheme text from the Authorization header is case-insensitively * equal to {@code negotiate}. * * @param authScheme The auth scheme component of the Authorization header * @return True if the auth scheme component is case-insensitively equal to {@code negotiate}, False otherwise. */ boolean isAuthSchemeNegotiate(String authScheme) { if (authScheme == null || authScheme.length() != HttpHeader.NEGOTIATE.asString().length()) { return false; } // Headers should be treated case-insensitively, so we have to jump through some extra hoops. return authScheme.equalsIgnoreCase(HttpHeader.NEGOTIATE.asString()); }
private String getSpnegoToken(String header) { if (header == null) return null; String scheme = HttpHeader.NEGOTIATE.asString() + " "; if (header.regionMatches(true, 0, scheme, 0, scheme.length())) return header.substring(scheme.length()).trim(); return null; }
response.setHeader(HttpHeader.LAST_MODIFIED.asString(), ""); // not really the best wqy to remove this header but there is no other option if(expiresSeconds == 0){ response.setHeader(HttpHeader.CACHE_CONTROL.asString(), "public, no-store, max-age=" + Integer.toString(expiresSeconds)); response.setHeader(HttpHeader.CACHE_CONTROL.asString(), "public, max-age=" + Integer.toString(expiresSeconds)); response.setDateHeader(HttpHeader.EXPIRES.asString(), System.currentTimeMillis() + expiresSeconds * 1000);
String credentials = request.getHeader(HttpHeader.AUTHORIZATION.asString()); return Authentication.UNAUTHENTICATED; response.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + _loginService.getName() + '"'); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); return Authentication.SEND_CONTINUE;
HttpServletResponse res = (HttpServletResponse)response; String header = req.getHeader(HttpHeader.AUTHORIZATION.asString()); String authScheme = getAuthSchemeFromHeader(header); res.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), HttpHeader.NEGOTIATE.asString()); res.sendError(HttpServletResponse.SC_UNAUTHORIZED); return Authentication.SEND_CONTINUE;
response.setHeader(HttpHeader.CACHE_CONTROL.asString(),HttpHeaderValue.NO_CACHE.asString()); response.setDateHeader(HttpHeader.EXPIRES.asString(),1); dispatcher.forward(new FormRequest(request), new FormResponse(response)); response.setHeader(HttpHeader.CACHE_CONTROL.asString(),HttpHeaderValue.NO_CACHE.asString()); response.setDateHeader(HttpHeader.EXPIRES.asString(),1); dispatcher.forward(new FormRequest(request), new FormResponse(response));
HttpServletResponse response = (HttpServletResponse)res; String header = request.getHeader(HttpHeader.AUTHORIZATION.asString()); String spnegoToken = getSpnegoToken(header); HttpSession httpSession = request.getSession(false);
@Override public synchronized void onHeaders(Response response) { long length = response.getHeaders().getLongField(HttpHeader.CONTENT_LENGTH.asString()); if (length > maxLength) { response.abort(new ResponseTooLargeException()); } }
@Test public void respondShouldReturnCreatedWithTaskIdHeader() { Response response = mock(Response.class); TaskId taskId = new TaskId(UUID.fromString(UID_VALUE)); TaskIdDto.respond(response, taskId); verify(response).status(HttpStatus.CREATED_201); verify(response).header(LOCATION.asString(), "/tasks/" + UID_VALUE); verifyNoMoreInteractions(response); }