/** * Constructs a new {@code CookieRememberMeManager} with a default {@code rememberMe} cookie template. */ public CookieRememberMeManager() { Cookie cookie = new SimpleCookie(DEFAULT_REMEMBER_ME_COOKIE_NAME); cookie.setHttpOnly(true); //One year should be long enough - most sites won't object to requiring a user to log in if they haven't visited //in a year: cookie.setMaxAge(Cookie.ONE_YEAR); this.cookie = cookie; }
protected Cookie buildCookie(String name, int maxAge, String path, String domain, boolean secure) { Cookie cookie = new SimpleCookie(name); cookie.setHttpOnly(true); cookie.setMaxAge(maxAge); cookie.setPath(path); cookie.setDomain(domain); cookie.setSecure(secure); return cookie; }
public DefaultWebSessionManager() { Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME); cookie.setHttpOnly(true); //more secure, protects against XSS attacks this.sessionIdCookie = cookie; this.sessionIdCookieEnabled = true; this.sessionIdUrlRewritingEnabled = true; }
public void saveTo(HttpServletRequest request, HttpServletResponse response) { String name = getName(); String value = getValue(); String comment = getComment(); String domain = getDomain(); String path = calculatePath(request); int maxAge = getMaxAge(); int version = getVersion(); boolean secure = isSecure(); boolean httpOnly = isHttpOnly(); addCookieHeader(response, name, value, comment, domain, path, maxAge, version, secure, httpOnly); }
private String getSessionIdName() { String name = this.sessionIdCookie != null ? this.sessionIdCookie.getName() : null; if (name == null) { name = ShiroHttpSession.DEFAULT_SESSION_ID_NAME; } return name; }
/** * Encode the session identifier associated with this response * into the specified redirect URL, if necessary. * * @param url URL to be encoded */ public String encodeRedirectURL(String url) { if (isEncodeable(toAbsolute(url))) { return toEncoded(url, request.getSession().getId()); } else { return url; } }
/** * Wraps the original HttpServletRequest in a {@link ShiroHttpServletRequest}, which is required for supporting * Servlet Specification behavior backed by a {@link org.apache.shiro.subject.Subject Subject} instance. * * @param orig the original Servlet Container-provided incoming {@code HttpServletRequest} instance. * @return {@link ShiroHttpServletRequest ShiroHttpServletRequest} instance wrapping the original. * @since 1.0 */ protected ServletRequest wrapServletRequest(HttpServletRequest orig) { return new ShiroHttpServletRequest(orig, getServletContext(), isHttpSessions()); }
protected void applyInitParams() throws Exception { String config = getInitParam(CONFIG_INIT_PARAM_NAME); if (config != null) { setConfig(config); } String configPath = getInitParam(CONFIG_PATH_INIT_PARAM_NAME); if (configPath != null) { setConfigPath(configPath); } }
public Object call() throws Exception { updateSessionLastAccessTime(request, response); executeChain(request, response, chain); return null; } });
/** * Returns a new {@link ShiroHttpServletResponse} instance, wrapping the {@code orig} argument, in order to provide * correct URL rewriting behavior required by the Servlet Specification when using Shiro-based sessions (and not * Servlet Container HTTP-based sessions). * * @param orig the original {@code HttpServletResponse} instance provided by the Servlet Container. * @param request the {@code ShiroHttpServletRequest} instance wrapping the original request. * @return the wrapped ServletResponse instance to use during {@link FilterChain} execution. * @since 1.0 */ protected ServletResponse wrapServletResponse(HttpServletResponse orig, ShiroHttpServletRequest request) { return new ShiroHttpServletResponse(orig, getServletContext(), request); }
protected Ini loadIniFromPath() { Ini ini = null; String path = getConfigPath(); if (path != null) { ini = convertPathToIni(path); } return ini; }
protected Ini loadIniFromConfig() { Ini ini = null; String config = getConfig(); if (config != null) { ini = convertConfigToIni(config); } return ini; }
public void init() throws Exception { applyInitParams(); configure(); }
public FilterChain proxy(FilterChain orig) { return new ProxiedFilterChain(orig, this); }
public boolean isRequestedSessionIdFromUrl() { return isRequestedSessionIdFromURL(); }
public Object getValue(String s) { return getAttribute(s); }
public String encodeRedirectUrl(String s) { return encodeRedirectURL(s); }
public String encodeUrl(String s) { return encodeURL(s); }
public void removeValue(String s) { removeAttribute(s); }
public HttpSession getSession() { return getSession(true); }