Example 16 with SessionCookieConfig
use of javax.servlet.SessionCookieConfig in project felix by apache.
the class JettyService method configureSessionManager.
private void configureSessionManager(final ServletContextHandler context) throws Exception {
final SessionHandler sessionHandler = context.getSessionHandler();
sessionHandler.setMaxInactiveInterval(this.config.getSessionTimeout() * 60);
sessionHandler.setSessionIdPathParameterName(this.config.getProperty(JettyConfig.FELIX_JETTY_SERVLET_SESSION_ID_PATH_PARAMETER_NAME, SessionHandler.__DefaultSessionIdPathParameterName));
sessionHandler.setCheckingRemoteSessionIdEncoding(this.config.getBooleanProperty(JettyConfig.FELIX_JETTY_SERVLET_CHECK_REMOTE_SESSION_ENCODING, true));
sessionHandler.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.COOKIE));
final SessionCookieConfig cookieConfig = sessionHandler.getSessionCookieConfig();
cookieConfig.setName(this.config.getProperty(JettyConfig.FELIX_JETTY_SERVLET_SESSION_COOKIE_NAME, SessionHandler.__DefaultSessionCookie));
cookieConfig.setDomain(this.config.getProperty(JettyConfig.FELIX_JETTY_SERVLET_SESSION_DOMAIN, SessionHandler.__DefaultSessionDomain));
cookieConfig.setPath(this.config.getProperty(JettyConfig.FELIX_JETTY_SERVLET_SESSION_PATH, context.getContextPath()));
cookieConfig.setMaxAge(this.config.getIntProperty(JettyConfig.FELIX_JETTY_SERVLET_SESSION_MAX_AGE, -1));
cookieConfig.setHttpOnly(this.config.getBooleanProperty(JettyConfig.FELIX_JETTY_SESSION_COOKIE_HTTP_ONLY, true));
cookieConfig.setSecure(this.config.getBooleanProperty(JettyConfig.FELIX_JETTY_SESSION_COOKIE_SECURE, false));
}
Also used :
SessionHandler(org.eclipse.jetty.server.session.SessionHandler)
SessionCookieConfig(javax.servlet.SessionCookieConfig)
Example 17 with SessionCookieConfig
use of javax.servlet.SessionCookieConfig in project Payara by payara.
the class Request method configureSessionCookie.
/**
* Configures the given JSESSIONID cookie.
*
* @param cookie The JSESSIONID cookie to be configured
*/
protected void configureSessionCookie(Cookie cookie) {
cookie.setHttpOnly(true);
cookie.setMaxAge(-1);
String contextPath = null;
// START GlassFish 1024
if (isDefaultContext) {
cookie.setPath("/");
} else {
// END GlassFish 1024
if (context != null) {
// START OF SJSAS 6231069
contextPath = context.getPath();
// END OF SJSAS 6231069
}
if (contextPath != null && contextPath.length() > 0) {
cookie.setPath(contextPath);
} else {
cookie.setPath("/");
}
// START GlassFish 1024
}
// END GlassFish 1024
if (isSecure()) {
cookie.setSecure(true);
}
// sessionCookieConfig
if (context != null) {
SessionCookieConfig sessionCookieConfig = context.getSessionCookieConfig();
if (sessionCookieConfig.getDomain() != null) {
cookie.setDomain(sessionCookieConfig.getDomain());
}
if (sessionCookieConfig.getPath() != null) {
cookie.setPath(sessionCookieConfig.getPath());
}
if (sessionCookieConfig.getComment() != null) {
cookie.setVersion(1);
cookie.setComment(sessionCookieConfig.getComment());
}
// do nothing if it is already secure
if (!cookie.getSecure()) {
cookie.setSecure(sessionCookieConfig.isSecure());
}
cookie.setHttpOnly(sessionCookieConfig.isHttpOnly());
cookie.setMaxAge(sessionCookieConfig.getMaxAge());
}
if (requestedSessionCookiePath != null) {
cookie.setPath(requestedSessionCookiePath);
}
}
Also used :
SessionCookieConfig(javax.servlet.SessionCookieConfig)
Example 18 with SessionCookieConfig
use of javax.servlet.SessionCookieConfig in project tomcat70 by apache.
the class WebXml method configureContext.
/**
* Configure a {@link Context} using the stored web.xml representation.
*
* @param context The context to be configured
*/
public void configureContext(Context context) {
// As far as possible, process in alphabetical order so it is easy to
// check everything is present
// Some validation depends on correct public ID
context.setPublicId(publicId);
// Everything else in order
context.setEffectiveMajorVersion(getMajorVersion());
context.setEffectiveMinorVersion(getMinorVersion());
for (Entry<String, String> entry : contextParams.entrySet()) {
context.addParameter(entry.getKey(), entry.getValue());
}
context.setDisplayName(displayName);
context.setDistributable(distributable);
for (ContextLocalEjb ejbLocalRef : ejbLocalRefs.values()) {
context.getNamingResources().addLocalEjb(ejbLocalRef);
}
for (ContextEjb ejbRef : ejbRefs.values()) {
context.getNamingResources().addEjb(ejbRef);
}
for (ContextEnvironment environment : envEntries.values()) {
context.getNamingResources().addEnvironment(environment);
}
for (ErrorPage errorPage : errorPages.values()) {
context.addErrorPage(errorPage);
}
for (FilterDef filter : filters.values()) {
if (filter.getAsyncSupported() == null) {
filter.setAsyncSupported("false");
}
context.addFilterDef(filter);
}
for (FilterMap filterMap : filterMaps) {
context.addFilterMap(filterMap);
}
for (JspPropertyGroup jspPropertyGroup : jspPropertyGroups) {
JspPropertyGroupDescriptor descriptor = new ApplicationJspPropertyGroupDescriptor(jspPropertyGroup);
context.getJspConfigDescriptor().getJspPropertyGroups().add(descriptor);
}
for (String listener : listeners) {
context.addApplicationListener(listener);
}
for (Entry<String, String> entry : localeEncodingMappings.entrySet()) {
context.addLocaleEncodingMappingParameter(entry.getKey(), entry.getValue());
}
// Prevents IAE
if (loginConfig != null) {
context.setLoginConfig(loginConfig);
}
for (MessageDestinationRef mdr : messageDestinationRefs.values()) {
context.getNamingResources().addMessageDestinationRef(mdr);
}
// messageDestinations were ignored in Tomcat 6, so ignore here
context.setIgnoreAnnotations(metadataComplete);
for (Entry<String, String> entry : mimeMappings.entrySet()) {
context.addMimeMapping(entry.getKey(), entry.getValue());
}
// Name is just used for ordering
for (ContextResourceEnvRef resource : resourceEnvRefs.values()) {
context.getNamingResources().addResourceEnvRef(resource);
}
for (ContextResource resource : resourceRefs.values()) {
context.getNamingResources().addResource(resource);
}
for (SecurityConstraint constraint : securityConstraints) {
context.addConstraint(constraint);
}
for (String role : securityRoles) {
context.addSecurityRole(role);
}
for (ContextService service : serviceRefs.values()) {
context.getNamingResources().addService(service);
}
for (ServletDef servlet : servlets.values()) {
Wrapper wrapper = context.createWrapper();
if (servlet.getLoadOnStartup() != null) {
wrapper.setLoadOnStartup(servlet.getLoadOnStartup().intValue());
}
if (servlet.getEnabled() != null) {
wrapper.setEnabled(servlet.getEnabled().booleanValue());
}
wrapper.setName(servlet.getServletName());
Map<String, String> params = servlet.getParameterMap();
for (Entry<String, String> entry : params.entrySet()) {
wrapper.addInitParameter(entry.getKey(), entry.getValue());
}
wrapper.setRunAs(servlet.getRunAs());
Set<SecurityRoleRef> roleRefs = servlet.getSecurityRoleRefs();
for (SecurityRoleRef roleRef : roleRefs) {
wrapper.addSecurityReference(roleRef.getName(), roleRef.getLink());
}
wrapper.setServletClass(servlet.getServletClass());
MultipartDef multipartdef = servlet.getMultipartDef();
if (multipartdef != null) {
if (multipartdef.getMaxFileSize() != null && multipartdef.getMaxRequestSize() != null && multipartdef.getFileSizeThreshold() != null) {
wrapper.setMultipartConfigElement(new MultipartConfigElement(multipartdef.getLocation(), Long.parseLong(multipartdef.getMaxFileSize()), Long.parseLong(multipartdef.getMaxRequestSize()), Integer.parseInt(multipartdef.getFileSizeThreshold())));
} else {
wrapper.setMultipartConfigElement(new MultipartConfigElement(multipartdef.getLocation()));
}
}
if (servlet.getAsyncSupported() != null) {
wrapper.setAsyncSupported(servlet.getAsyncSupported().booleanValue());
}
wrapper.setOverridable(servlet.isOverridable());
context.addChild(wrapper);
}
for (Entry<String, String> entry : servletMappings.entrySet()) {
context.addServletMapping(entry.getKey(), entry.getValue());
}
if (sessionConfig != null) {
if (sessionConfig.getSessionTimeout() != null) {
context.setSessionTimeout(sessionConfig.getSessionTimeout().intValue());
}
SessionCookieConfig scc = context.getServletContext().getSessionCookieConfig();
scc.setName(sessionConfig.getCookieName());
scc.setDomain(sessionConfig.getCookieDomain());
scc.setPath(sessionConfig.getCookiePath());
scc.setComment(sessionConfig.getCookieComment());
if (sessionConfig.getCookieHttpOnly() != null) {
scc.setHttpOnly(sessionConfig.getCookieHttpOnly().booleanValue());
}
if (sessionConfig.getCookieSecure() != null) {
scc.setSecure(sessionConfig.getCookieSecure().booleanValue());
}
if (sessionConfig.getCookieMaxAge() != null) {
scc.setMaxAge(sessionConfig.getCookieMaxAge().intValue());
}
if (sessionConfig.getSessionTrackingModes().size() > 0) {
context.getServletContext().setSessionTrackingModes(sessionConfig.getSessionTrackingModes());
}
}
for (Entry<String, String> entry : taglibs.entrySet()) {
TaglibDescriptor descriptor = new ApplicationTaglibDescriptor(entry.getValue(), entry.getKey());
context.getJspConfigDescriptor().getTaglibs().add(descriptor);
}
for (String welcomeFile : welcomeFiles) {
/*
* The following will result in a welcome file of "" so don't add
* that to the context
* <welcome-file-list>
* <welcome-file/>
* </welcome-file-list>
*/
if (welcomeFile != null && welcomeFile.length() > 0) {
context.addWelcomeFile(welcomeFile);
}
}
// Do this last as it depends on servlets
for (JspPropertyGroup jspPropertyGroup : jspPropertyGroups) {
String jspServletName = context.findServletMapping("*.jsp");
if (jspServletName == null) {
jspServletName = "jsp";
}
if (context.findChild(jspServletName) != null) {
for (String urlPattern : jspPropertyGroup.getUrlPatterns()) {
context.addServletMapping(urlPattern, jspServletName, true);
}
} else {
if (log.isDebugEnabled()) {
for (String urlPattern : jspPropertyGroup.getUrlPatterns()) {
log.debug("Skiping " + urlPattern + " , no servlet " + jspServletName);
}
}
}
}
for (Entry<String, String> entry : postConstructMethods.entrySet()) {
context.addPostConstructMethod(entry.getKey(), entry.getValue());
}
for (Entry<String, String> entry : preDestroyMethods.entrySet()) {
context.addPreDestroyMethod(entry.getKey(), entry.getValue());
}
}
Also used :
ApplicationJspPropertyGroupDescriptor(org.apache.catalina.core.ApplicationJspPropertyGroupDescriptor)
JspPropertyGroupDescriptor(javax.servlet.descriptor.JspPropertyGroupDescriptor)
SessionCookieConfig(javax.servlet.SessionCookieConfig)
ApplicationTaglibDescriptor(org.apache.catalina.core.ApplicationTaglibDescriptor)
Wrapper(org.apache.catalina.Wrapper)
ApplicationJspPropertyGroupDescriptor(org.apache.catalina.core.ApplicationJspPropertyGroupDescriptor)
MultipartConfigElement(javax.servlet.MultipartConfigElement)
TaglibDescriptor(javax.servlet.descriptor.TaglibDescriptor)
ApplicationTaglibDescriptor(org.apache.catalina.core.ApplicationTaglibDescriptor)
Example 19 with SessionCookieConfig
use of javax.servlet.SessionCookieConfig in project tomcat70 by apache.
the class ApplicationSessionCookieConfig method createSessionCookie.
/**
* Creates a new session cookie for the given session ID
*
* @param context The Context for the web application
* @param sessionId The ID of the session for which the cookie will be
* created
* @param secure Should session cookie be configured as secure
*/
public static Cookie createSessionCookie(Context context, String sessionId, boolean secure) {
SessionCookieConfig scc = context.getServletContext().getSessionCookieConfig();
// NOTE: The priority order for session cookie configuration is:
// 1. Context level configuration
// 2. Values from SessionCookieConfig
// 3. Defaults
Cookie cookie = new Cookie(SessionConfig.getSessionCookieName(context), sessionId);
// Just apply the defaults.
cookie.setMaxAge(scc.getMaxAge());
cookie.setComment(scc.getComment());
if (context.getSessionCookieDomain() == null) {
// Avoid possible NPE
if (scc.getDomain() != null) {
cookie.setDomain(scc.getDomain());
}
} else {
cookie.setDomain(context.getSessionCookieDomain());
}
// Always set secure if the request is secure
if (scc.isSecure() || secure) {
cookie.setSecure(true);
}
// Always set httpOnly if the context is configured for that
if (scc.isHttpOnly() || context.getUseHttpOnly()) {
cookie.setHttpOnly(true);
}
String contextPath = context.getSessionCookiePath();
if (contextPath == null || contextPath.length() == 0) {
contextPath = scc.getPath();
}
if (contextPath == null || contextPath.length() == 0) {
contextPath = context.getEncodedPath();
}
if (context.getSessionCookiePathUsesTrailingSlash()) {
// sent for requests with a path of /foobar
if (!contextPath.endsWith("/")) {
contextPath = contextPath + "/";
}
} else {
// path of '/' but the servlet spec uses an empty string
if (contextPath.length() == 0) {
contextPath = "/";
}
}
cookie.setPath(contextPath);
return cookie;
}
Also used :
Cookie(javax.servlet.http.Cookie)
SessionCookieConfig(javax.servlet.SessionCookieConfig)
Example 20 with SessionCookieConfig
use of javax.servlet.SessionCookieConfig in project traccar by tananaev.
the class WebServer method initSessionConfig.
private void initSessionConfig(Config config, ServletContextHandler servletHandler) {
if (config.getBoolean(Keys.WEB_PERSIST_SESSION)) {
DatabaseAdaptor databaseAdaptor = new DatabaseAdaptor();
databaseAdaptor.setDatasource(Context.getDataManager().getDataSource());
JDBCSessionDataStoreFactory jdbcSessionDataStoreFactory = new JDBCSessionDataStoreFactory();
jdbcSessionDataStoreFactory.setDatabaseAdaptor(databaseAdaptor);
SessionHandler sessionHandler = servletHandler.getSessionHandler();
SessionCache sessionCache = new DefaultSessionCache(sessionHandler);
sessionCache.setSessionDataStore(jdbcSessionDataStoreFactory.getSessionDataStore(sessionHandler));
sessionHandler.setSessionCache(sessionCache);
}
int sessionTimeout = config.getInteger(Keys.WEB_SESSION_TIMEOUT);
if (sessionTimeout > 0) {
servletHandler.getSessionHandler().setMaxInactiveInterval(sessionTimeout);
}
String sameSiteCookie = config.getString(Keys.WEB_SAME_SITE_COOKIE);
if (sameSiteCookie != null) {
SessionCookieConfig sessionCookieConfig = servletHandler.getServletContext().getSessionCookieConfig();
switch(sameSiteCookie.toLowerCase()) {
case "lax":
sessionCookieConfig.setComment(HttpCookie.SAME_SITE_LAX_COMMENT);
break;
case "strict":
sessionCookieConfig.setComment(HttpCookie.SAME_SITE_STRICT_COMMENT);
break;
case "none":
sessionCookieConfig.setSecure(true);
sessionCookieConfig.setComment(HttpCookie.SAME_SITE_NONE_COMMENT);
break;
default:
break;
}
}
}
Also used :
DatabaseAdaptor(org.eclipse.jetty.server.session.DatabaseAdaptor)
SessionHandler(org.eclipse.jetty.server.session.SessionHandler)
DefaultSessionCache(org.eclipse.jetty.server.session.DefaultSessionCache)
SessionCookieConfig(javax.servlet.SessionCookieConfig)
DefaultSessionCache(org.eclipse.jetty.server.session.DefaultSessionCache)
SessionCache(org.eclipse.jetty.server.session.SessionCache)
JDBCSessionDataStoreFactory(org.eclipse.jetty.server.session.JDBCSessionDataStoreFactory)
Aggregations
SessionCookieConfig (javax.servlet.SessionCookieConfig)20
HashMap (java.util.HashMap)4
SessionHandler (org.eclipse.jetty.server.session.SessionHandler)4
ServletContext (javax.servlet.ServletContext)3
Field (java.lang.reflect.Field)2
Map (java.util.Map)2
JspPropertyGroupDescriptor (javax.servlet.descriptor.JspPropertyGroupDescriptor)2
TaglibDescriptor (javax.servlet.descriptor.TaglibDescriptor)2
TranslatableMessage (com.serotonin.m2m2.i18n.TranslatableMessage)1
WebSessionCookieConfig (com.sun.enterprise.web.session.WebSessionCookieConfig)1
File (java.io.File)1
FileInputStream (java.io.FileInputStream)1
FileOutputStream (java.io.FileOutputStream)1
FileWriter (java.io.FileWriter)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
OutputStream (java.io.OutputStream)1
StringReader (java.io.StringReader)1
Writer (java.io.Writer)1
ManagementFactory (java.lang.management.ManagementFactory)1
