Example 71 with HttpSession
use of javax.servlet.http.HttpSession in project jodd by oblac.
the class AuthTag method doTag.
@Override
public void doTag() throws JspException {
PageContext pageContext = ((PageContext) getJspContext());
HttpServletRequest request = (HttpServletRequest) pageContext.getRequest();
HttpSession httpSession = request.getSession();
Object userSession = AuthUtil.getUserSession(httpSession);
boolean invokeBody = (userSession != null) ? auth : !auth;
if (invokeBody) {
TagUtil.invokeBody(getJspBody());
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
PageContext(javax.servlet.jsp.PageContext)
Example 72 with HttpSession
use of javax.servlet.http.HttpSession in project jodd by oblac.
the class AuthorizationInterceptor method intercept.
public Object intercept(ActionRequest actionRequest) throws Exception {
HttpServletRequest servletRequest = actionRequest.getHttpServletRequest();
HttpServletResponse servletResponse = actionRequest.getHttpServletResponse();
HttpSession session = servletRequest.getSession();
Object userSession = AuthUtil.getUserSession(session);
if (log.isDebugEnabled()) {
log.debug("authorize user: " + userSession);
}
if (!authorize(actionRequest, userSession)) {
if (log.isInfoEnabled()) {
log.info("access denied for: " + userSession);
}
servletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
if (userSession != null) {
return resultAccessDenied();
} else {
return resultLogin(DispatcherUtil.getUrl(servletRequest));
}
}
if (log.isInfoEnabled()) {
log.info("access granted for: " + userSession);
}
return actionRequest.invoke();
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Example 73 with HttpSession
use of javax.servlet.http.HttpSession in project jodd by oblac.
the class RemoveSessionFromUrlFilter method doFilter.
/**
* Filters requests to remove URL-based session identifiers.
*/
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
if (isRequestedSessionIdFromURL(httpRequest)) {
HttpSession session = httpRequest.getSession(false);
if (session != null) {
// clear session if session id in URL
session.invalidate();
}
}
// wrap response to remove URL encoding
HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper(httpResponse) {
@Override
public String encodeRedirectUrl(String url) {
return url;
}
@Override
public String encodeRedirectURL(String url) {
return url;
}
@Override
public String encodeUrl(String url) {
return url;
}
@Override
public String encodeURL(String url) {
return url;
}
};
chain.doFilter(request, wrappedResponse);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
HttpServletResponseWrapper(javax.servlet.http.HttpServletResponseWrapper)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Example 74 with HttpSession
use of javax.servlet.http.HttpSession in project jodd by oblac.
the class RemoveSessionFromUrlFilter method isRequestedSessionIdFromURL.
/**
* Detects if session ID exist in the URL. It works more reliable
* than <code>servletRequest.isRequestedSessionIdFromURL()</code>.
*/
protected boolean isRequestedSessionIdFromURL(HttpServletRequest servletRequest) {
if (servletRequest.isRequestedSessionIdFromURL()) {
return true;
}
HttpSession session = servletRequest.getSession(false);
if (session != null) {
String sessionId = session.getId();
StringBuffer requestUri = servletRequest.getRequestURL();
return requestUri.indexOf(sessionId) != -1;
}
return false;
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
Example 75 with HttpSession
use of javax.servlet.http.HttpSession in project jodd by oblac.
the class CsrfTokenTag method doTag.
@Override
public void doTag() throws IOException {
JspContext jspContext = this.getJspContext();
// generate token
HttpServletRequest request = (HttpServletRequest) ((PageContext) jspContext).getRequest();
HttpSession session = request.getSession();
String value = CsrfShield.prepareCsrfToken(session);
if (name == null) {
name = CsrfShield.CSRF_TOKEN_NAME;
}
jspContext.getOut().write("<input type=\"hidden\" name=\"" + name + "\" value=\"" + value + "\"/>");
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
JspContext(javax.servlet.jsp.JspContext)
HttpSession(javax.servlet.http.HttpSession)
Aggregations
HttpSession (javax.servlet.http.HttpSession)730
HttpServletRequest (javax.servlet.http.HttpServletRequest)151
Test (org.junit.Test)110
IOException (java.io.IOException)80
HttpServletResponse (javax.servlet.http.HttpServletResponse)80
ServletException (javax.servlet.ServletException)75
ArrayList (java.util.ArrayList)65
RequestDispatcher (javax.servlet.RequestDispatcher)59
HashMap (java.util.HashMap)48
Map (java.util.Map)44
Locale (java.util.Locale)39
Properties (java.util.Properties)39
PrintWriter (java.io.PrintWriter)38
Cookie (javax.servlet.http.Cookie)27
List (java.util.List)24
SQLException (java.sql.SQLException)23
WebUser (org.compiere.util.WebUser)23
FlakyTest (org.apache.geode.test.junit.categories.FlakyTest)20
IntegrationTest (org.apache.geode.test.junit.categories.IntegrationTest)20
ModelAndView (org.springframework.web.servlet.ModelAndView)20
