use of org.springframework.http.ResponseCookie in project spring-framework by spring-projects.
the class ServletServerHttpResponse method applyCookies.
@Override
protected void applyCookies() {
for (String name : getCookies().keySet()) {
for (ResponseCookie httpCookie : getCookies().get(name)) {
Cookie cookie = new Cookie(name, httpCookie.getValue());
if (!httpCookie.getMaxAge().isNegative()) {
cookie.setMaxAge((int) httpCookie.getMaxAge().getSeconds());
}
httpCookie.getDomain().ifPresent(cookie::setDomain);
httpCookie.getPath().ifPresent(cookie::setPath);
cookie.setSecure(httpCookie.isSecure());
cookie.setHttpOnly(httpCookie.isHttpOnly());
this.response.addCookie(cookie);
}
}
}
use of org.springframework.http.ResponseCookie in project spring-framework by spring-projects.
the class ReactorClientHttpResponse method getCookies.
@Override
public MultiValueMap<String, ResponseCookie> getCookies() {
MultiValueMap<String, ResponseCookie> result = new LinkedMultiValueMap<>();
this.response.cookies().values().stream().flatMap(Collection::stream).forEach(cookie -> {
ResponseCookie responseCookie = ResponseCookie.from(cookie.name(), cookie.value()).domain(cookie.domain()).path(cookie.path()).maxAge(cookie.maxAge()).secure(cookie.isSecure()).httpOnly(cookie.isHttpOnly()).build();
result.add(cookie.name(), responseCookie);
});
return CollectionUtils.unmodifiableMultiValueMap(result);
}
use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.
the class CookieServerCsrfTokenRepository method saveToken.
@Override
public Mono<Void> saveToken(ServerWebExchange exchange, CsrfToken token) {
return Mono.fromRunnable(() -> {
String tokenValue = (token != null) ? token.getToken() : "";
// @formatter:off
ResponseCookie cookie = ResponseCookie.from(this.cookieName, tokenValue).domain(this.cookieDomain).httpOnly(this.cookieHttpOnly).maxAge(!tokenValue.isEmpty() ? -1 : 0).path((this.cookiePath != null) ? this.cookiePath : getRequestContext(exchange.getRequest())).secure((this.secure != null) ? this.secure : (exchange.getRequest().getSslInfo() != null)).build();
// @formatter:on
exchange.getResponse().addCookie(cookie);
});
}
use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.
the class CookieServerCsrfTokenRepositoryTests method saveTokenWhenSslInfoPresentThenSecure.
@Test
public void saveTokenWhenSslInfoPresentThenSecure() {
this.request.sslInfo(new MockSslInfo());
MockServerWebExchange exchange = MockServerWebExchange.from(this.request);
this.csrfTokenRepository.saveToken(exchange, createToken()).block();
ResponseCookie cookie = exchange.getResponse().getCookies().getFirst(this.expectedCookieName);
assertThat(cookie).isNotNull();
assertThat(cookie.isSecure()).isTrue();
}
use of org.springframework.http.ResponseCookie in project spring-security by spring-projects.
the class CookieServerRequestCacheTests method removeMatchingRequestThenRedirectUriCookieExpired.
@Test
public void removeMatchingRequestThenRedirectUriCookieExpired() {
MockServerWebExchange exchange = MockServerWebExchange.from(MockServerHttpRequest.get("/secured/").accept(MediaType.TEXT_HTML).cookie(new HttpCookie("REDIRECT_URI", "/secured/")));
this.cache.removeMatchingRequest(exchange).block();
MultiValueMap<String, ResponseCookie> cookies = exchange.getResponse().getCookies();
ResponseCookie cookie = cookies.getFirst("REDIRECT_URI");
assertThat(cookie).isNotNull();
assertThat(cookie.toString()).isEqualTo("REDIRECT_URI=; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax");
}
Aggregations