/*
  * (non-Javadoc)
  *
  * @see org.mockito.ArgumentMatcher#matches(java.lang.Object)
  */
 @Override
 public boolean matches(final Object argument) {
   if (argument instanceof Cookie) {
     final Cookie givenCookie = (Cookie) argument;
     if (givenCookie.getSecure() == expectedCookie.getSecure()) {
       if (givenCookie.getMaxAge() == expectedCookie.getMaxAge()) {
         if (givenCookie.getName().equals(expectedCookie.getName())) {
           if (givenCookie.getPath() == expectedCookie.getPath()
               || givenCookie.getPath().equals(expectedCookie.getPath())) {
             if (givenCookie.getValue().equals(expectedCookie.getValue())) {
               if (givenCookie.getDomain() == expectedCookie.getDomain()
                   || givenCookie.getDomain().equals(expectedCookie.getDomain())) {
                 return true;
               }
             }
           }
         }
       }
     }
     Assert.fail(
         "Expected \n["
             + ToStringBuilder.reflectionToString(expectedCookie)
             + "]\n but got \n["
             + ToStringBuilder.reflectionToString(argument)
             + "]");
   }
   return false;
 }
  /**
   * Render page contents.
   *
   * @param writer
   * @param cookies
   */
  private void renderPage(PrintWriter writer, Cookie[] cookies) {
    List<String[]> events = parseEvents();
    List<String> cities = parseCities(events), categories = parseCategories(events);
    String city = null, category = null;

    // Write header.
    appendHeader(writer);

    // If cookies are List, show monthly events.
    if (cookies != null) {
      // Check if city and category cookie existed and update values.
      for (Cookie cookie : cookies) {
        // If city cookie existed, modify city value.
        String name = cookie.getName();
        if (name.equalsIgnoreCase(CITY_PARAMETER_COOKIE_NAME)) {
          city = cookie.getValue();
        } else if (name.equalsIgnoreCase(CATEGORY_PARAMETER_COOKIE_NAME)) {
          category = cookie.getValue();
        }
      }
    }

    // Show input form.
    showInputForm(writer, cities, categories, city, category);

    // Show event table.
    showEventTable(writer, events, city, category);

    // Write footer.
    appendFooter(writer);
  }
  public String[] getSessionHTML(HttpSession session, HttpServletRequest request)
      throws ServletException, IOException {

    String user = null;
    String group = null;
    String userName = null;
    String groupname = null;
    String redirect = "";
    try {

      redirect = UserRecord;
      if (session.getAttribute("user") == null) {

        session.invalidate();
        request.getRequestDispatcher(redirect).include(request, response);
      } else {
        user = (String) session.getAttribute("user");
        group = (String) session.getAttribute("group");
      }
      Cookie[] cookies = request.getCookies();
      if (cookies != null) {
        for (Cookie cookie : cookies) {
          if (cookie.getName().equals("user")) sess[0] = cookie.getValue();
          if (cookie.getName().equals("JSESSIONID")) sessionID = cookie.getValue();
          if (cookie.getName().equals("group")) sess[1] = cookie.getValue();
          break;
        }
      }

    } catch (NullPointerException n) {
      n.printStackTrace();
    }
    return sess;
  }
Example #4
0
  @Override
  public String execute() throws Exception {
    userid = -1;
    HttpSession httpSession = ServletActionContext.getRequest().getSession();
    Cookie[] cookies = ServletActionContext.getRequest().getCookies();
    for (Cookie cookie : cookies) {
      if (cookie.getName().equals("userid")) {
        userid = Integer.parseInt(cookie.getValue());
      }
      if (cookie.getName().equals("useremail")) {
        useremail = cookie.getValue();
      }
      if (cookie.getName().equals("usernick")) {
        usernike = Base64Util.decodeToString(cookie.getValue());
      }
    }

    if (userid == -1 || useremail == null || usernike == null) {
      return "session";
    } else {
      System.out.println(userid);
      list = UserInforDao.selectLoginInfor(userid);
      for (int i = 0; i < list.size(); i++) {
        list.get(i).setHostname(Base64Util.decodeToString(list.get(i).getHostname()));
      }
      size = list.size();
    }

    return SUCCESS;
  }
  /** initialize cookie data */
  private void initCookieData() {
    HttpServletRequest request = RWT.getRequest();
    Cookie[] cookies = request.getCookies();
    if (cookies != null) {
      for (Cookie cookie : cookies) {
        boolean isFind = false;

        if (PublicTadpoleDefine.TDB_COOKIE_USER_ID.equals(cookie.getName())) {
          textEMail.setText(cookie.getValue());
          isFind = true;
        }

        if (isFind) break;
      }
      for (Cookie cookie : cookies) {
        boolean isFind = false;
        if (PublicTadpoleDefine.TDB_COOKIE_USER_SAVE_CKECK.equals(cookie.getName())) {
          btnCheckButton.setSelection(Boolean.parseBoolean(cookie.getValue()));
          isFind = true;
        }

        if (isFind) break;
      }
      for (Cookie cookie : cookies) {
        boolean isFind = false;
        if (PublicTadpoleDefine.TDB_COOKIE_USER_LANGUAGE.equals(cookie.getName())) {
          comboLanguage.setText(cookie.getValue());
          changeUILocale();
          isFind = true;
        }

        if (isFind) break;
      }
    }
  }
 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
     throws IOException, ServletException { // 登录界面login.jsp进入前判断是否已经登陆,是则直接跳转
   HttpServletRequest req = (HttpServletRequest) request;
   HttpServletResponse res = (HttpServletResponse) response;
   Cookie cookies[] = req.getCookies();
   Cookie login = null;
   Cookie user = null;
   Cookie admin = null;
   // 1)判断cookie为空。2)cookie存在,但没有"loginName"。
   // 3)cookie存在,但有"loginName",但loginName为null或0。
   if (cookies != null) {
     for (int i = 0; i < cookies.length; i++) {
       if (cookies[i].getName().equals("LoginName")) {
         login = cookies[i];
       } else if (cookies[i].getName().equals("superUser")) {
         user = cookies[i];
       } else if (cookies[i].getName().equals("adminRight")) {
         admin = cookies[i];
       }
     }
   }
   if (login != null && !login.getValue().equals("")) {
     if (admin != null && !admin.getValue().equals("")) {
       res.sendRedirect("/Login_Servlet/administrator/login/success.jsp");
     } else if (user != null && !user.getValue().equals("")) {
       res.sendRedirect("/Login_Servlet/user/login/success.jsp");
     }
   } else {
     chain.doFilter(request, response);
   }
 }
Example #7
0
 /**
  * 解压缩Cookie
  *
  * @param cookie Cookie
  * @throws IOException
  */
 public static final void unCompressCookie(Cookie cookie) throws IOException {
   ByteArrayOutputStream bos = new ByteArrayOutputStream();
   if (StringUtils.isEmpty(cookie.getValue())) {
     return;
   }
   byte[] compress = new BASE64Decoder().decodeBuffer(cookie.getValue());
   InflaterInputStream iis = new InflaterInputStream(new ByteArrayInputStream(compress));
   try {
     byte[] b = new byte[1024];
     int count;
     while ((count = iis.read(b)) >= 0) {
       bos.write(b, 0, count);
     }
     iis.close();
   } catch (Exception e) {
     e.printStackTrace();
   } finally {
     if (ObjectUtils.isNotNull(iis)) {
       try {
         iis.close();
       } catch (IOException e) {
         e.printStackTrace();
       }
     }
     if (ObjectUtils.isNotNull(bos)) {
       try {
         bos.close();
       } catch (IOException e) {
         e.printStackTrace();
       }
     }
   }
 }
Example #8
0
  private void checkCookies(HttpServletRequest request) {
    Cookie[] cookies = request.getCookies();

    HttpSession session = request.getSession();
    String session_cookie_username;

    if (session.getAttribute("logged_in_user") == null) {
      session_cookie_username = "";
    } else {
      session_cookie_username = (String) session.getAttribute("logged_in_user");
    }

    if (cookies != null) {
      for (Cookie cookie : cookies) {
        if (!(cookie.getName().equals("logged_in_user") || cookie.getName().equals("JSESSIONID"))) {
          new AppSensorIntrusion(
              new AppSensorException(
                  "SE2", "User adding new cookies", "User added ned cookie " + cookie.getName()));
        } else if (cookie.getName().equals("logged_in_user")) {
          if (!session_cookie_username.equals(cookie.getValue())) {
            new AppSensorIntrusion(
                new AppSensorException(
                    "SE4",
                    "User changing logincookie",
                    "User changed username in logincookie from "
                        + session_cookie_username
                        + " to "
                        + cookie.getValue()));
            session.setAttribute("logged_in_user", cookie.getValue());
          }
        }
      }
    }
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = "";
    java.util.Enumeration<String> headers = request.getHeaders("vector");
    if (headers.hasMoreElements()) {
      param = headers.nextElement(); // just grab first element
    }

    String bar = param;
    if (param != null && param.length() > 1) {
      StringBuilder sbxyz87271 = new StringBuilder(param);
      bar = sbxyz87271.replace(param.length() - "Z".length(), param.length(), "Z").toString();
    }

    double value = new java.util.Random().nextDouble();
    String rememberMeKey = Double.toString(value).substring(2); // Trim off the 0. at the front.

    String user = "******";
    String fullClassName = this.getClass().getName();
    String testCaseNumber =
        fullClassName.substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length());
    user += testCaseNumber;

    String cookieName = "rememberMe" + testCaseNumber;

    boolean foundUser = false;
    javax.servlet.http.Cookie[] cookies = request.getCookies();
    for (int i = 0; cookies != null && ++i < cookies.length && !foundUser; ) {
      javax.servlet.http.Cookie cookie = cookies[i];
      if (cookieName.equals(cookie.getName())) {
        if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
          foundUser = true;
        }
      }
    }

    if (foundUser) {
      response.getWriter().println("Welcome back: " + user + "<br/>");
    } else {
      javax.servlet.http.Cookie rememberMe =
          new javax.servlet.http.Cookie(cookieName, rememberMeKey);
      rememberMe.setSecure(true);
      request.getSession().setAttribute(cookieName, rememberMeKey);
      response.addCookie(rememberMe);
      response
          .getWriter()
          .println(
              user
                  + " has been remembered with cookie: "
                  + rememberMe.getName()
                  + " whose value is: "
                  + rememberMe.getValue()
                  + "<br/>");
    }

    response.getWriter().println("Weak Randomness Test java.util.Random.nextDouble() executed");
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    String param = request.getHeader("vector");
    if (param == null) param = "";

    String bar = doSomething(param);

    try {
      int randNumber = java.security.SecureRandom.getInstance("SHA1PRNG").nextInt(99);
      String rememberMeKey = Integer.toString(randNumber);

      String user = "******";
      String fullClassName = this.getClass().getName();
      String testCaseNumber =
          fullClassName.substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length());
      user += testCaseNumber;

      String cookieName = "rememberMe" + testCaseNumber;

      boolean foundUser = false;
      javax.servlet.http.Cookie[] cookies = request.getCookies();
      for (int i = 0; cookies != null && ++i < cookies.length && !foundUser; ) {
        javax.servlet.http.Cookie cookie = cookies[i];
        if (cookieName.equals(cookie.getName())) {
          if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
            foundUser = true;
          }
        }
      }

      if (foundUser) {
        response.getWriter().println("Welcome back: " + user + "<br/>");
      } else {
        javax.servlet.http.Cookie rememberMe =
            new javax.servlet.http.Cookie(cookieName, rememberMeKey);
        rememberMe.setSecure(true);
        request.getSession().setAttribute(cookieName, rememberMeKey);
        response.addCookie(rememberMe);
        response
            .getWriter()
            .println(
                user
                    + " has been remembered with cookie: "
                    + rememberMe.getName()
                    + " whose value is: "
                    + rememberMe.getValue()
                    + "<br/>");
      }

    } catch (java.security.NoSuchAlgorithmException e) {
      System.out.println("Problem executing SecureRandom.nextInt(int) - TestCase");
      throw new ServletException(e);
    }
    response
        .getWriter()
        .println("Weak Randomness Test java.security.SecureRandom.nextInt(int) executed");
  } // end doPost
Example #11
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    org.owasp.benchmark.helpers.SeparateClassRequest scr =
        new org.owasp.benchmark.helpers.SeparateClassRequest(request);
    String param = scr.getTheParameter("vector");
    if (param == null) param = "";

    String bar = doSomething(param);

    byte[] bytes = new byte[10];
    new java.util.Random().nextBytes(bytes);
    String rememberMeKey = org.owasp.esapi.ESAPI.encoder().encodeForBase64(bytes, true);

    String user = "******";
    String fullClassName = this.getClass().getName();
    String testCaseNumber =
        fullClassName.substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length());
    user += testCaseNumber;

    String cookieName = "rememberMe" + testCaseNumber;

    boolean foundUser = false;
    javax.servlet.http.Cookie[] cookies = request.getCookies();
    if (cookies != null) {
      for (int i = 0; !foundUser && i < cookies.length; i++) {
        javax.servlet.http.Cookie cookie = cookies[i];
        if (cookieName.equals(cookie.getName())) {
          if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
            foundUser = true;
          }
        }
      }
    }

    if (foundUser) {
      response.getWriter().println("Welcome back: " + user + "<br/>");
    } else {
      javax.servlet.http.Cookie rememberMe =
          new javax.servlet.http.Cookie(cookieName, rememberMeKey);
      rememberMe.setSecure(true);
      rememberMe.setPath("/benchmark/" + this.getClass().getSimpleName());
      request.getSession().setAttribute(cookieName, rememberMeKey);
      response.addCookie(rememberMe);
      response
          .getWriter()
          .println(
              user
                  + " has been remembered with cookie: "
                  + rememberMe.getName()
                  + " whose value is: "
                  + rememberMe.getValue()
                  + "<br/>");
    }

    response.getWriter().println("Weak Randomness Test java.util.Random.nextBytes() executed");
  } // end doPost
  /**
   * Adds a cookie to the response.
   *
   * @param response The servlet response.
   * @param cookie The cookie to be sent.
   */
  private void addCookie(HttpServletResponse response, Cookie cookie) {
    if (LOGGER.isDebugEnabled()) {
      LOGGER.debug(
          "Adding cookie: "
              + cookie.getDomain()
              + cookie.getPath()
              + " "
              + cookie.getName()
              + "="
              + cookie.getValue());
    }
    // We don't use the container's response.addCookie, since the HttpOnly cookie flag was
    // introduced only recently
    // in the servlet specification, and we're still using the older 2.4 specification as a minimal
    // requirement for
    // compatibility with as many containers as possible. Instead, we write the cookie manually as a
    // HTTP header.
    StringBuilder cookieValue = new StringBuilder(150);
    cookieValue.append(cookie.getName() + "=");
    if (StringUtils.isNotEmpty(cookie.getValue())) {
      cookieValue.append("\"" + cookie.getValue() + "\"");
    }
    cookieValue.append("; Version=1");
    if (cookie.getMaxAge() >= 0) {
      cookieValue.append("; Max-Age=" + cookie.getMaxAge());
      // IE is such a pain, it doesn't understand the modern, safer Max-Age
      cookieValue.append("; Expires=");
      if (cookie.getMaxAge() == 0) {
        cookieValue.append(COOKIE_EXPIRE_NOW);
      } else {
        cookieValue.append(
            COOKIE_EXPIRE_FORMAT.format(
                new Date(System.currentTimeMillis() + cookie.getMaxAge() * 1000L)));
      }
    }
    if (StringUtils.isNotEmpty(cookie.getDomain())) {
      // IE needs toLowerCase for the domain name
      cookieValue.append("; Domain=" + cookie.getDomain().toLowerCase());
    }
    if (StringUtils.isNotEmpty(cookie.getPath())) {
      cookieValue.append("; Path=" + cookie.getPath());
    }
    // Protect cookies from being used from JavaScript, see http://www.owasp.org/index.php/HttpOnly
    cookieValue.append("; HttpOnly");

    // Session cookies should be discarded.
    // FIXME Safari 5 can't handle properly "Discard", as it really discards all the response header
    // data after the
    // first "Discard" encountered, so it will only see the first such cookie. Disabled for the
    // moment until Safari
    // gets fixed, or a better idea comes to mind.
    // Since we don't set a Max-Age, the rfc2109 behavior will kick in, and recognize this as a
    // session cookie.
    // if (cookie.getMaxAge() < 0) {
    // cookieValue.append("; Discard");
    // }
    response.addHeader("Set-Cookie", cookieValue.toString());
  }
  @Test
  public void testTrackClusterNewUser() throws Exception {
    // activate
    String serverId = getServerId();
    Capture<String> serverIdCapture = new Capture<String>();
    Capture<ClusterServerImpl> clusterServerCapture = new Capture<ClusterServerImpl>();
    expect(serverTrackingCache.list()).andReturn(new ArrayList<Object>()).times(2);
    expect(serverTrackingCache.put(capture(serverIdCapture), capture(clusterServerCapture)))
        .andReturn(new Object());

    // trackClusterUser
    HttpServletRequest request = createMock(HttpServletRequest.class);
    HttpServletResponse response = createMock(HttpServletResponse.class);

    Cookie cookieA = new Cookie("something", "someValue");
    Cookie cookieB = new Cookie("somethingElse", "someOtherValue");

    Cookie[] cookies = new Cookie[] {cookieA, cookieB};

    expect(request.getCookies()).andReturn(cookies);
    expect(request.getRemoteUser()).andReturn("userid");

    expect(response.isCommitted()).andReturn(false);
    Capture<Cookie> captureCookie = new Capture<Cookie>();
    response.addCookie(capture(captureCookie));
    expectLastCall();

    response.addHeader("Cache-Control", "no-cache=\"set-cookie\" ");
    expectLastCall();
    response.addDateHeader("Expires", 0);
    expectLastCall();

    // deactivate
    serverTrackingCache.remove(serverId);

    replay();
    clusterTrackingServiceImpl.activate(componentContext);

    clusterTrackingServiceImpl.trackClusterUser(request, response);

    clusterTrackingServiceImpl.deactivate(componentContext);
    assertTrue(serverIdCapture.hasCaptured());
    assertEquals(serverId, serverIdCapture.getValue());
    assertTrue(clusterServerCapture.hasCaptured());
    ClusterServerImpl clusterServerImpl = clusterServerCapture.getValue();
    assertEquals(serverId, clusterServerImpl.getServerId());
    assertTrue(System.currentTimeMillis() >= clusterServerImpl.getLastModified());

    // check the cookie
    assertTrue(captureCookie.hasCaptured());
    Cookie cookie = captureCookie.getValue();
    assertEquals("SAKAI-TRACKING", cookie.getName());
    assertEquals("/", cookie.getPath());
    assertEquals(-1, cookie.getMaxAge());
    assertNotNull(cookie.getValue());
    assertTrue(cookie.getValue().startsWith(serverId));
    verify();
  }
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html");

    java.util.Map<String, String[]> map = request.getParameterMap();
    String param = "";
    if (!map.isEmpty()) {
      String[] values = map.get("vector");
      if (values != null) param = values[0];
    }

    String bar = new Test().doSomething(param);

    float rand = new java.util.Random().nextFloat();
    String rememberMeKey = Float.toString(rand).substring(2); // Trim off the 0. at the front.

    String user = "******";
    String fullClassName = this.getClass().getName();
    String testCaseNumber =
        fullClassName.substring(fullClassName.lastIndexOf('.') + 1 + "BenchmarkTest".length());
    user += testCaseNumber;

    String cookieName = "rememberMe" + testCaseNumber;

    boolean foundUser = false;
    javax.servlet.http.Cookie[] cookies = request.getCookies();
    for (int i = 0; cookies != null && ++i < cookies.length && !foundUser; ) {
      javax.servlet.http.Cookie cookie = cookies[i];
      if (cookieName.equals(cookie.getName())) {
        if (cookie.getValue().equals(request.getSession().getAttribute(cookieName))) {
          foundUser = true;
        }
      }
    }

    if (foundUser) {
      response.getWriter().println("Welcome back: " + user + "<br/>");
    } else {
      javax.servlet.http.Cookie rememberMe =
          new javax.servlet.http.Cookie(cookieName, rememberMeKey);
      rememberMe.setSecure(true);
      request.getSession().setAttribute(cookieName, rememberMeKey);
      response.addCookie(rememberMe);
      response
          .getWriter()
          .println(
              user
                  + " has been remembered with cookie: "
                  + rememberMe.getName()
                  + " whose value is: "
                  + rememberMe.getValue()
                  + "<br/>");
    }

    response.getWriter().println("Weak Randomness Test java.util.Random.nextFloat() executed");
  } // end doPost
 /**
  * 从cookie中获取用户id
  *
  * @param request
  * @return
  */
 protected String getSessionOperatorId(HttpServletRequest request) {
   String objId = null;
   Cookie cookie = CookieUtil.getInstance().getCookie(request, StaticSession.COOKIE_USERID);
   if (null != cookie && cookie.getValue() != null) {
     String cookieValue = cookie.getValue();
     String[] values = cookieValue.split("_");
     objId = DesUtil.getInstance().decryptStr(values[0]);
   }
   return objId;
 }
 protected void updateCookie(HttpServletRequest request, HttpServletResponse response) {
   Cookie[] cookies = request.getCookies();
   for (Cookie cookie : cookies) {
     if (cookie.getName() != null && cookie.getName().equals("Token")) {
       Logger.getGlobal().info("Token cookie value is: " + cookie.getValue());
       if (userService.isUserSessionByToken(cookie.getValue())) {
         this.makeCookie(cookie.getValue(), response);
       }
     }
   }
 }
Example #17
0
 private String getToken(HttpServletRequest request, HttpServletResponse response) {
   HttpSession session = request.getSession(false);
   if (!this.cookieLinksEnabled) {
     if (session == null) {
       return null;
     }
     return (String) session.getAttribute(SECURITY_TOKEN_SESSION_ATTR);
   }
   if (session != null) {
     final String tokenFromSession = (String) session.getAttribute(SECURITY_TOKEN_SESSION_ATTR);
     if (tokenFromSession != null) {
       Principal principal = this.tokenManager.getPrincipal(tokenFromSession);
       if (principal != null) {
         return tokenFromSession;
       }
     }
   }
   if (request.getCookies() != null && !request.isSecure()) {
     Cookie c = getCookie(request, VRTXLINK_COOKIE);
     if (logger.isDebugEnabled()) {
       logger.debug("Cookie: " + VRTXLINK_COOKIE + ": " + c);
     }
     if (c != null) {
       UUID id;
       try {
         id = UUID.fromString(c.getValue());
       } catch (Throwable t) {
         if (logger.isDebugEnabled()) {
           logger.debug("Invalid UUID cookie value: " + c.getValue(), t);
         }
         return null;
       }
       String token = this.cookieLinkStore.getToken(request, id);
       if (token == null) {
         if (logger.isDebugEnabled()) {
           logger.debug("No token found from cookie " + VRTXLINK_COOKIE + ", deleting cookie");
         }
         c = new Cookie(VRTXLINK_COOKIE, c.getValue());
         c.setPath("/");
         c.setMaxAge(0);
         response.addCookie(c);
       } else {
         if (logger.isDebugEnabled()) {
           logger.debug("Found token " + token + " from cookie " + VRTXLINK_COOKIE);
         }
         session = request.getSession(true);
         session.setAttribute(SECURITY_TOKEN_SESSION_ATTR, token);
         return token;
       }
     }
   }
   return null;
 }
  /**
   * Checks user credentials / automatic login.
   *
   * @param userSession The UserSession instance associated to the user's session
   * @return <code>true</code> if auto login was enabled and the user was sucessfuly logged in.
   * @throws DatabaseException
   */
  protected boolean checkAutoLogin(UserSession userSession) {

    LOG.trace("checkAutoLogin");
    String cookieName = SystemGlobals.getValue(ConfigKeys.COOKIE_NAME_DATA);

    Cookie cookie = this.getCookieTemplate(cookieName);
    Cookie hashCookie = this.getCookieTemplate(SystemGlobals.getValue(ConfigKeys.COOKIE_USER_HASH));
    Cookie autoLoginCookie =
        this.getCookieTemplate(SystemGlobals.getValue(ConfigKeys.COOKIE_AUTO_LOGIN));

    if (hashCookie != null
        && cookie != null
        && !cookie.getValue().equals(SystemGlobals.getValue(ConfigKeys.ANONYMOUS_USER_ID))
        && autoLoginCookie != null
        && "1".equals(autoLoginCookie.getValue())) {
      String uid = cookie.getValue();
      String uidHash = hashCookie.getValue();

      // Load the user-specific security hash from the database
      try {
        UserDAO userDao = DataAccessDriver.getInstance().newUserDAO();
        String userHash = userDao.getUserAuthHash(Integer.parseInt(uid));

        if (userHash == null || userHash.trim().length() == 0) {
          return false;
        }

        String securityHash = MD5.crypt(userHash);

        if (securityHash.equals(uidHash)) {
          int userId = Integer.parseInt(uid);
          userSession.setUserId(userId);

          User user = userDao.selectById(userId);

          if (user == null || user.getId() != userId || user.isDeleted()) {
            userSession.makeAnonymous();
            return false;
          }

          this.configureUserSession(userSession, user);

          return true;
        }
      } catch (Exception e) {
        throw new DatabaseException(e);
      }

      userSession.makeAnonymous();
    }

    return false;
  }
Example #19
0
  private String getClientHash(Cookie[] cookies) {
    for (int i = 0; i < cookies.length; i++) {
      Cookie cookie = cookies[i];
      System.out.println("cookieName = " + cookie.getName());

      if (cookie.getName().equals("fypUserHash")) {
        System.out.println("returning = " + cookie.getValue());
        return (cookie.getValue());
      }
    }
    return null;
  }
Example #20
0
  private static HttpServletRequest processGenderCookie(HttpServletRequest request, Cookie cookie) {
    try {
      if (URLDecoder.decode(cookie.getValue(), "UTF-8").equalsIgnoreCase("agender")) {
        request.setAttribute("colors", NEUTRAL);
      } else {
        int gender = Integer.parseInt(URLDecoder.decode(cookie.getValue(), "UTF-8"));
        request.setAttribute(
            "colors", new ColorPalette(ColorBlender.blendPalette(BOY, GIRL, gender)));
      }

    } catch (NumberFormatException | UnsupportedEncodingException ex) {
    }
    return request;
  }
Example #21
0
  @RequestMapping(value = "/vote.jspx", method = RequestMethod.POST)
  public String submit(
      Integer voteId,
      Integer[] subIds,
      String[] reply,
      HttpServletRequest request,
      HttpServletResponse response,
      ModelMap model) {
    CmsSite site = CmsUtils.getSite(request);
    CmsUser user = CmsUtils.getUser(request);
    String ip = RequestUtils.getIpAddr(request);
    String cookieName = VOTE_COOKIE_PREFIX + voteId;
    Cookie cookie = CookieUtils.getCookie(request, cookieName);
    String cookieValue;
    if (cookie != null && !StringUtils.isBlank(cookie.getValue())) {
      cookieValue = cookie.getValue();
    } else {
      cookieValue = null;
    }
    List<Integer[]> itemIds = getItemIdsParam(request, subIds);
    Integer[] subTxtIds = null;
    if (reply != null && reply.length > 0) {
      subTxtIds = new Integer[reply.length];
      List<Integer> subTxtIdList = new ArrayList<Integer>();
      for (int i = 0; i < itemIds.size(); i++) {
        if (itemIds.get(i) == null) {
          subTxtIdList.add(subIds[i]);
        }
      }
      // 投票文本选项和题目id数组对应相同大小
      subTxtIds = (Integer[]) subTxtIdList.toArray(subTxtIds);
    }
    if (!validateSubmit(voteId, subIds, itemIds, user, ip, cookieValue, model)) {
      if (cookieValue == null) {
        // 随机cookie
        cookieValue = StringUtils.remove(UUID.randomUUID().toString(), "-");
        // 写cookie
        CookieUtils.addCookie(request, response, cookieName, cookieValue, Integer.MAX_VALUE, null);
      }
      CmsVoteTopic vote =
          cmsVoteTopicMng.vote(voteId, subTxtIds, itemIds, reply, user, ip, cookieValue);
      model.addAttribute("status", 0);
      model.addAttribute("vote", vote);

      log.info("vote CmsVote id={}, name={}", vote.getId(), vote.getTitle());
    }
    FrontUtils.frontData(request, model, site);
    return FrontUtils.getTplPath(request, site.getSolutionPath(), TPLDIR_SPECIAL, VOTE_RESULT);
  }
Example #22
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    javax.servlet.http.Cookie[] cookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (cookies != null) {
      for (javax.servlet.http.Cookie cookie : cookies) {
        if (cookie.getName().equals("foo")) {
          param = cookie.getValue();
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    String bar = new Test().doSomething(param);

    new java.io.File(new java.io.File(org.owasp.benchmark.helpers.Utils.testfileDir), bar);
  } // end doPost
Example #23
0
  public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {

    Cookie[] cookies = request.getCookies();

    int userID = -1;
    boolean newUser = false;

    // determine whether we've seen this user before
    if (cookies != null) {
      for (Cookie c : cookies) {
        if (c.getName().equals("userID")) {
          userID = Integer.parseInt(c.getValue());
          logger.log(Level.INFO, "Existing user: "******"userID", String.valueOf(userID));
      response.addCookie(c);
      logger.log(Level.INFO, "New user: "******"text/html");
    response.setStatus(HttpServletResponse.SC_OK);

    PrintWriter out = response.getWriter();

    String title = "Cookie Servlet";
    String bootstrapHeader =
        "<!DOCTYPE html>"
            + "<html lang=\"en\">\n"
            + "	<head>\n"
            + "		<title>"
            + title
            + "</title>\n"
            + "		<meta charset=\"utf-8\">\n"
            + "		<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n"
            + "		<link rel=\"stylesheet\" href=\"http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css\">\n"
            + "		<script src=\"https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js\"></script>\n"
            + "		<script src=\"http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\"></script>\n"
            + "	</head>\n";

    String body =
        "	<body>\n"
            + "		<div class=\"container\">\n"
            + "			<p>Hello, "
            + (newUser ? "new" : "existing")
            + " user!</p>\n"
            + "		</div>\n"
            + "	</body>\n";

    String footer = "</html>";

    String page = bootstrapHeader + body + footer;
    out.println(page);
  }
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    Cookie[] cookies = request.getCookies();
    Cookie requestCountCookie = null;
    if (cookies != null) {
      for (int i = 0; i < cookies.length; i++) {
        if ("requestCount".equals(cookies[i].getName())) {
          requestCountCookie = cookies[i];
          break;
        }
      }
    }
    int count = 1;
    if (requestCountCookie == null) {
      requestCountCookie = new Cookie("requestCount", count + "");
    } else {
      count = Integer.parseInt(requestCountCookie.getValue());
      count++;
    }
    requestCountCookie.setValue(count + "");
    requestCountCookie.setMaxAge(9999999);
    response.addCookie(requestCountCookie);

    PrintWriter out = response.getWriter();
    out.println("<h1>Request Count : " + count + "</h1>");
  }
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    request.setCharacterEncoding("UTF-8");
    response.setContentType("text/html;charset=UTF-8");

    Cookie[] cookies = request.getCookies();
    if (cookies != null && cookies.length > 0) {
      for (Cookie c : cookies) {
        System.out.println("cookie domain :" + c.getDomain());
        System.out.println("cookie path :" + c.getPath());
        System.out.println("cookie comment :" + c.getComment());

        System.out.println("cookie maxAge :" + c.getMaxAge());
        System.out.println("cookie version :" + c.getVersion());
        System.out.println("cookie name :" + c.getName());
        System.out.println("cookie value:" + c.getValue());
      }
    } else {
      System.err.println("不存在cookie");
    }

    // 创建cookie
    Cookie cookie = new Cookie("myCookie", "mycookieServlet");

    // 将cookie信息通知浏览器
    response.addCookie(cookie);
  }
 /**
  * Returns the {@link AuthenticationToken} for the request.
  *
  * <p>It looks at the received HTTP cookies and extracts the value of the {@link
  * AuthenticatedURL#AUTH_COOKIE} if present. It verifies the signature and if correct it creates
  * the {@link AuthenticationToken} and returns it.
  *
  * <p>If this method returns <code>null</code> the filter will invoke the configured {@link
  * AuthenticationHandler} to perform user authentication.
  *
  * @param request request object.
  * @return the Authentication token if the request is authenticated, <code>null</code> otherwise.
  * @throws IOException thrown if an IO error occurred.
  * @throws AuthenticationException thrown if the token is invalid or if it has expired.
  */
 protected AuthenticationToken getToken(HttpServletRequest request)
     throws IOException, AuthenticationException {
   AuthenticationToken token = null;
   String tokenStr = null;
   Cookie[] cookies = request.getCookies();
   if (cookies != null) {
     for (Cookie cookie : cookies) {
       if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) {
         tokenStr = cookie.getValue();
         try {
           tokenStr = signer.verifyAndExtract(tokenStr);
         } catch (SignerException ex) {
           throw new AuthenticationException(ex);
         }
         break;
       }
     }
   }
   if (tokenStr != null) {
     token = AuthenticationToken.parse(tokenStr);
     if (!token.getType().equals(authHandler.getType())) {
       throw new AuthenticationException("Invalid AuthenticationToken type");
     }
     if (token.isExpired()) {
       throw new AuthenticationException("AuthenticationToken expired");
     }
   }
   return token;
 }
  /**
   * 检查验证码是否正确
   *
   * @param req
   * @return
   */
  public boolean validate(HttpServletRequest req) {
    Cookie cke = RequestUtils.getCookie(req, COOKIE_NAME);
    if (cke == null || StringUtils.isNotBlank(cke.getValue())) {
      return false;
    }

    String value = cke.getValue();
    String code1 = null;
    try {
      code1 = CryptUtils.decrypt(value, key);
    } catch (Exception e) {
      return false;
    }
    String code2 = req.getParameter("verifyCode");
    return StringUtils.equalsIgnoreCase(code1, code2);
  }
 public static String getCookieValue(Cookie[] cookies, String cookieName, String defaultValue) {
   for (int i = 0; i < cookies.length; i++) {
     Cookie cookie = cookies[i];
     if (cookieName.equals(cookie.getName())) return (cookie.getValue());
   }
   return (defaultValue);
 }
Example #29
0
  @Override
  public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    javax.servlet.http.Cookie[] cookies = request.getCookies();

    String param = null;
    boolean foundit = false;
    if (cookies != null) {
      for (javax.servlet.http.Cookie cookie : cookies) {
        if (cookie.getName().equals("foo")) {
          param = cookie.getValue();
          foundit = true;
        }
      }
      if (!foundit) {
        // no cookie found in collection
        param = "";
      }
    } else {
      // no cookies
      param = "";
    }

    String bar = param;
    if (param.length() > 1) {
      bar = param.substring(0, param.length() - 1);
    }

    response.getWriter().write(bar);
  }
 public boolean checkForUserCookie(HttpServletRequest request, HttpServletResponse response) {
   // TODO just grab cookieValue from ThreadLocal because HttpSessionServletFilter already got it
   // for us
   Cookie[] cookies = request.getCookies();
   String cookieValue = null;
   if (cookies != null) {
     for (Cookie cookie : cookies) {
       if (cookie.getName().equals(LoginController.USER_COOKIE_NAME)) {
         cookieValue = cookie.getValue();
         if (cookieValue != null && !cookieValue.equals("")) {
           logger.debug("Attempting login with cookie value = " + cookieValue);
           UserData userData = securityService.loginWithCookie(cookieValue);
           if (userData != null) {
             LoginController.saveUserInHttpSession(request, userData);
             logger.debug("Logged in using cookie, returning true");
             return true;
           } else {
             LogoutController.clearCookie(response);
           }
         }
         break;
       }
     }
   }
   return false;
 }