javax.servlet.http.Cookie.setHttpOnly()方法的使用及代码示例

x33g5p2x  于2022-01-17 转载在 其他  
字(12.2k)|赞(0)|评价(0)|浏览(327)

本文整理了Java中javax.servlet.http.Cookie.setHttpOnly()方法的一些代码示例,展示了Cookie.setHttpOnly()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Cookie.setHttpOnly()方法的具体详情如下:
包路径:javax.servlet.http.Cookie
类名称:Cookie
方法名:setHttpOnly

Cookie.setHttpOnly介绍

[英]Marks or unmarks this Cookie as HttpOnly.

If isHttpOnly is set to true, this cookie is marked as HttpOnly, by adding the HttpOnly attribute to it.

HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.
[中]将此Cookie标记为HttpOnly或取消标记为HttpOnly。
如果ishtponly设置为true,则通过向该cookie添加HttpOnly属性,将其标记为HttpOnly。
HttpOnly Cookie不应暴露于客户端脚本代码中,因此可能有助于缓解某些类型的跨站点脚本攻击。

代码示例

代码示例来源:origin: ninjaframework/ninja

@Override
public void setHttpOnly(Cookie cookie) {
  cookie.setHttpOnly(true);
}

代码示例来源:origin: xuxueli/xxl-job

/**
 * 保存
 *
 * @param response
 * @param key
 * @param value
 * @param maxAge
 */
private static void set(HttpServletResponse response, String key, String value, String domain, String path, int maxAge, boolean isHttpOnly) {
  Cookie cookie = new Cookie(key, value);
  if (domain != null) {
    cookie.setDomain(domain);
  }
  cookie.setPath(path);
  cookie.setMaxAge(maxAge);
  cookie.setHttpOnly(isHttpOnly);
  response.addCookie(cookie);
}

代码示例来源:origin: perwendel/spark

/**
 * Adds cookie to the response. Can be invoked multiple times to insert more than one cookie.
 *
 * @param domain   domain of the cookie
 * @param path     path of the cookie
 * @param name     name of the cookie
 * @param value    value of the cookie
 * @param maxAge   max age of the cookie in seconds (negative for the not persistent cookie, zero - deletes the cookie)
 * @param secured  if true : cookie will be secured
 * @param httpOnly if true: cookie will be marked as http only
 */
public void cookie(String domain, String path, String name, String value, int maxAge, boolean secured, boolean httpOnly) {
  Cookie cookie = new Cookie(name, value);
  cookie.setPath(path);
  cookie.setDomain(domain);
  cookie.setMaxAge(maxAge);
  cookie.setSecure(secured);
  cookie.setHttpOnly(httpOnly);
  response.addCookie(cookie);
}

代码示例来源:origin: cloudfoundry/uaa

public Cookie getNullCookie() {
  Cookie currentUserCookie = new Cookie(CURRENT_USER_COOKIE_NAME, null);
  currentUserCookie.setHttpOnly(false);
  currentUserCookie.setMaxAge(0);
  currentUserCookie.setPath("/");
  return currentUserCookie;
}

代码示例来源:origin: apache/nifi

private void removeOidcRequestCookie(final HttpServletResponse httpServletResponse) {
  final Cookie cookie = new Cookie(OIDC_REQUEST_IDENTIFIER, null);
  cookie.setPath("/");
  cookie.setHttpOnly(true);
  cookie.setMaxAge(0);
  cookie.setSecure(true);
  httpServletResponse.addCookie(cookie);
}

代码示例来源:origin: jfinal/jfinal

private Controller doSetCookie(String name, String value, int maxAgeInSeconds, String path, String domain, Boolean isHttpOnly) {
  Cookie cookie = new Cookie(name, value);
  cookie.setMaxAge(maxAgeInSeconds);
  // set the default path value to "/"
  if (path == null) {
    path = "/";
  }
  cookie.setPath(path);
  
  if (domain != null) {
    cookie.setDomain(domain);
  }
  if (isHttpOnly != null) {
    cookie.setHttpOnly(isHttpOnly);
  }
  response.addCookie(cookie);
  return this;
}

代码示例来源:origin: SonarSource/sonarqube

public Cookie build() {
 Cookie cookie = new Cookie(requireNonNull(name), value);
 cookie.setPath(getContextPath(request));
 cookie.setSecure(isHttps(request));
 cookie.setHttpOnly(httpOnly);
 cookie.setMaxAge(expiry);
 return cookie;
}

代码示例来源:origin: spring-projects/spring-framework

/**
 * Remove the cookie that this generator describes from the response.
 * Will generate a cookie with empty value and max age 0.
 * <p>Delegates to {@link #createCookie} for cookie creation.
 * @param response the HTTP response to remove the cookie from
 * @see #setCookieName
 * @see #setCookieDomain
 * @see #setCookiePath
 */
public void removeCookie(HttpServletResponse response) {
  Assert.notNull(response, "HttpServletResponse must not be null");
  Cookie cookie = createCookie("");
  cookie.setMaxAge(0);
  if (isCookieSecure()) {
    cookie.setSecure(true);
  }
  if (isCookieHttpOnly()) {
    cookie.setHttpOnly(true);
  }
  response.addCookie(cookie);
  if (logger.isTraceEnabled()) {
    logger.trace("Removed cookie '" + getCookieName() + "'");
  }
}

代码示例来源:origin: spring-projects/spring-framework

/**
 * Add a cookie with the given value to the response,
 * using the cookie descriptor settings of this generator.
 * <p>Delegates to {@link #createCookie} for cookie creation.
 * @param response the HTTP response to add the cookie to
 * @param cookieValue the value of the cookie to add
 * @see #setCookieName
 * @see #setCookieDomain
 * @see #setCookiePath
 * @see #setCookieMaxAge
 */
public void addCookie(HttpServletResponse response, String cookieValue) {
  Assert.notNull(response, "HttpServletResponse must not be null");
  Cookie cookie = createCookie(cookieValue);
  Integer maxAge = getCookieMaxAge();
  if (maxAge != null) {
    cookie.setMaxAge(maxAge);
  }
  if (isCookieSecure()) {
    cookie.setSecure(true);
  }
  if (isCookieHttpOnly()) {
    cookie.setHttpOnly(true);
  }
  response.addCookie(cookie);
  if (logger.isTraceEnabled()) {
    logger.trace("Added cookie [" + getCookieName() + "=" + cookieValue + "]");
  }
}

代码示例来源:origin: org.springframework/spring-web

/**
 * Remove the cookie that this generator describes from the response.
 * Will generate a cookie with empty value and max age 0.
 * <p>Delegates to {@link #createCookie} for cookie creation.
 * @param response the HTTP response to remove the cookie from
 * @see #setCookieName
 * @see #setCookieDomain
 * @see #setCookiePath
 */
public void removeCookie(HttpServletResponse response) {
  Assert.notNull(response, "HttpServletResponse must not be null");
  Cookie cookie = createCookie("");
  cookie.setMaxAge(0);
  if (isCookieSecure()) {
    cookie.setSecure(true);
  }
  if (isCookieHttpOnly()) {
    cookie.setHttpOnly(true);
  }
  response.addCookie(cookie);
  if (logger.isTraceEnabled()) {
    logger.trace("Removed cookie '" + getCookieName() + "'");
  }
}

代码示例来源:origin: gocd/gocd

public SELF hasCookie(String path, String name, String value, int maxAge, boolean secured, boolean httpOnly) {
  Cookie actualCookie = actual.getCookie(name);
  Cookie expectedCookie = new Cookie(name, value);
  expectedCookie.setDomain("");
  expectedCookie.setPath(path);
  expectedCookie.setMaxAge(maxAge);
  expectedCookie.setSecure(secured);
  expectedCookie.setHttpOnly(httpOnly);
  if (!EqualsBuilder.reflectionEquals(expectedCookie, actualCookie)) {
    this.as("cookie");
    throw Failures.instance().failure(info, shouldBeEqual(ReflectionToStringBuilder.toString(actualCookie, ToStringStyle.MULTI_LINE_STYLE), ReflectionToStringBuilder.toString(expectedCookie, ToStringStyle.MULTI_LINE_STYLE), info.representation()));
  }
  return myself;
}

代码示例来源:origin: spring-projects/spring-framework

@Test
public void cookies() {
  Cookie cookie = new Cookie("foo", "bar");
  cookie.setPath("/path");
  cookie.setDomain("example.com");
  cookie.setMaxAge(0);
  cookie.setSecure(true);
  cookie.setHttpOnly(true);
  response.addCookie(cookie);
  assertEquals("foo=bar; Path=/path; Domain=example.com; " +
      "Max-Age=0; Expires=Thu, 1 Jan 1970 00:00:00 GMT; " +
      "Secure; HttpOnly", response.getHeader(HttpHeaders.SET_COOKIE));
}

代码示例来源:origin: spring-projects/spring-framework

@Override
protected void applyCookies() {
  for (String name : getCookies().keySet()) {
    for (ResponseCookie httpCookie : getCookies().get(name)) {
      Cookie cookie = new Cookie(name, httpCookie.getValue());
      if (!httpCookie.getMaxAge().isNegative()) {
        cookie.setMaxAge((int) httpCookie.getMaxAge().getSeconds());
      }
      if (httpCookie.getDomain() != null) {
        cookie.setDomain(httpCookie.getDomain());
      }
      if (httpCookie.getPath() != null) {
        cookie.setPath(httpCookie.getPath());
      }
      cookie.setSecure(httpCookie.isSecure());
      cookie.setHttpOnly(httpCookie.isHttpOnly());
      this.response.addCookie(cookie);
    }
  }
}

代码示例来源:origin: org.springframework/spring-web

/**
 * Add a cookie with the given value to the response,
 * using the cookie descriptor settings of this generator.
 * <p>Delegates to {@link #createCookie} for cookie creation.
 * @param response the HTTP response to add the cookie to
 * @param cookieValue the value of the cookie to add
 * @see #setCookieName
 * @see #setCookieDomain
 * @see #setCookiePath
 * @see #setCookieMaxAge
 */
public void addCookie(HttpServletResponse response, String cookieValue) {
  Assert.notNull(response, "HttpServletResponse must not be null");
  Cookie cookie = createCookie(cookieValue);
  Integer maxAge = getCookieMaxAge();
  if (maxAge != null) {
    cookie.setMaxAge(maxAge);
  }
  if (isCookieSecure()) {
    cookie.setSecure(true);
  }
  if (isCookieHttpOnly()) {
    cookie.setHttpOnly(true);
  }
  response.addCookie(cookie);
  if (logger.isTraceEnabled()) {
    logger.trace("Added cookie [" + getCookieName() + "=" + cookieValue + "]");
  }
}

代码示例来源:origin: cloudfoundry/uaa

public Cookie getCookie(UaaPrincipal uaaPrincipal) throws CurrentUserCookieEncodingException {
  CurrentUserInformation currentUserInformation = new CurrentUserInformation();
  currentUserInformation.setUserId(uaaPrincipal.getId());
  Cookie cookie = new Cookie(CURRENT_USER_COOKIE_NAME, urlEncode(JsonUtils.writeValueAsString(currentUserInformation)));
  cookie.setPath("/");
  cookie.setHttpOnly(false);
  cookie.setMaxAge(sessionTimeout);
  return cookie;
}

代码示例来源:origin: jenkinsci/jenkins

/**
 * Handles the logout processing.
 *
 * <p>
 * The default implementation erases the session and do a few other clean up, then
 * redirect the user to the URL specified by {@link #getPostLogOutUrl(StaplerRequest, Authentication)}.
 *
 * @since 1.314
 */
public void doLogout(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException {
  HttpSession session = req.getSession(false);
  if(session!=null)
    session.invalidate();
  Authentication auth = SecurityContextHolder.getContext().getAuthentication();
  SecurityContextHolder.clearContext();
  // reset remember-me cookie
  Cookie cookie = new Cookie(ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,"");
  cookie.setMaxAge(0);
  cookie.setSecure(req.isSecure());
  cookie.setHttpOnly(true);
  cookie.setPath(req.getContextPath().length()>0 ? req.getContextPath() : "/");
  rsp.addCookie(cookie);
  rsp.sendRedirect2(getPostLogOutUrl(req,auth));
}

代码示例来源:origin: org.springframework/spring-web

@Override
protected void applyCookies() {
  for (String name : getCookies().keySet()) {
    for (ResponseCookie httpCookie : getCookies().get(name)) {
      Cookie cookie = new Cookie(name, httpCookie.getValue());
      if (!httpCookie.getMaxAge().isNegative()) {
        cookie.setMaxAge((int) httpCookie.getMaxAge().getSeconds());
      }
      if (httpCookie.getDomain() != null) {
        cookie.setDomain(httpCookie.getDomain());
      }
      if (httpCookie.getPath() != null) {
        cookie.setPath(httpCookie.getPath());
      }
      cookie.setSecure(httpCookie.isSecure());
      cookie.setHttpOnly(httpCookie.isHttpOnly());
      this.response.addCookie(cookie);
    }
  }
}

代码示例来源:origin: spring-projects/spring-framework

@Test
public void buildResponseHeaders() throws Exception {
  this.response.addHeader("Content-Type", "text/html");
  this.response.addHeader("X-Test", "value");
  Cookie cookie = new Cookie("cookieA", "valueA");
  cookie.setDomain("domain");
  cookie.setPath("/path");
  cookie.setMaxAge(1800);
  cookie.setSecure(true);
  cookie.setHttpOnly(true);
  this.response.addCookie(cookie);
  WebResponse webResponse = this.responseBuilder.build();
  List<NameValuePair> responseHeaders = webResponse.getResponseHeaders();
  assertThat(responseHeaders.size(), equalTo(3));
  NameValuePair header = responseHeaders.get(0);
  assertThat(header.getName(), equalTo("Content-Type"));
  assertThat(header.getValue(), equalTo("text/html"));
  header = responseHeaders.get(1);
  assertThat(header.getName(), equalTo("X-Test"));
  assertThat(header.getValue(), equalTo("value"));
  header = responseHeaders.get(2);
  assertThat(header.getName(), equalTo("Set-Cookie"));
  assertThat(header.getValue(), startsWith("cookieA=valueA; Path=/path; Domain=domain; Max-Age=1800; Expires="));
  assertThat(header.getValue(), endsWith("; Secure; HttpOnly"));
}

代码示例来源:origin: spring-projects/spring-framework

Cookie enigmaCookie = new Cookie("enigma", "42");
enigmaCookie.setComment("This is a comment");
enigmaCookie.setHttpOnly(true);
enigmaCookie.setMaxAge(1234);
enigmaCookie.setDomain(".example.com");

代码示例来源:origin: cloudfoundry/uaa

public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
  CsrfTokenRepository repository = new CookieBasedCsrfTokenRepository();
  CsrfToken token = repository.generateToken(request);
  repository.saveToken(token, request, new MockHttpServletResponse());
  String tokenValue = token.getToken();
  Cookie cookie = new Cookie(token.getParameterName(), tokenValue);
  cookie.setHttpOnly(true);
  Cookie[] cookies = request.getCookies();
  if (cookies == null) {
    request.setCookies(cookie);
  } else {
    addCsrfCookie(request, cookie, cookies);
  }
  request.setParameter(token.getParameterName(), useInvalidToken ? "invalid" + tokenValue : tokenValue);
  return request;
}

内容来源于网络,如有侵权,请联系作者删除!

Cookie

相关文章

    查看更多
    微信公众号

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新文章

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com