Examples of javax.servlet.http.Cookie

• javax.servlet.http.Cookie
  Cookie model value object @author Rick Knowles

   *      boolean)
   */
  public static SessionUserObject getLoginUser(HttpServletRequest request,
      HttpServletResponse response, boolean verify_host) {
    // ���session�м�¼��ֱ�Ӵ�session�ж�ȡ������
    Cookie uuidCookie = null;
    HttpSession ssn = request.getSession(false);
    if (ssn != null) {
      SessionUserObject user = (SessionUserObject) ssn
          .getAttribute(SESSION_USER_KEY);
      if (user != null){
        uuidCookie = getUuidCookie(request);
        //������sessionֵ���ڣ���cookieֵҲ���ڲ���Ч
        //(��Ҫ��Լ�Ⱥ�����£��û���s1ע���ˣ�������������s2ʱ������ʾ��¼״̬)
        if(uuidCookie!=null)
          return user;
        ssn.invalidate();
        return null;
      }
    }
    String uuid = null;
    if(uuidCookie == null)
      uuidCookie = getUuidCookie(request);
    if (uuidCookie != null)
      uuid = uuidCookie.getValue();
    if(StringUtils.isEmpty(uuid))
      return null;
    // session�������û�������ִ���Զ���¼����
    try {
      UUID oUUID = new UUID(uuid);

   * @param site
   */
  public boolean execute(HttpServletRequest request,
      HttpServletResponse response, SiteBean site, int source) {
    boolean write_db = false;
    Cookie u_cookie = RequestUtils.getCookie(request, KEY_COOKIE);
    String ident = getSiteIdAsString(site);
    if(u_cookie == null){
      //����Cookie��Ч�ڵ��������
      Calendar t = Calendar.getInstance();
      t.add(Calendar.DATE, 1);
      DateUtils.resetTime(t);
      int maxAge = (int)(t.getTime().getTime()-System.currentTimeMillis()) / 1000;
      RequestUtils.setCookie(request, response, KEY_COOKIE, ident, maxAge);
      write_db = true;
    }
    else{
      String cookie_value = u_cookie.getValue();
      if(cookie_value.indexOf(ident)<0){
        //����Cookie��Ч�ڵ��������
        Calendar t = Calendar.getInstance();
        t.add(Calendar.DATE, 1);
        DateUtils.resetTime(t);

     * @param defaultDomain ...
     *
     * @return ...
     */
    public Cookie getCookie(String defaultPath, String defaultDomain) {
        Cookie c = new Cookie(name, value);

        // NOTE: If cookie version is set to 1, cookie values will be quoted.
        // c.setVersion(1);

        if (days > -1) {
            // Cookie time to live, days -> seconds
            c.setMaxAge(days * 60 * 60 * 24);
        }

        if (path != null) {
            c.setPath(path);
        } else if (defaultPath != null) {
            c.setPath(defaultPath);
        }

        if (domain != null) {
            c.setDomain(domain);
        } else if (defaultDomain != null) {
            c.setDomain(defaultDomain);
        }

        return c;
    }

                    return value instanceof Cookie ? value : null;
                } else if (value instanceof Object[]) {
                    Object[] values = ((Object[]) value);
                    return values.length > 0 ? values[0] : null;
                } else if (value instanceof Cookie) {
                    Cookie cookie = (Cookie) value;
                    return cookie.getValue();
                }
            }
            return super.get(key);
        }

      formUsername = (String)daf.get("username");
      formPassword = (String) daf.get("password");

      // next, let's check for the existence of the CVRMID cookie.
      boolean rmCookieExists = false;
      Cookie requestCookie = null;
      Cookie cookieList[] = request.getCookies();

      if (cookieList != null) {
        for (int i = 0; i < cookieList.length; i++) {
          Cookie tmpCookie = cookieList[i];
          if (tmpCookie.getName().equals("CVRMID")) {
            rmCookieExists = true;
            requestCookie = tmpCookie;
          }
        }
      }
      String cookieUsername = "";
      String cookiePassword = "";

      boolean useFormValues = false;

      // now, if the cookie exists, then get the content
      if (rmCookieExists) {
        // unencode the content of the cookie
        String unEncodedString = new String(Base64.decode(requestCookie.getValue()));

        // split the parts of the string on the "/" character
        String stringParts[] = unEncodedString.split("/");

        // get the username and password values and save for use
        cookieUsername = stringParts[0];
        cookiePassword = stringParts[1];

        // Note: In login.jsp, we checked to see if the cookie was set. If so, we
        // got the username and password from the cookie; we set the username form
        // value to the username from the cookie, and the password to "CVRMID-xxxxxxxx".
        // Therefore, we will check the form password value here; if it is NOT
        // "CVRMID-xxxxxxxx", the we know the user has manually typed in a different
        // password, and we will use the form password vs. the cookie password.
        if (formPassword != null && ! formPassword.equals("CVRMID-xxxxxxxx")) {
          useFormValues = true;
        }

        if (remember == null || remember.equals("")) {
          // if the user has *UN*-checked the Remember Me
          // checkbox, then get rid of their cookie
          this.forgetMe(response);
        }
      }

      String username = "";
      String password = "";

      if (rmCookieExists) {
        if (cookieUsername.equals(formUsername) && ! useFormValues) {
          // if the userName in the cookie equals the username in the form,
          // then, we'll authenticate on the cookie content
          username = cookieUsername;
          password = cookiePassword;
        } else {
          // if the username in the cookie does not match the username in the form,
          // then, we'll authenticate on the form content
          username = formUsername;
          password = formPassword;
        }
      } else {
        // if the cookie does not exist at all, authenticate on the form values
        username = formUsername;
        password = formPassword;
      }

      if (lh == null) {
        return (mapping.findForward("dataerror"));
      }

      Login remote = lh.create();
      remote.setDataSource(dataSource);
      usrResult = remote.authenticateUser(username, password);
      // Check to make sure the usrResult has all the fields we expect of it.
      // if so then it was a valid login, if not, then we will fail with a general
      // authentication error.
      if (usrResult.containsKey("individualid") && usrResult.containsKey("firstName") && usrResult.containsKey("lastName") && usrResult.containsKey("type")) {
        int individualId = Integer.parseInt((String)usrResult.get("individualid"));
        userType = (String)usrResult.get("type");
        String firstName = (String)usrResult.get("firstName");
        String lastName = (String)usrResult.get("lastName");

        if ((! userType.equalsIgnoreCase((String)daf.get("userType"))) && ! ("EMPLOYEE".equals(daf.get("userType")) && userType.equalsIgnoreCase("ADMINISTRATOR"))) {
          String errorHeader = "Error occurred during login.";
          errorMap.put(new Integer(0), errorHeader);
          String error = "The username or password was incorrect, or the user is disabled.";
          errorMap.put(new Integer(1), error);
          request.setAttribute("error", errorMap);
          FORWARD_final = GLOBAL_FORWARD_failure;
          return (mapping.findForward(FORWARD_final));
        }

        userObject = remote.getUserObject(individualId, firstName, lastName, userType);
        userObject.setLoginName(username);

        // In a certain case we will need a blank rights matrix, so prepare the remote connection now.
        AuthorizationHome ah = (AuthorizationHome)CVUtility.getHomeObject("com.centraview.administration.authorization.AuthorizationHome","Authorization");
        Authorization authorizationRemote = ah.create();
        authorizationRemote.setDataSource(dataSource);

        if (remember.equals("on")) {
          // the "Remember Me" cookie contains the a string in the format
          // "<userName>/<password>". This string is then encrypted.
          // We should probably store the SHA1 of the password, this is a major security risk!!
          // TODO: encode the SHA1 of the password in the cookie content, and not the password itself.
          // and write the corresponding login method to take the SHA1 directly.
          String cookieContent = username + "/" + password;
          String encodedString = Base64.encode(cookieContent.getBytes());
          Cookie rememberMeCookie = new Cookie("CVRMID", encodedString);
          // set the expire time - to the largest int possible
          rememberMeCookie.setMaxAge(2147483647);
          rememberMeCookie.setPath("/");
          response.addCookie(rememberMeCookie);
        }

        // get the real mfrm and put it on the UserObject
        mfrm = authorizationRemote.getUserSecurityProfileMatrix(individualId);
        up = userObject.getUserPref();
        up.setModuleAuthorizationMatrix(mfrm);
        userObject.setUserPref(up);
        session.setAttribute("userobject",userObject);

        // User Email Check - will schedule the recurring check
        // of all the user's email accounts, every x minutes where
        // x is defined by the user's preferences.
        int userInterval = userObject.getUserPref().getEmailCheckInterval();
        if (userInterval > 0) {
          // only start this job if the user wants their mail checked
          // automatically. A value of 0 means do not check mail automatically.

          // minutes to seconds, then seconds to miliseconds...
          Integer interval = new Integer(userInterval * 60 * 1000);

          // make sure this job isn't already scheduled for some unknown reason...
          // .. by "make sure", I mean blindly cancel the job registered for this user.
          Timer currentTimer = siteInfo.getUserTimer(individualId);
          if (currentTimer != null) {
            currentTimer.cancel();
          }

          TimerTask currentTask = siteInfo.getUserTask(individualId);
          if (currentTask != null) {
            currentTask.cancel();
          }

          Timer newTimer = new Timer(true);
          TimerTask userEmailCheck = new UserEmailCheck(individualId, session, dataSource, host);
          newTimer.schedule(userEmailCheck, 300000L, interval.longValue());
          siteInfo.setUserTimer(individualId, newTimer, userEmailCheck);
        }

        // code added for concurrent user maintinance
        session.setAttribute(SessionAlive.IS_ALIVE, new SessionAlive());

        if (userType.equalsIgnoreCase("CUSTOMER")) {
          // if this is a customer user, they can only
          // see the customer view. All other users can
          // only see the employee view
          FORWARD_final = ".view.customer.home";
        } else if ((userType.equalsIgnoreCase("ADMINISTRATOR") || userType.equalsIgnoreCase("EMPLOYEE"))) {
          FORWARD_final = FORWARD_login;
        } else {
          FORWARD_final = GLOBAL_FORWARD_failure;
        }

        // Last, set a cookie so the user never sees the EULA again...
        Cookie eulaCookie = new Cookie("CVEULA", "Yes");
        eulaCookie.setMaxAge(2147483647);    // largest int possible, cookie never expires
        eulaCookie.setPath("/");
        response.addCookie(eulaCookie);
        // Don't add more code here. Add any new code above where the
        // agreedTerms cookie is set above.
      } else {
        // the usrResult from the loginEJB isn't All that it can be.

   * cookie from the user's browser, thus "forgetting" the user.
   * @param response The HttpServletResponse on which to set the cookie.
   */
  private void forgetMe(HttpServletResponse response)
  {
    Cookie forgetMeCookie = new Cookie("CVRMID", "");
    forgetMeCookie.setMaxAge(0);    // this makes the cookie expire NOW
    forgetMeCookie.setPath("/");
    response.addCookie(forgetMeCookie);
  }

  public void set_cookie(String key, int value, int maxAge){
    RequestUtils.setCookie(request, response, key, String.valueOf(value), maxAge);
  }

  public int get_cookie_as_int(String key){
    Cookie cookie = RequestUtils.getCookie(request, key);
    if(cookie == null)
      return -1;
    try{
      return Integer.parseInt(cookie.getValue());
    }catch(Exception e){}
    return -1;
  }

            AbstractTokenService tokenService = AbstractTokenService.getInstance(CookieTokenService.class);
            String cookieToken = tokenService.createToken(credentials);

            log.debug("Found a remember me request parameter, created a persistent token " + cookieToken + " for it and set it up " +
               "in the next response");
            Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME, cookieToken);
            cookie.setPath(req.getContextPath());
            cookie.setMaxAge((int)tokenService.getValidityTime() / 1000);
            resp.addCookie(cookie);
         }
      }

      //

      doGet(req, resp);
   }

   private void clearTokenCookie(HttpServletRequest req, HttpServletResponse resp)
   {
      Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME, "");
      cookie.setPath(req.getContextPath());
      cookie.setMaxAge(0);
      resp.addCookie(cookie);
   }

            {
               log.debug("Login initiated with no credentials in session but found token an invalid " + token + " " +
                  "that will be cleared in next response");

               // We clear the cookie in the next response as it was not valid
               Cookie cookie = new Cookie(InitiateLoginServlet.COOKIE_NAME, "");
               cookie.setPath(req.getContextPath());
               cookie.setMaxAge(0);
               resp.addCookie(cookie);

               // This allows the customer to define another login page without
               // changing the portal
               showLoginForm(req, resp);