Java HttpServletRequest.isRequestedSessionIdValid方法代码示例

本文整理汇总了Java中javax.servlet.http.HttpServletRequest.isRequestedSessionIdValid方法的典型用法代码示例。如果您正苦于以下问题：Java HttpServletRequest.isRequestedSessionIdValid方法的具体用法？Java HttpServletRequest.isRequestedSessionIdValid怎么用？Java HttpServletRequest.isRequestedSessionIdValid使用的例子？那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类javax.servlet.http.HttpServletRequest的用法示例。

在下文中一共展示了HttpServletRequest.isRequestedSessionIdValid方法的2个代码示例，这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞，您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: assertAuthenticationIsValid

import javax.servlet.http.HttpServletRequest; //导入方法依赖的package包/类
/**
 * Check the users session for validity
 * @param req The users request
 * @throws SecurityException if the users session is invalid
 */
protected void assertAuthenticationIsValid(HttpServletRequest req) throws SecurityException
{
    // ensure that at least the next call has a valid session
    req.getSession();

    // if there was an expired session, the request has to fail
    if (!req.isRequestedSessionIdValid())
    {
        throw new LoginRequiredException(Messages.getString("DefaultAccessControl.DeniedByInvalidSession"));
    }

    if (req.getRemoteUser() == null)
    {
        throw new LoginRequiredException(Messages.getString("DefaultAccessControl.DeniedByAuthenticationRequired"));
    }
}

开发者ID:parabuild-ci，项目名称:parabuild-ci，代码行数:22，代码来源:DefaultAccessControl.java

示例2: checkNotCsrfAttack

import javax.servlet.http.HttpServletRequest; //导入方法依赖的package包/类
/**
 * Check that this request is not subject to a CSRF attack
 * @param request The original browser's request
 * @param sessionCookieName "JSESSIONID" unless it has been overridden
 */
private void checkNotCsrfAttack(HttpServletRequest request, String sessionCookieName)
{
    // A check to see that this isn't a csrf attack
    // http://en.wikipedia.org/wiki/Cross-site_request_forgery
    // http://www.tux.org/~peterw/csrf.txt
    if (request.isRequestedSessionIdValid() && request.isRequestedSessionIdFromCookie())
    {
        String headerSessionId = request.getRequestedSessionId();
        if (headerSessionId.length() > 0)
        {
            String bodySessionId = getHttpSessionId();

            // Normal case; if same session cookie is supplied by DWR and
            // in HTTP header then all is ok
            if (headerSessionId.equals(bodySessionId))
            {
                return;
            }

            // Weblogic adds creation time to the end of the incoming
            // session cookie string (even for request.getRequestedSessionId()).
            // Use the raw cookie instead
            Cookie[] cookies = request.getCookies();
            for (int i = 0; i < cookies.length; i++)
            {
                Cookie cookie = cookies[i];
                if (cookie.getName().equals(sessionCookieName) &&
                        cookie.getValue().equals(bodySessionId))
                {
                    return;
                }
            }

            // Otherwise error
            log.error("A request has been denied as a potential CSRF attack.");
            throw new SecurityException("Session Error");
        }
    }
}

开发者ID:parabuild-ci，项目名称:parabuild-ci，代码行数:45，代码来源:Batch.java

注：本文中的javax.servlet.http.HttpServletRequest.isRequestedSessionIdValid方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台，相关代码片段筛选自各路编程大神贡献的开源项目，源码版权归原作者所有，传播和使用请参考对应项目的License；未经允许，请勿转载。