Skip to content

Commit 38e9149

Browse files
Doha2012Doha2012
committed
httpOnly session
1 parent 2dbb9e0 commit 38e9149

File tree

2 files changed

+58
-0
lines changed

2 files changed

+58
-0
lines changed

spring-security-mvc-session/src/main/java/org/baeldung/security/SessionFilter.java

+45
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
package org.baeldung.security;
2+
3+
import java.io.IOException;
4+
import java.util.Arrays;
5+
6+
import javax.servlet.Filter;
7+
import javax.servlet.FilterChain;
8+
import javax.servlet.FilterConfig;
9+
import javax.servlet.ServletException;
10+
import javax.servlet.ServletRequest;
11+
import javax.servlet.ServletResponse;
12+
import javax.servlet.http.Cookie;
13+
import javax.servlet.http.HttpServletRequest;
14+
import javax.servlet.http.HttpServletResponse;
15+
16+
public class SessionFilter implements Filter{
17+
18+
@Override
19+
public void init(FilterConfig filterConfig) throws ServletException {
20+
System.out.println("init filter");
21+
}
22+
23+
@Override
24+
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
25+
HttpServletRequest req = (HttpServletRequest) request;
26+
HttpServletResponse res = (HttpServletResponse) response;
27+
Cookie[] allCookies = req.getCookies();
28+
if (allCookies != null) {
29+
Cookie session = Arrays.stream(allCookies).filter(x -> x.getName().equals("JSESSIONID")).findFirst().orElse(null);
30+
31+
if (session != null) {
32+
session.setHttpOnly(true);
33+
session.setSecure(true);
34+
res.addCookie(session);
35+
}
36+
}
37+
chain.doFilter(req, res);
38+
}
39+
40+
@Override
41+
public void destroy() {
42+
System.out.println("destroy filter");
43+
}
44+
45+
}

spring-security-mvc-session/src/main/webapp/WEB-INF/web.xml

+13
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@
88

99
<session-config>
1010
<session-timeout>1</session-timeout>
11+
<!-- <cookie-config>
12+
<http-only>true</http-only>
13+
<secure>true</secure>
14+
</cookie-config> -->
1115
</session-config>
1216
<listener>
1317
<listener-class>org.baeldung.web.SessionListenerWithMetrics</listener-class>
@@ -52,6 +56,15 @@
5256
<filter-name>springSecurityFilterChain</filter-name>
5357
<url-pattern>/*</url-pattern>
5458
</filter-mapping>
59+
60+
<!-- <filter>
61+
<filter-name>SessionFilter</filter-name>
62+
<filter-class>org.baeldung.security.SessionFilter</filter-class>
63+
</filter>
64+
<filter-mapping>
65+
<filter-name>SessionFilter</filter-name>
66+
<url-pattern>/*</url-pattern>
67+
</filter-mapping> -->
5568

5669
<!-- <welcome-file-list> -->
5770
<!-- <welcome-file>index.html</welcome-file> -->

0 commit comments

Comments
 (0)