Declarative Security Download
Monthly Archives: March 2013
Another Example of Session Tracking
Orderform.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML> <HEAD> <TITLE>Order Form</TITLE> </HEAD> <BODY BGCOLOR="#FDF5E6"> <CENTER> <H1>Order Form</H1> <FORM ACTION="ShowItems"> New Item to Order: <INPUT TYPE="TEXT" NAME="newItem" VALUE="Pen"><P> <INPUT TYPE="SUBMIT" VALUE="Order and Show All Purchases"> </FORM> </CENTER></BODY></HTML>
ShowItems.java
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
public class ShowItems extends HttpServlet
{
public void doGet(HttpServletRequest request,HttpServletResponse response)
throws ServletException, IOException
{
// getSession()
// Returns the current session associated with this request,
// or if the request does not have a session, creates one.
HttpSession session = request.getSession();
ArrayList previousItems =
(ArrayList)session.getAttribute("previousItems");
if (previousItems == null) {
previousItems = new ArrayList();
session.setAttribute("previousItems", previousItems);
}
String newItem = request.getParameter("newItem");
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Items Purchased";
String docType =
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " +
"Transitional//EN\">\n";
out.println(docType +
"<HTML>\n" +
"<HEAD><TITLE>" + title + "</TITLE></HEAD>\n" +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1>" + title + "</H1>");
synchronized(previousItems) {
if (newItem != null) {
previousItems.add(newItem);
}
if (previousItems.size() == 0) {
out.println("<I>No items</I>");
} else {
out.println("<UL>");
for(int i=0; i<previousItems.size(); i++) {
out.println("<LI>" + (String)previousItems.get(i));
}
out.println("</UL>");
}
}
out.println("</BODY></HTML>");
}
}
Example of Session Tracking
import java.io.IOException;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.PrintWriter;
import java.util.Date;
public class SessionServlet extends HttpServlet implements Servlet {
public SessionServlet() {}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
HttpSession session = request.getSession(true);
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String title = "Session Demo";
String heading;
Integer accessCount = new Integer(0);
if (session.isNew())
{
heading = "Welcome, Newcomer";
}
else
{
heading = "Welcome Back";
Integer oldAccessCount = (Integer)session.getAttribute("accessCount");
if (oldAccessCount != null)
{
accessCount = new Integer(oldAccessCount.intValue() + 1);
}
}
session.setAttribute("accessCount", accessCount);
out.println(""+title+"\n" +
"\n" +
"<H1>" + heading + "</H1>\n" +
"<H2>Information on Your Session:</H2>\n" +
"<TABLE BORDER="1" ALIGN="CENTER">\n" +
"<TR>\n" +
" <TH>Info Type<TH>Value\n" +
"<TR>\n" +
" <TD>ID\n" +
" <TD>" + session.getId() + "\n" +
"<TR>\n" +
" <TD>Creation Time\n" +
" <TD>" + new Date(session.getCreationTime()) + "\n" +
"<TR>\n" +
" <TD>Time of Last Access\n" +
" <TD>" + new Date(session.getLastAccessedTime()) + "\n" +
"<TR>\n" +
" <TD>Number of Previous Accesses\n" +
" <TD>" + accessCount + "\n" +
"</TABLE>\n" +
"");
}
public void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
doGet(request, response);
}
}
Using Cookies to Remember User Preferences
RegistrationForm.java
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
/** Servlet that displays an HTML form to collect user's
* first name, last name, and email address. Uses cookies
* to determine the initial values of each of those
* form fields.
*/
public class RegistrationForm extends HttpServlet {
public void doGet(HttpServletRequest request,HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String actionURL ="/RegistrationServlet";
String firstName =CookieUtilities.getCookieValue(request, "firstName", "");
String lastName =CookieUtilities.getCookieValue(request, "lastName", "");
String emailAddress =CookieUtilities.getCookieValue(request, "emailAddress","");
String title = "Please Register";
out.println(
"<HTML>\n" +
"<HEAD><TITLE>" + title + "</TITLE></HEAD>\n" +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<CENTER>\n" +
"<H1>" + title + "</H1>\n" +
"<FORM ACTION=\"" + actionURL + "\">\n" +
"First Name:\n" +
" <INPUT TYPE=\"TEXT\" NAME=\"firstName\" " +
"VALUE=\"" + firstName + "\"><BR>\n" +
"Last Name:\n" +
" <INPUT TYPE='TEXT' NAME='lastName' " +
"VALUE=\"" + lastName + "\"><BR>\n" +
"Email Address: \n" +
" <INPUT TYPE=\"TEXT\" NAME=\"emailAddress\" " +
"VALUE=\"" + emailAddress + "\"><P>\n" +
"<INPUT TYPE=\"SUBMIT\" VALUE=\"Register\">\n" +
"</FORM></CENTER></BODY></HTML>");
}
}
RegistrationServlet.java
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
/** Servlet that processes a registration form containing
* a user's first name, last name, and email address.
* If all the values are present, the servlet displays the
* values. If any of the values are missing, the input
* form is redisplayed. Either way, the values are put
* into cookies so that the input form can use the
* previous values.
*/
public class RegistrationServlet extends HttpServlet
{
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/html");
boolean isMissingValue = false;
String firstName = request.getParameter("firstName");
if (isMissing(firstName)) {
firstName = "Missing first name";
isMissingValue = true;
}
String lastName = request.getParameter("lastName");
if (isMissing(lastName)) {
lastName = "Missing last name";
isMissingValue = true;
}
String emailAddress = request.getParameter("emailAddress");
if (isMissing(emailAddress)) {
emailAddress = "Missing email address";
isMissingValue = true;
}
Cookie c1 = new LongLivedCookie("firstName", firstName);
response.addCookie(c1);
Cookie c2 = new LongLivedCookie("lastName", lastName);
response.addCookie(c2);
Cookie c3 = new LongLivedCookie("emailAddress",
emailAddress);
response.addCookie(c3);
String formAddress =
"/RegistrationForm";
if (isMissingValue)
{
response.sendRedirect(formAddress);
} else {
PrintWriter out = response.getWriter();
String docType =
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " +
"Transitional//EN\">\n";
String title = "Thanks for Registering";
out.println
(docType +
"<HTML>\n" +
"<HEAD><TITLE>" + title + "</TITLE></HEAD>\n" +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<CENTER>\n" +
"<H1 ALIGN>" + title + "</H1>\n" +
"<UL>\n" +
" <LI><B>First Name</B>: " +
firstName + "\n" +
" <LI><B>Last Name</B>: " +
lastName + "\n" +
" <LI><B>Email address</B>: " +
emailAddress + "\n" +
"</UL>\n" +
"</CENTER></BODY></HTML>");
}
}
/** Determines if value is null or empty. */
private boolean isMissing(String param) {
return((param == null) ||
(param.trim().equals("")));
}
}
LongLivedCookie.java
import javax.servlet.http.*;
/** Cookie that persists 1 year. Default Cookie doesn't
* persist past current browsing session.
*/
public class LongLivedCookie extends Cookie {
public static final int SECONDS_PER_YEAR = 60*60*24*365;
public LongLivedCookie(String name, String value) {
super(name, value);
setMaxAge(SECONDS_PER_YEAR);
}
}
CookieUtilities.java
import javax.servlet.*;
import javax.servlet.http.*;
/** Two static methods for use in cookie handling. */
public class CookieUtilities
{
/** Given the request object, a name, and a default value,
* this method tries to find the value of the cookie with
* the given name. If no cookie matches the name,
* the default value is returned.
*/
public static String getCookieValue
(HttpServletRequest request,
String cookieName,
String defaultValue)
{
Cookie[] cookies = request.getCookies();
if (cookies != null)
{
for(int i=0; i<cookies.length; i++)
{
Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
return(cookie.getValue());
}
}
}
return(defaultValue);
}
/** Given the request object and a name, this method tries
* to find and return the cookie that has the given name.
* If no cookie matches the name, null is returned.
*/
public static Cookie getCookie(HttpServletRequest request,
String cookieName) {
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for(int i=0; i<cookies.length; i++) {
Cookie cookie = cookies[i];
if (cookieName.equals(cookie.getName())) {
return(cookie);
}
}
}
return(null);
}
}
Differentiating session cookies from persistent cookies
Differentiating session cookies from persistent cookies
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
/** Creates a table of the cookies associated with
* the current page. Also sets six cookies: three
* that apply only to the current session
* (regardless of how long that session lasts)
* and three that persist for an hour (regardless
* of whether the browser is restarted).
*/
public class CookieTest extends HttpServlet
{
public void doGet(HttpServletRequest request,HttpServletResponse response)
throws ServletException, IOException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
for(int i=0; i<3; i++)
{
Cookie cookie = new Cookie("Session-Cookie-" + i,"Cookie-Value-S" + i);
response.addCookie(cookie);
cookie = new Cookie("Persistent-Cookie-" + i,"Cookie-Value-P" + i);
cookie.setMaxAge(60*60); //1 hour
response.addCookie(cookie);
}
String docType =
"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 " +
"Transitional//EN\">\n";
String title = "Active Cookies";
out.println(docType +
"<HTML>\n" +
"<HEAD><TITLE>" + title + "</TITLE></HEAD>\n" +
"<BODY BGCOLOR=\"#FDF5E6\">\n" +
"<H1 ALIGN=\"CENTER\">" + title + "</H1>\n" +
"<TABLE BORDER=1 ALIGN=\"CENTER\">\n" +
"<TR BGCOLOR=\"#FFAD00\">\n" +
" <TH>Cookie Name\n" +
" <TH>Cookie Value");
Cookie[] cookies = request.getCookies();
if (cookies == null) {
out.println("<TR><TH COLSPAN=2>No cookies");
} else
{
Cookie cookie;
for(int i=0; i<cookies.length; i++) {
cookie = cookies[i];
out.println("<TR>\n" +
" <TD>" + cookie.getName() + "\n" +
" <TD>" + cookie.getValue());
}
}
out.println("</TABLE></BODY></HTML>");
}
}
Example of cookie
Example of Cookie
//set the cookie
import java.io.*;
import javax.servlet.http.*;
public class CookieDemo extends HttpServlet
{
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException
{
response.setContentType("text/html");
PrintWriter pw = response.getWriter();
Cookie cookie = new Cookie("username","admin");
cookie.setMaxAge(60*60); //1 hour
response.addCookie(cookie);
pw.println("Cookies created");
}
}
//To retrieve the value of cookie
import java.io.*;
import javax.servlet.http.*;
public class RetCookie extends HttpServlet
{
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException
{
response.setContentType("text/html");
PrintWriter pw = response.getWriter();
Cookie[] cookie = request.getCookies();
pw.println("All Cookies in your browsers\n");
for(Cookie obj : cookie)
{
if(obj.getName().equals("username"))
{
pw.println(obj.getName() + " : " + obj.getValue());
break;
}
}
}
}
Web Technology & Application Development – 2640002 