本文主要介绍了Java设置httponly cookie的实现示例,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧
Httponly cookie 是一种 cookie 安全解决方案。
在支持httponly cookie的浏览器(IE6+、FF3.0+)中,如果cookie中设置了“httponly”属性,则JavaScript脚本将无法读取cookie信息,可以有效防止XSS攻击,让网站应用更安全。
但是J2EE4、J2EE5 cookie不提供设置httponly属性的方法,所以如果需要设置httponly属性需要自己处理。
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
/**
* Cookie Tools
*/
public class CookieUtil {
/**
* Set httponly cookie
* @param Response HTTP response
* @param Cookie cookie object
* @param Ishttponly is httponly
*/
public static void addCookie(HttpServletResponse response, Cookie cookie, boolean isHttpOnly) {
String name = cookie.getName();//Cookie name
String value = cookie.getValue();//Cookie value
int maxAge = cookie.getMaxAge();//Maximum survival time (milliseconds, 0 representative deletion, -1 represents the same as the browser session)
String path = cookie.getPath();//path
String domain = cookie.getDomain();//area
boolean isSecure = cookie.getSecure();//Is there a security protocol?
StringBuilder buffer = new StringBuilder();
buffer.append(name).append("=").append(value).append(";");
if (maxAge == 0) {
buffer.append("Expires=Thu Jan 01 08:00:00 CST 1970;");
} else if (maxAge > 0) {
buffer.append("Max-Age=").append(maxAge).append(";");
}
if (domain != null) {
buffer.append("domain=").append(domain).append(";");
}
if (path != null) {
buffer.append("path=").append(path).append(";");
}
if (isSecure) {
buffer.append("secure;");
}
if (isHttpOnly) {
buffer.append("HTTPOnly;");
}
response.addHeader("Set-Cookie", buffer.toString());
}
}
值得一提的是,Java Ee 6.0中的cookie已经设置了httponly,所以如果兼容Java EE 6.0兼容的容器(例如Tomcat 7),可以使用cookie.sethttponly设置HTTPONLY:
cookie.setHttpOnly(true);
Java HttpCookie 类的setHttpOnly(Boolean httpOnly) 方法用于指示cookie 是否可以被认为是HTTPOnly。如果设置为 true,则 cookie 不能被 JavaScript 等脚本引擎访问。
句法
public void setHttpOnly(boolean httpOnly)
范围
上述方法只需要一个参数:
httpOnly - 如果 cookie 仅是 HTTP,则表示 true,这意味着它作为 HTTP 请求的一部分可见。
返回
不适用
示例 1
import java.net.HttpCookie;
public class JavaHttpCookieSetHttpOnlyExample1 {
public static void main(String[] args) {
HttpCookie cookie = new HttpCookie("Student", "1");
// Indicate whether the cookie can be considered as HTTP Only or not.
cookie.setHttpOnly(true);
// Return true if the cookie is considered as HTTPOnly.
System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());
}
}
输出:
Check whether the cookie is HTTPOnly: true
示例 2
import java.net.HttpCookie;
public class JavaHttpCookieSetHttpOnlyExample2 {
public static void main(String[] args) {
HttpCookie cookie = new HttpCookie("Student", "1");
// Indicate whether the cookie can be considered as HTTP Only or not.
cookie.setHttpOnly(false);
// Return false if the cookie is not considered as HTTPOnly.
System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());
}
}
输出:
Check whether the cookie is HTTPOnly: false
示例 3
import java.net.HttpCookie;
public class JavaHttpCookieSetHttpOnlyExample3 {
public static void main(String[] args) {
HttpCookie cookie1 = new HttpCookie("Student1", "1");
HttpCookie cookie2 = new HttpCookie("Student2", "2");
//Indicate whether the cookie can be considered as HTTP Only or not.
cookie1.setHttpOnly(true);
cookie2.setHttpOnly(false);
System.out.println("Check whether the first cookie is HTTPOnly:"+cookie1.isHttpOnly());
System.out.println("Check whether the second cookie is HTTPOnly:"+cookie2.isHttpOnly());
}
}
输出:
Check whether the first cookie is HTTPOnly:true
Check whether the second cookie is HTTPOnly:false
到此这篇关于Java设置httponly cookie的实现示例的文章就介绍到这了,更多相关Java设置httponly cookie内容请搜索编程学习网以前的文章希望大家以后多多支持编程学习网!
本文标题为:Java设置httponly cookie的实现示例
基础教程推荐
- JDK数组阻塞队列源码深入分析总结 2023-04-18
- java实现多人聊天系统 2023-05-19
- springboot自定义starter方法及注解实例 2023-03-31
- ConditionalOnProperty配置swagger不生效问题及解决 2023-01-02
- Java并发编程进阶之线程控制篇 2023-03-07
- java基础知识之FileInputStream流的使用 2023-08-11
- Java数据结构之对象比较详解 2023-03-07
- Java实现查找文件和替换文件内容 2023-04-06
- Java实现线程插队的示例代码 2022-09-03
- Java文件管理操作的知识点整理 2023-05-19