-
Java 设置 httponly cookie
Httponly cookie 是一种 cookie 安全解决方案。
在支持httponly cookie的浏览器(IE6+、FF3.0+)中,如果cookie中设置了“httponly”属性,则JavaScript脚本将无法读取cookie信息,可以有效防止XSS攻击,让网站应用更安全。
但是J2EE4、J2EE5 cookie不提供设置httponly属性的方法,所以如果需要设置httponly属性需要自己处理。
- import javax.servlet.http.Cookie;
- import javax.servlet.http.HttpServletResponse;
- /**
- * Cookie Tools
- */
- public class CookieUtil {
- /**
- * Set httponly cookie
- * @param Response HTTP response
- * @param Cookie cookie object
- * @param Ishttponly is httponly
- */
- public static void addCookie(HttpServletResponse response, Cookie cookie, boolean isHttpOnly) {
- String name = cookie.getName();//Cookie name
- String value = cookie.getValue();//Cookie value
- int maxAge = cookie.getMaxAge();//Maximum survival time (milliseconds, 0 representative deletion, -1 represents the same as the browser session)
- String path = cookie.getPath();//path
- String domain = cookie.getDomain();//area
- boolean isSecure = cookie.getSecure();//Is there a security protocol?
- StringBuilder buffer = new StringBuilder();
- buffer.append(name).append("=").append(value).append(";");
- if (maxAge == 0) {
- buffer.append("Expires=Thu Jan 01 08:00:00 CST 1970;");
- } else if (maxAge > 0) {
- buffer.append("Max-Age=").append(maxAge).append(";");
- }
- if (domain != null) {
- buffer.append("domain=").append(domain).append(";");
- }
- if (path != null) {
- buffer.append("path=").append(path).append(";");
- }
- if (isSecure) {
- buffer.append("secure;");
- }
- if (isHttpOnly) {
- buffer.append("HTTPOnly;");
- }
- response.addHeader("Set-Cookie", buffer.toString());
- }
- }
值得一提的是,Java Ee 6.0中的cookie已经设置了httponly,所以如果兼容Java EE 6.0兼容的容器(例如Tomcat 7),可以使用cookie.sethttponly设置HTTPONLY:
cookie.setHttpOnly(true);Java HttpCookie 类的setHttpOnly(Boolean httpOnly) 方法用于指示cookie 是否可以被认为是HTTPOnly。如果设置为 true,则 cookie 不能被 JavaScript 等脚本引擎访问。
句法
public void setHttpOnly(boolean httpOnly)范围
上述方法只需要一个参数:
- httpOnly - 如果 cookie 仅是 HTTP,则表示 true,这意味着它作为 HTTP 请求的一部分可见。
返回
不适用
示例 1
- import java.net.HttpCookie;
- public class JavaHttpCookieSetHttpOnlyExample1 {
- public static void main(String[] args) {
- HttpCookie cookie = new HttpCookie("Student", "1");
- // Indicate whether the cookie can be considered as HTTP Only or not.
- cookie.setHttpOnly(true);
- // Return true if the cookie is considered as HTTPOnly.
- System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());
- }
- }
输出:
Check whether the cookie is HTTPOnly: true示例 2
- import java.net.HttpCookie;
- public class JavaHttpCookieSetHttpOnlyExample2 {
- public static void main(String[] args) {
- HttpCookie cookie = new HttpCookie("Student", "1");
- // Indicate whether the cookie can be considered as HTTP Only or not.
- cookie.setHttpOnly(false);
- // Return false if the cookie is not considered as HTTPOnly.
- System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly());
- }
- }
输出:
Check whether the cookie is HTTPOnly: false示例 3
- import java.net.HttpCookie;
- public class JavaHttpCookieSetHttpOnlyExample3 {
- public static void main(String[] args) {
- HttpCookie cookie1 = new HttpCookie("Student1", "1");
- HttpCookie cookie2 = new HttpCookie("Student2", "2");
- //Indicate whether the cookie can be considered as HTTP Only or not.
- cookie1.setHttpOnly(true);
- cookie2.setHttpOnly(false);
- System.out.println("Check whether the first cookie is HTTPOnly:"+cookie1.isHttpOnly());
- System.out.println("Check whether the second cookie is HTTPOnly:"+cookie2.isHttpOnly());
- }
- }
输出:
- Check whether the first cookie is HTTPOnly:true
- Check whether the second cookie is HTTPOnly:false
-
相关阅读:
苹果Mac电脑L2TP连接公司内部网络失败解决方案
Himall类型帮助类将string类型转换成decimal类型
前端三刺客---CSS
11个程序员必备简捷开发辅助工具
C语言——扫雷游戏最全讲解
着手开发属于自己的第一个Intellij-platform plugin插件程序(三)
【服务器】Java连接redis及使用Java操作redis、使用场景
OpenMPI的安装与运行分布式项目
从浏览器输入url到页面加载(五)请求数据在网线中的故事
基于arm-linux-gcc版本,音乐视频播放器mplayer
- 原文地址:https://blog.csdn.net/allway2/article/details/126121017
