Rumah >Java >javaTutorial >Bagaimana untuk menetapkan HttpOnly Cookie di Java?
Kuki Httponly ialah penyelesaian keselamatan kuki.
Dalam penyemak imbas yang menyokong kuki httpsahaja (IE6+, FF3.0+), jika atribut "httponly" ditetapkan dalam kuki, skrip JavaScript tidak akan dapat membaca maklumat kuki, yang boleh menghalang dengan berkesan Serangan XSS dan membenarkan aplikasi Laman web lebih selamat.
Walau bagaimanapun, kuki J2EE4 dan J2EE5 tidak menyediakan kaedah untuk menetapkan atribut httponly, jadi jika anda perlu menetapkan atribut httponly, anda perlu mengendalikannya sendiri.
import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletResponse; /** * Cookie Tools */ public class CookieUtil { /** * Set httponly cookie * @param Response HTTP response * @param Cookie cookie object * @param Ishttponly is httponly */ public static void addCookie(HttpServletResponse response, Cookie cookie, boolean isHttpOnly) { String name = cookie.getName();//Cookie name String value = cookie.getValue();//Cookie value int maxAge = cookie.getMaxAge();//Maximum survival time (milliseconds, 0 representative deletion, -1 represents the same as the browser session) String path = cookie.getPath();//path String domain = cookie.getDomain();//area boolean isSecure = cookie.getSecure();//Is there a security protocol? StringBuilder buffer = new StringBuilder(); buffer.append(name).append("=").append(value).append(";"); if (maxAge == 0) { buffer.append("Expires=Thu Jan 01 08:00:00 CST 1970;"); } else if (maxAge > 0) { buffer.append("Max-Age=").append(maxAge).append(";"); } if (domain != null) { buffer.append("domain=").append(domain).append(";"); } if (path != null) { buffer.append("path=").append(path).append(";"); } if (isSecure) { buffer.append("secure;"); } if (isHttpOnly) { buffer.append("HTTPOnly;"); } response.addHeader("Set-Cookie", buffer.toString()); } }
Perlu dinyatakan bahawa kuki dalam Java Ee 6.0 telah menetapkan http sahaja, jadi jika ia serasi dengan bekas serasi Java EE 6.0 (seperti Tomcat 7), anda boleh menggunakan cookie.sethttponly untuk set HTTPONLY:
cookie.setHttpOnly(true);
Kaedah setHttpOnly(Boolean httpOnly) kelas Java HttpCookie digunakan untuk menunjukkan sama ada kuki itu boleh dianggap HTTPOnly. Jika ditetapkan kepada benar, kuki tidak boleh diakses oleh enjin skrip seperti JavaScript.
public void setHttpOnly(boolean httpOnly)
Kaedah di atas hanya memerlukan satu parameter:
httpSahaja - benar jika kuki adalah HTTP sahaja, yang bermaksud Ia kelihatan sebagai sebahagian daripada permintaan HTTP.
Tidak berkenaan
import java.net.HttpCookie; public class JavaHttpCookieSetHttpOnlyExample1 { public static void main(String[] args) { HttpCookie cookie = new HttpCookie("Student", "1"); // Indicate whether the cookie can be considered as HTTP Only or not. cookie.setHttpOnly(true); // Return true if the cookie is considered as HTTPOnly. System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly()); } }
Output:
Semak sama ada kuki itu HTTPSahaja: benar
import java.net.HttpCookie; public class JavaHttpCookieSetHttpOnlyExample2 { public static void main(String[] args) { HttpCookie cookie = new HttpCookie("Student", "1"); // Indicate whether the cookie can be considered as HTTP Only or not. cookie.setHttpOnly(false); // Return false if the cookie is not considered as HTTPOnly. System.out.println("Check whether the cookie is HTTPOnly: "+cookie.isHttpOnly()); } }
Output:
Semak sama ada kuki itu HTTPSahaja: palsu
import java.net.HttpCookie; public class JavaHttpCookieSetHttpOnlyExample3 { public static void main(String[] args) { HttpCookie cookie1 = new HttpCookie("Student1", "1"); HttpCookie cookie2 = new HttpCookie("Student2", "2"); //Indicate whether the cookie can be considered as HTTP Only or not. cookie1.setHttpOnly(true); cookie2.setHttpOnly(false); System.out.println("Check whether the first cookie is HTTPOnly:"+cookie1.isHttpOnly()); System.out.println("Check whether the second cookie is HTTPOnly:"+cookie2.isHttpOnly()); } }
Output:
Semak sama ada kuki pertama HTTPOnly:true
Semak sama ada kuki kedua HTTPOnly:false
Atas ialah kandungan terperinci Bagaimana untuk menetapkan HttpOnly Cookie di Java?. Untuk maklumat lanjut, sila ikut artikel berkaitan lain di laman web China PHP!