This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new a95bf2b030 Limit to 10 attributes. Add option to delete attribute.
a95bf2b030 is described below
commit a95bf2b0303442a2c9a1ac364b0e63b56049e33a
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Dec 3 17:45:03 2024 +0000
Limit to 10 attributes. Add option to delete attribute.
---
webapps/docs/changelog.xml | 5 +++
webapps/examples/jsp/security/protected/index.jsp | 49 +++++++++++++++++++----
2 files changed, 46 insertions(+), 8 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e824346585..5755cadf0e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -278,6 +278,11 @@
Examples. Add a hard coded limit of 10 attributes per session for the
servlet session example. (markt)
</add>
+ <add>
+ Examples. Add the ability to delete session attributes and add a hard
+ coded limit of 10 attributes per session for the JSP form
authentication
+ example. (markt)
+ </add>
</changelog>
</subsection>
<subsection name = "Other">
diff --git a/webapps/examples/jsp/security/protected/index.jsp
b/webapps/examples/jsp/security/protected/index.jsp
index 09c23e7219..987a30fd18 100644
--- a/webapps/examples/jsp/security/protected/index.jsp
+++ b/webapps/examples/jsp/security/protected/index.jsp
@@ -14,8 +14,10 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
-<%@ page import="java.util.Enumeration" %>
+<%@ page import="java.net.URLEncoder" %>
+<%@ page import="java.nio.charset.StandardCharsets" %>
<%@ page import="java.security.Principal" %>
+<%@ page import="java.util.Enumeration" %>
<%@ page import="org.apache.catalina.TomcatPrincipal" %>
<%
if (request.getParameter("logoff") != null) {
@@ -121,31 +123,62 @@ enter it here:
%>
<br><br>
+<%
+ // Count the existing attributes
+ int sessionAttributeCount = 0;
+ Enumeration<String> names = session.getAttributeNames();
+ while (names.hasMoreElements()) {
+ names.nextElement();
+ sessionAttributeCount++;
+ }
+
+ String dataName = request.getParameter("dataName");
+ String dataValue = request.getParameter("dataValue");
+ if (dataName != null) {
+ if (dataValue == null) {
+ session.removeAttribute(dataName);
+ sessionAttributeCount--;
+ } else if (sessionAttributeCount < 10) {
+ session.setAttribute(dataName, dataValue);
+ sessionAttributeCount++;
+ } else {
+%>
+<p>Session attribute [<%= util.HTMLFilter.filter(dataName) %>] not added as
there are already 10 attributes in the
+session. Delete an attribute before adding another.</p>
+<%
+ }
+ }
+
+ if (sessionAttributeCount < 10) {
+%>
To add some data to the authenticated session, enter it here:
<form method="GET" action='<%= response.encodeURL("index.jsp") %>'>
<input type="text" name="dataName">
<input type="text" name="dataValue">
<input type="submit" >
</form>
-<br><br>
-
<%
- String dataName = request.getParameter("dataName");
- if (dataName != null) {
- session.setAttribute(dataName, request.getParameter("dataValue"));
+ } else {
+%>
+<p>You may not add more than 10 attributes to this session.</p>
+<%
}
%>
+<br><br>
+
<p>The authenticated session contains the following attributes:</p>
<table>
<tr><th>Name</th><th>Value</th></tr>
<%
- Enumeration<String> names = session.getAttributeNames();
+ names = session.getAttributeNames();
while (names.hasMoreElements()) {
String name = names.nextElement();
+ String value = session.getAttribute(name).toString();
%>
<tr>
<td><%= util.HTMLFilter.filter(name) %></td>
- <td><%= util.HTMLFilter.filter(String.valueOf(session.getAttribute(name)))
%></td>
+ <td><%= util.HTMLFilter.filter(value) %></td>
+ <td><a href='<%= response.encodeURL("index.jsp?dataName=" +
URLEncoder.encode(name, StandardCharsets.UTF_8)) %>'>delete</a></td>
</tr>
<%
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
