Limit to 10 attributes. Add option to delete attribute.

apache · Dec 3, 2024 · a95bf2b · a95bf2b
1 parent c28b542
commit a95bf2b
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 8 deletions.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
@@ -278,6 +278,11 @@
         Examples. Add a hard coded limit of 10 attributes per session for the
         servlet session example. (markt)
       </add>
+      <add>
+        Examples. Add the ability to delete session attributes and add a hard
+        coded limit of 10 attributes per session for the JSP form authentication
+        example. (markt)
+      </add>
     </changelog>
   </subsection>
   <subsection name = "Other">

diff --git a/webapps/examples/jsp/security/protected/index.jsp b/webapps/examples/jsp/security/protected/index.jsp
@@ -14,8 +14,10 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 --%>
-<%@ page import="java.util.Enumeration" %>
+<%@ page import="java.net.URLEncoder" %>
+<%@ page import="java.nio.charset.StandardCharsets" %>
 <%@ page import="java.security.Principal" %>
+<%@ page import="java.util.Enumeration" %>
 <%@ page import="org.apache.catalina.TomcatPrincipal" %>
 <%
   if (request.getParameter("logoff") != null) {
@@ -121,31 +123,62 @@ enter it here:
 %>
 <br><br>
 
+<%
+  // Count the existing attributes
+  int sessionAttributeCount = 0;
+  Enumeration<String> names = session.getAttributeNames();
+  while (names.hasMoreElements()) {
+    names.nextElement();
+    sessionAttributeCount++;
+  }
+
+  String dataName = request.getParameter("dataName");
+  String dataValue = request.getParameter("dataValue");
+  if (dataName != null) {
+    if (dataValue == null) {
+      session.removeAttribute(dataName);
+      sessionAttributeCount--;
+    } else if (sessionAttributeCount < 10) {
+      session.setAttribute(dataName, dataValue);
+      sessionAttributeCount++;
+    } else {
+%>
+<p>Session attribute [<%= util.HTMLFilter.filter(dataName) %>] not added as there are already 10 attributes in the
+session. Delete an attribute before adding another.</p>
+<%
+    }
+  }
+
+  if (sessionAttributeCount < 10) {
+%>
 To add some data to the authenticated session, enter it here:
 <form method="GET" action='<%= response.encodeURL("index.jsp") %>'>
 <input type="text" name="dataName">
 <input type="text" name="dataValue">
 <input type="submit" >
 </form>
-<br><br>
-
 <%
-  String dataName = request.getParameter("dataName");
-  if (dataName != null) {
-    session.setAttribute(dataName, request.getParameter("dataValue"));
+  } else {
+%>
+<p>You may not add more than 10 attributes to this session.</p>
+<%
   }
 %>
+<br><br>
+
 <p>The authenticated session contains the following attributes:</p>
 <table>
 <tr><th>Name</th><th>Value</th></tr>
 <%
-  Enumeration<String> names = session.getAttributeNames();
+  names = session.getAttributeNames();
   while (names.hasMoreElements()) {
     String name = names.nextElement();
+    String value = session.getAttribute(name).toString();
 %>
 <tr>
   <td><%= util.HTMLFilter.filter(name) %></td>
-  <td><%= util.HTMLFilter.filter(String.valueOf(session.getAttribute(name))) %></td>
+  <td><%= util.HTMLFilter.filter(value) %></td>
+  <td><a href='<%= response.encodeURL("index.jsp?dataName=" + URLEncoder.encode(name, StandardCharsets.UTF_8)) %>'>delete</a></td>
 </tr>
 <%
   }