Package org.eclipse.jetty.server

Class SecureRequestCustomizer

java.lang.Object

org.eclipse.jetty.server.SecureRequestCustomizer

All Implemented Interfaces:

HttpConfiguration.Customizer

public class SecureRequestCustomizer
extends Object
implements HttpConfiguration.Customizer

Customizer that extracts the attribute from an SSLContext and sets them on the request with ServletRequest.setAttribute(String, Object) according to Servlet Specification Requirements.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	JAVAX_SERVLET_REQUEST_CIPHER_SUITE
static final String	JAVAX_SERVLET_REQUEST_KEY_SIZE
static final String	JAVAX_SERVLET_REQUEST_SSL_SESSION_ID
static final String	JAVAX_SERVLET_REQUEST_X_509_CERTIFICATE
static final String	X509_CERT

Constructor Summary

Constructors

Constructor	Description
SecureRequestCustomizer()
SecureRequestCustomizer(boolean sniHostCheck)
SecureRequestCustomizer(boolean sniRequired, boolean sniHostCheck, long stsMaxAgeSeconds, boolean stsIncludeSubdomains)
SecureRequestCustomizer(boolean sniHostCheck, long stsMaxAgeSeconds, boolean stsIncludeSubdomains)

Method Summary

Modifier and Type	Method	Description
protected void	customize(SSLEngine sslEngine, Request request)	Customizes the request attributes to be set for SSL requests.
void	customize(Connector connector, HttpConfiguration channelConfig, Request request)
protected void	customizeSecure(Request request)	Customizes the request attributes for general secure settings.
String	getSslSessionAttribute()
long	getStsMaxAge()
boolean	isSniHostCheck()
boolean	isSniRequired()
boolean	isStsIncludeSubDomains()
void	setSniHostCheck(boolean sniHostCheck)
void	setSniRequired(boolean sniRequired)
void	setSslSessionAttribute(String attribute)
void	setStsIncludeSubDomains(boolean stsIncludeSubDomains)
void	setStsMaxAge(long stsMaxAgeSeconds)	Set the Strict-Transport-Security max age.
void	setStsMaxAge(long period, TimeUnit units)	Convenience method to call setStsMaxAge(long)
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

JAVAX_SERVLET_REQUEST_X_509_CERTIFICATE

public static final String JAVAX_SERVLET_REQUEST_X_509_CERTIFICATE

See Also:

• Constant Field Values

JAVAX_SERVLET_REQUEST_CIPHER_SUITE

public static final String JAVAX_SERVLET_REQUEST_CIPHER_SUITE

See Also:

• Constant Field Values

JAVAX_SERVLET_REQUEST_KEY_SIZE

public static final String JAVAX_SERVLET_REQUEST_KEY_SIZE

See Also:

• Constant Field Values

JAVAX_SERVLET_REQUEST_SSL_SESSION_ID

public static final String JAVAX_SERVLET_REQUEST_SSL_SESSION_ID

See Also:

• Constant Field Values

X509_CERT

public static final String X509_CERT

See Also:

• Constant Field Values

Constructor Details

SecureRequestCustomizer

public SecureRequestCustomizer()

SecureRequestCustomizer

public SecureRequestCustomizer(@Name("sniHostCheck")
 boolean sniHostCheck)

SecureRequestCustomizer

public SecureRequestCustomizer(@Name("sniHostCheck")
 boolean sniHostCheck,
 @Name("stsMaxAgeSeconds")
 long stsMaxAgeSeconds,
 @Name("stsIncludeSubdomains")
 boolean stsIncludeSubdomains)

Parameters:

sniHostCheck - True if the SNI Host name must match.

stsMaxAgeSeconds - The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.

stsIncludeSubdomains - If true, a include subdomain property is sent with any Strict-Transport-Security header

SecureRequestCustomizer

public SecureRequestCustomizer(@Name("sniRequired")
 boolean sniRequired,
 @Name("sniHostCheck")
 boolean sniHostCheck,
 @Name("stsMaxAgeSeconds")
 long stsMaxAgeSeconds,
 @Name("stsIncludeSubdomains")
 boolean stsIncludeSubdomains)

Parameters:

sniRequired - True if a SNI certificate is required.

sniHostCheck - True if the SNI Host name must match.

stsMaxAgeSeconds - The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.

stsIncludeSubdomains - If true, a include subdomain property is sent with any Strict-Transport-Security header

Method Details

isSniHostCheck

public boolean isSniHostCheck()

Returns:

True if the SNI Host name must match when there is an SNI certificate.

setSniHostCheck

public void setSniHostCheck(boolean sniHostCheck)

Parameters:

sniHostCheck - True if the SNI Host name must match when there is an SNI certificate.

isSniRequired

public boolean isSniRequired()

Returns:

True if SNI is required, else requests will be rejected with 400 response.

See Also:

• SslContextFactory.Server.isSniRequired()

setSniRequired

public void setSniRequired(boolean sniRequired)

Parameters:

sniRequired - True if SNI is required, else requests will be rejected with 400 response.

See Also:

• SslContextFactory.Server.setSniRequired(boolean)

getStsMaxAge

public long getStsMaxAge()

Returns:

The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.

setStsMaxAge

public void setStsMaxAge(long stsMaxAgeSeconds)

Set the Strict-Transport-Security max age.

Parameters:

stsMaxAgeSeconds - The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.

setStsMaxAge

public void setStsMaxAge(long period,
 TimeUnit units)

Convenience method to call setStsMaxAge(long)

Parameters:

period - The period in units

units - The TimeUnit of the period

isStsIncludeSubDomains

public boolean isStsIncludeSubDomains()

Returns:

true if a include subdomain property is sent with any Strict-Transport-Security header

setStsIncludeSubDomains

public void setStsIncludeSubDomains(boolean stsIncludeSubDomains)

Parameters:

stsIncludeSubDomains - If true, a include subdomain property is sent with any Strict-Transport-Security header

customize

public void customize(Connector connector,
 HttpConfiguration channelConfig,
 Request request)

Specified by:

customize in interface HttpConfiguration.Customizer

customize

protected void customize(SSLEngine sslEngine,
 Request request)

Customizes the request attributes to be set for SSL requests.

The requirements of the Servlet specs are:

• an attribute named "javax.servlet.request.ssl_session_id" of type String (since Servlet Spec 3.0).
• an attribute named "javax.servlet.request.cipher_suite" of type String.
• an attribute named "javax.servlet.request.key_size" of type Integer.
• an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.

Parameters:

sslEngine - the sslEngine to be customized.

request - HttpRequest to be customized.

customizeSecure

protected void customizeSecure(Request request)

Customizes the request attributes for general secure settings. The default impl calls Request.setSecure(boolean) with true and sets a response header if the Strict-Transport-Security options are set.

Parameters:

request - the request being customized

setSslSessionAttribute

public void setSslSessionAttribute(String attribute)

getSslSessionAttribute

public String getSslSessionAttribute()

toString

public String toString()

Overrides:

toString in class Object