Package org.eclipse.jetty.server
Class SecureRequestCustomizer
java.lang.Object
org.eclipse.jetty.server.SecureRequestCustomizer
- All Implemented Interfaces:
HttpConfiguration.Customizer
Customizer that extracts the attribute from an SSLContext
and sets them on the request with ServletRequest.setAttribute(String, Object)
according to Servlet Specification Requirements.
-
Field Summary
-
Constructor Summary
ConstructorDescriptionSecureRequestCustomizer
(boolean sniHostCheck) SecureRequestCustomizer
(boolean sniRequired, boolean sniHostCheck, long stsMaxAgeSeconds, boolean stsIncludeSubdomains) SecureRequestCustomizer
(boolean sniHostCheck, long stsMaxAgeSeconds, boolean stsIncludeSubdomains) -
Method Summary
Modifier and TypeMethodDescriptionprotected void
Customizes the request attributes to be set for SSL requests.void
customize
(Connector connector, HttpConfiguration channelConfig, Request request) protected void
customizeSecure
(Request request) Customizes the request attributes for general secure settings.long
boolean
boolean
boolean
void
setSniHostCheck
(boolean sniHostCheck) void
setSniRequired
(boolean sniRequired) void
setSslSessionAttribute
(String attribute) void
setStsIncludeSubDomains
(boolean stsIncludeSubDomains) void
setStsMaxAge
(long stsMaxAgeSeconds) Set the Strict-Transport-Security max age.void
setStsMaxAge
(long period, TimeUnit units) Convenience method to callsetStsMaxAge(long)
toString()
-
Field Details
-
JAKARTA_SERVLET_REQUEST_X_509_CERTIFICATE
- See Also:
-
JAKARTA_SERVLET_REQUEST_CIPHER_SUITE
- See Also:
-
JAKARTA_SERVLET_REQUEST_KEY_SIZE
- See Also:
-
JAKARTA_SERVLET_REQUEST_SSL_SESSION_ID
- See Also:
-
X509_CERT
- See Also:
-
-
Constructor Details
-
SecureRequestCustomizer
public SecureRequestCustomizer() -
SecureRequestCustomizer
-
SecureRequestCustomizer
public SecureRequestCustomizer(@Name("sniHostCheck") boolean sniHostCheck, @Name("stsMaxAgeSeconds") long stsMaxAgeSeconds, @Name("stsIncludeSubdomains") boolean stsIncludeSubdomains) - Parameters:
sniHostCheck
- True if the SNI Host name must match.stsMaxAgeSeconds
- The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.stsIncludeSubdomains
- If true, a include subdomain property is sent with any Strict-Transport-Security header
-
SecureRequestCustomizer
public SecureRequestCustomizer(@Name("sniRequired") boolean sniRequired, @Name("sniHostCheck") boolean sniHostCheck, @Name("stsMaxAgeSeconds") long stsMaxAgeSeconds, @Name("stsIncludeSubdomains") boolean stsIncludeSubdomains) - Parameters:
sniRequired
- True if a SNI certificate is required.sniHostCheck
- True if the SNI Host name must match.stsMaxAgeSeconds
- The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.stsIncludeSubdomains
- If true, a include subdomain property is sent with any Strict-Transport-Security header
-
-
Method Details
-
isSniHostCheck
public boolean isSniHostCheck()- Returns:
- True if the SNI Host name must match when there is an SNI certificate.
-
setSniHostCheck
public void setSniHostCheck(boolean sniHostCheck) - Parameters:
sniHostCheck
- True if the SNI Host name must match when there is an SNI certificate.
-
isSniRequired
public boolean isSniRequired()- Returns:
- True if SNI is required, else requests will be rejected with 400 response.
- See Also:
-
setSniRequired
public void setSniRequired(boolean sniRequired) - Parameters:
sniRequired
- True if SNI is required, else requests will be rejected with 400 response.- See Also:
-
getStsMaxAge
public long getStsMaxAge()- Returns:
- The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.
-
setStsMaxAge
public void setStsMaxAge(long stsMaxAgeSeconds) Set the Strict-Transport-Security max age.- Parameters:
stsMaxAgeSeconds
- The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.
-
setStsMaxAge
Convenience method to callsetStsMaxAge(long)
- Parameters:
period
- The period in unitsunits
- TheTimeUnit
of the period
-
isStsIncludeSubDomains
public boolean isStsIncludeSubDomains()- Returns:
- true if a include subdomain property is sent with any Strict-Transport-Security header
-
setStsIncludeSubDomains
public void setStsIncludeSubDomains(boolean stsIncludeSubDomains) - Parameters:
stsIncludeSubDomains
- If true, a include subdomain property is sent with any Strict-Transport-Security header
-
customize
- Specified by:
customize
in interfaceHttpConfiguration.Customizer
-
customize
Customizes the request attributes to be set for SSL requests.
The requirements of the Servlet specs are:
- an attribute named "jakarta.servlet.request.ssl_session_id" of type String (since Servlet Spec 3.0).
- an attribute named "jakarta.servlet.request.cipher_suite" of type String.
- an attribute named "jakarta.servlet.request.key_size" of type Integer.
- an attribute named "jakarta.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.
- Parameters:
sslEngine
- the sslEngine to be customized.request
- HttpRequest to be customized.
-
customizeSecure
Customizes the request attributes for general secure settings. The default impl callsRequest.setSecure(boolean)
with true and sets a response header if the Strict-Transport-Security options are set.- Parameters:
request
- the request being customized
-
setSslSessionAttribute
-
getSslSessionAttribute
-
toString
-