Package org.eclipse.jetty.http

Class UriCompliance

java.lang.Object

org.eclipse.jetty.http.UriCompliance

All Implemented Interfaces:

ComplianceViolation.Mode

public final class UriCompliance
extends Object
implements ComplianceViolation.Mode

URI compliance modes for Jetty request handling. A Compliance mode consists of a set of UriCompliance.Violations which are allowed when the mode is enabled.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	UriCompliance.Violation	These are URI compliance "violations", which may be allowed by the compliance mode.

Field Summary

Fields

Modifier and Type	Field	Description
static final Set<UriCompliance.Violation>	AMBIGUOUS_VIOLATIONS	Set of violations that can trigger a HttpURI.isAmbiguous violation.
static final UriCompliance	DEFAULT	The default compliance mode allows no violations from RFC3986 and is equivalent to RFC3986 compliance.
static final UriCompliance	LEGACY	LEGACY compliance mode that models Jetty-9.4 behavior by allowing UriCompliance.Violation.AMBIGUOUS_PATH_SEGMENT, UriCompliance.Violation.AMBIGUOUS_EMPTY_SEGMENT, UriCompliance.Violation.AMBIGUOUS_PATH_SEPARATOR, UriCompliance.Violation.AMBIGUOUS_PATH_ENCODING and UriCompliance.Violation.UTF16_ENCODINGS.
static final Set<UriCompliance.Violation>	NO_VIOLATION
static final UriCompliance	RFC3986	Compliance mode that exactly follows RFC3986, excluding all URI Violations.
static final UriCompliance	UNAMBIGUOUS	Compliance mode that allows all unambiguous violations.
static final UriCompliance	UNSAFE	Compliance mode that allows all URI Violations, including allowing ambiguous paths in non-canonical form, and illegal characters

Constructor Summary

Constructors

Constructor	Description
UriCompliance(String name, Set<UriCompliance.Violation> violations)

Method Summary

Modifier and Type	Method	Description
boolean	allows(ComplianceViolation violation)
static String	checkUriCompliance(UriCompliance compliance, HttpURI uri, ComplianceViolation.Listener listener)
static UriCompliance	from(String spec)	Create compliance set from string.
static UriCompliance	from(Set<UriCompliance.Violation> violations)	Create compliance set from a set of allowed Violations.
Set<UriCompliance.Violation>	getAllowed()	Get the set of UriCompliance.Violations allowed by this compliance mode.
Set<UriCompliance.Violation>	getKnown()
String	getName()
static boolean	isAmbiguous(Set<UriCompliance.Violation> violations)
static boolean	isPathViolation(UriCompliance.Violation violation)	Test if violation is referencing a HttpURI.path violation.
String	toString()
static UriCompliance	valueOf(String name)
UriCompliance	with(String name, UriCompliance.Violation... violations)	Create a new UriCompliance mode that includes the passed UriCompliance.Violations.
UriCompliance	without(String name, UriCompliance.Violation... violations)	Create a new UriCompliance mode that excludes the passed UriCompliance.Violations.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

NO_VIOLATION

public static final Set<UriCompliance.Violation> NO_VIOLATION

AMBIGUOUS_VIOLATIONS

public static final Set<UriCompliance.Violation> AMBIGUOUS_VIOLATIONS

Set of violations that can trigger a HttpURI.isAmbiguous violation.

RFC3986

public static final UriCompliance RFC3986

Compliance mode that exactly follows RFC3986, excluding all URI Violations.

UNAMBIGUOUS

public static final UriCompliance UNAMBIGUOUS

Compliance mode that allows all unambiguous violations.

DEFAULT

public static final UriCompliance DEFAULT

The default compliance mode allows no violations from RFC3986 and is equivalent to RFC3986 compliance.

LEGACY

public static final UriCompliance LEGACY

LEGACY compliance mode that models Jetty-9.4 behavior by allowing UriCompliance.Violation.AMBIGUOUS_PATH_SEGMENT, UriCompliance.Violation.AMBIGUOUS_EMPTY_SEGMENT, UriCompliance.Violation.AMBIGUOUS_PATH_SEPARATOR, UriCompliance.Violation.AMBIGUOUS_PATH_ENCODING and UriCompliance.Violation.UTF16_ENCODINGS.

UNSAFE

public static final UriCompliance UNSAFE

Compliance mode that allows all URI Violations, including allowing ambiguous paths in non-canonical form, and illegal characters

Constructor Details

UriCompliance

public UriCompliance(String name,
 Set<UriCompliance.Violation> violations)

Method Details

isAmbiguous

public static boolean isAmbiguous(Set<UriCompliance.Violation> violations)

valueOf

public static UriCompliance valueOf(String name)

from

public static UriCompliance from(Set<UriCompliance.Violation> violations)

Create compliance set from a set of allowed Violations.

Parameters:

violations - A string of violations to allow:

Returns:

the compliance from the string spec

from

public static UriCompliance from(String spec)

Create compliance set from string.

Format: <BASE>[,[-]<violation>]...

BASE is one of:

0

No UriCompliance.Violations

*

All UriCompliance.Violations

<name>

The name of a static instance of UriCompliance (e.g. RFC3986).

The remainder of the list can contain then names of UriCompliance.Violations to include them in the mode, or prefixed with a '-' to exclude them from the mode. Examples are:

0,AMBIGUOUS_PATH_PARAMETER

Only allow UriCompliance.Violation.AMBIGUOUS_PATH_PARAMETER

*,-AMBIGUOUS_PATH_PARAMETER

Only all except UriCompliance.Violation.AMBIGUOUS_PATH_PARAMETER

RFC3986,AMBIGUOUS_PATH_PARAMETER

Same as RFC3986 plus UriCompliance.Violation.AMBIGUOUS_PATH_PARAMETER

Parameters:

spec - A string describing the compliance

Returns:

the UriCompliance instance derived from the string description

allows

public boolean allows(ComplianceViolation violation)

Specified by:

allows in interface ComplianceViolation.Mode

Parameters:

violation - The ComplianceViolation to test

Returns:

true iff the violation is allowed by this mode.

getName

public String getName()

Specified by:

getName in interface ComplianceViolation.Mode

Returns:

The name of the compliance violation mode.

getAllowed

public Set<UriCompliance.Violation> getAllowed()

Get the set of UriCompliance.Violations allowed by this compliance mode.

Specified by:

getAllowed in interface ComplianceViolation.Mode

Returns:

The immutable set of UriCompliance.Violations allowed by this compliance mode.

getKnown

public Set<UriCompliance.Violation> getKnown()

Specified by:

getKnown in interface ComplianceViolation.Mode

Returns:

The immutable set of all known violations for this mode.

with

public UriCompliance with(String name,
 UriCompliance.Violation... violations)

Create a new UriCompliance mode that includes the passed UriCompliance.Violations.

Parameters:

name - The name of the new mode

violations - The violations to include

Returns:

A new UriCompliance mode.

without

public UriCompliance without(String name,
 UriCompliance.Violation... violations)

Create a new UriCompliance mode that excludes the passed UriCompliance.Violations.

Parameters:

name - The name of the new mode

violations - The violations to exclude

Returns:

A new UriCompliance mode.

isPathViolation

public static boolean isPathViolation(UriCompliance.Violation violation)

Test if violation is referencing a HttpURI.path violation.

Parameters:

violation - the violation to test.

Returns:

true if violation is a path violation.

toString

public String toString()

Overrides:

toString in class Object

checkUriCompliance

public static String checkUriCompliance(UriCompliance compliance,
 HttpURI uri,
 ComplianceViolation.Listener listener)