Class SecureRequestCustomizer

java.lang.Object

org.eclipse.jetty.server.SecureRequestCustomizer

All Implemented Interfaces:

HttpConfiguration.Customizer

public class SecureRequestCustomizer
extends Object
implements HttpConfiguration.Customizer

Customizer that extracts the attribute of an SSLContext and makes them available via Attributes.getAttribute(String) using the names:

• EndPoint.SslSessionData.ATTRIBUTE for EndPoint.SslSessionData
• X509_ATTRIBUTE for the local certificate as a X509 instance

See Also:

• EndPoint.SslSessionData

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
protected static class	SecureRequestCustomizer.SecureRequest
protected class	SecureRequestCustomizer.SecureRequestWithSslSessionData

Field Summary

Fields

Modifier and Type	Field	Description
static final String	X509_ATTRIBUTE

Constructor Summary

Constructors

Constructor	Description
SecureRequestCustomizer()
SecureRequestCustomizer(boolean sniHostCheck)
SecureRequestCustomizer(boolean sniRequired, boolean sniHostCheck, long stsMaxAgeSeconds, boolean stsIncludeSubdomains)
SecureRequestCustomizer(boolean sniHostCheck, long stsMaxAgeSeconds, boolean stsIncludeSubdomains)

Method Summary

Modifier and Type	Method	Description
protected void	checkSni(Request request, SSLSession session)
Request	customize(Request request, HttpFields.Mutable responseHeaders)
long	getStsMaxAge()
boolean	isSniHostCheck()
boolean	isSniRequired()
boolean	isStsIncludeSubDomains()
protected Request	newSecureRequest(Request request, EndPoint.SslSessionData sslSessionData)
protected String	retrieveSni(Request request, SSLSession session)
void	setSniHostCheck(boolean sniHostCheck)
void	setSniRequired(boolean sniRequired)
void	setStsIncludeSubDomains(boolean stsIncludeSubDomains)	Set whether the includeSubdomains attribute is sent with the Strict-Transport-Security response header.
void	setStsMaxAge(long stsMaxAgeSeconds)	Sets the Strict-Transport-Security max age in seconds.
void	setStsMaxAge(long period, TimeUnit units)	Sets the Strict-Transport-Security max age in the given time unit.
String	toString()

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

X509_ATTRIBUTE

public static final String X509_ATTRIBUTE

See Also:

• Constant Field Values

Constructor Details

SecureRequestCustomizer

public SecureRequestCustomizer()

SecureRequestCustomizer

public SecureRequestCustomizer(@Name("sniHostCheck")
 boolean sniHostCheck)

SecureRequestCustomizer

public SecureRequestCustomizer(@Name("sniHostCheck")
 boolean sniHostCheck,
 @Name("stsMaxAgeSeconds")
 long stsMaxAgeSeconds,
 @Name("stsIncludeSubdomains")
 boolean stsIncludeSubdomains)

Parameters:

sniHostCheck - True if the SNI Host name must match.

stsMaxAgeSeconds - The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.

stsIncludeSubdomains - If true, an include subdomain property is sent with any Strict-Transport-Security header

SecureRequestCustomizer

public SecureRequestCustomizer(@Name("sniRequired")
 boolean sniRequired,
 @Name("sniHostCheck")
 boolean sniHostCheck,
 @Name("stsMaxAgeSeconds")
 long stsMaxAgeSeconds,
 @Name("stsIncludeSubdomains")
 boolean stsIncludeSubdomains)

Parameters:

sniRequired - True if a SNI certificate is required.

sniHostCheck - True if the SNI Host name must match.

stsMaxAgeSeconds - The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.

stsIncludeSubdomains - If true, an include subdomain property is sent with any Strict-Transport-Security header

Method Details

isSniHostCheck

public boolean isSniHostCheck()

Returns:

True if the SNI Host name must match when there is an SNI certificate.

setSniHostCheck

public void setSniHostCheck(boolean sniHostCheck)

Parameters:

sniHostCheck - True if the SNI Host name must match when there is an SNI certificate.

isSniRequired

public boolean isSniRequired()

Returns:

True if SNI is required, else requests will be rejected with 400 response.

See Also:

• SslContextFactory.Server.isSniRequired()

setSniRequired

public void setSniRequired(boolean sniRequired)

Parameters:

sniRequired - True if SNI is required, else requests will be rejected with 400 response.

See Also:

• SslContextFactory.Server.setSniRequired(boolean)

getStsMaxAge

public long getStsMaxAge()

Returns:

The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.

setStsMaxAge

public void setStsMaxAge(long stsMaxAgeSeconds)

Sets the Strict-Transport-Security max age in seconds.

Parameters:

stsMaxAgeSeconds - the max age in seconds for the Strict-Transport-Security response header. If less than zero then no Strict-Transport-Security response header is set.

setStsMaxAge

public void setStsMaxAge(long period,
 TimeUnit units)

Sets the Strict-Transport-Security max age in the given time unit.

Parameters:

period - The max age value

units - The TimeUnit of the max age

isStsIncludeSubDomains

public boolean isStsIncludeSubDomains()

Returns:

whether the includeSubdomains attribute is sent with the Strict-Transport-Security response header

setStsIncludeSubDomains

public void setStsIncludeSubDomains(boolean stsIncludeSubDomains)

Set whether the includeSubdomains attribute is sent with the Strict-Transport-Security response header.

Parameters:

stsIncludeSubDomains - whether the includeSubdomains attribute is sent with the Strict-Transport-Security response header

customize

public Request customize(Request request,
 HttpFields.Mutable responseHeaders)

Specified by:

customize in interface HttpConfiguration.Customizer

newSecureRequest

protected Request newSecureRequest(Request request,
 EndPoint.SslSessionData sslSessionData)

checkSni

protected void checkSni(Request request,
 SSLSession session)

retrieveSni

protected String retrieveSni(Request request,
 SSLSession session)

toString

public String toString()

Overrides:

toString in class Object