Package org.eclipse.jetty.server

Class SecureRequestCustomizer

  • All Implemented Interfaces:
    HttpConfiguration.Customizer
    public class SecureRequestCustomizer
extends java.lang.Object
implements HttpConfiguration.Customizer

    Customizer that extracts the attribute from an SSLContext and sets them on the request with ServletRequest.setAttribute(String, Object) according to Servlet Specification Requirements.

    • Field Detail

      • JAVAX_SERVLET_REQUEST_X_509_CERTIFICATE

        public static final java.lang.String JAVAX_SERVLET_REQUEST_X_509_CERTIFICATE
        See Also:
        Constant Field Values

      • JAVAX_SERVLET_REQUEST_CIPHER_SUITE

        public static final java.lang.String JAVAX_SERVLET_REQUEST_CIPHER_SUITE
        See Also:
        Constant Field Values

      • JAVAX_SERVLET_REQUEST_KEY_SIZE

        public static final java.lang.String JAVAX_SERVLET_REQUEST_KEY_SIZE
        See Also:
        Constant Field Values

      • JAVAX_SERVLET_REQUEST_SSL_SESSION_ID

        public static final java.lang.String JAVAX_SERVLET_REQUEST_SSL_SESSION_ID
        See Also:
        Constant Field Values

    • Constructor Detail

      • SecureRequestCustomizer

        public SecureRequestCustomizer()

      • SecureRequestCustomizer

        public SecureRequestCustomizer​(@Name("sniHostCheck")
                               boolean sniHostCheck)

      • SecureRequestCustomizer

        public SecureRequestCustomizer​(@Name("sniHostCheck")
                               boolean sniHostCheck,
                               @Name("stsMaxAgeSeconds")
                               long stsMaxAgeSeconds,
                               @Name("stsIncludeSubdomains")
                               boolean stsIncludeSubdomains)
        Parameters:
        sniHostCheck - True if the SNI Host name must match.
        stsMaxAgeSeconds - The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.
        stsIncludeSubdomains - If true, a include subdomain property is sent with any Strict-Transport-Security header

      • SecureRequestCustomizer

        public SecureRequestCustomizer​(@Name("sniRequired")
                               boolean sniRequired,
                               @Name("sniHostCheck")
                               boolean sniHostCheck,
                               @Name("stsMaxAgeSeconds")
                               long stsMaxAgeSeconds,
                               @Name("stsIncludeSubdomains")
                               boolean stsIncludeSubdomains)
        Parameters:
        sniRequired - True if a SNI certificate is required.
        sniHostCheck - True if the SNI Host name must match.
        stsMaxAgeSeconds - The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.
        stsIncludeSubdomains - If true, a include subdomain property is sent with any Strict-Transport-Security header

    • Method Detail

      • isSniHostCheck

        public boolean isSniHostCheck()
        Returns:
        True if the SNI Host name must match when there is an SNI certificate.

      • setSniHostCheck

        public void setSniHostCheck​(boolean sniHostCheck)
        Parameters:
        sniHostCheck - True if the SNI Host name must match when there is an SNI certificate.

      • getStsMaxAge

        public long getStsMaxAge()
        Returns:
        The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.

      • setStsMaxAge

        public void setStsMaxAge​(long stsMaxAgeSeconds)
        Set the Strict-Transport-Security max age.
        Parameters:
        stsMaxAgeSeconds - The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.

      • setStsMaxAge

        public void setStsMaxAge​(long period,
                         java.util.concurrent.TimeUnit units)
        Convenience method to call setStsMaxAge(long)
        Parameters:
        period - The period in units
        units - The TimeUnit of the period

      • isStsIncludeSubDomains

        public boolean isStsIncludeSubDomains()
        Returns:
        true if a include subdomain property is sent with any Strict-Transport-Security header

      • setStsIncludeSubDomains

        public void setStsIncludeSubDomains​(boolean stsIncludeSubDomains)
        Parameters:
        stsIncludeSubDomains - If true, a include subdomain property is sent with any Strict-Transport-Security header

      • customizeSecure

        protected void customizeSecure​(Request request)
        Customizes the request attributes for general secure settings. The default impl calls Request.setSecure(boolean) with true and sets a response header if the Strict-Transport-Security options are set.
        Parameters:
        request - the request being customized

      • customize

        protected void customize​(javax.net.ssl.SSLEngine sslEngine,
                         Request request)

        Customizes the request attributes to be set for SSL requests.

        The requirements of the Servlet specs are:

        • an attribute named "javax.servlet.request.ssl_session_id" of type String (since Servlet Spec 3.0).
        • an attribute named "javax.servlet.request.cipher_suite" of type String.
        • an attribute named "javax.servlet.request.key_size" of type Integer.
        • an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.
        Parameters:
        sslEngine - the sslEngine to be customized.
        request - HttpRequest to be customized.

      • setSslSessionAttribute

        public void setSslSessionAttribute​(java.lang.String attribute)

      • getSslSessionAttribute

        public java.lang.String getSslSessionAttribute()

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object