org.apache.http.impl.cookie
Class PublicSuffixDomainFilter

java.lang.Object
  extended by org.apache.http.impl.cookie.PublicSuffixDomainFilter
All Implemented Interfaces:
CommonCookieAttributeHandler, CookieAttributeHandler

@Contract(threading=IMMUTABLE_CONDITIONAL)
public class PublicSuffixDomainFilter
extends Object
implements CommonCookieAttributeHandler

Wraps a CookieAttributeHandler and leverages its match method to never match a suffix from a black list. May be used to provide additional security for cross-site attack types by preventing cookies from apparent domains that are not publicly available.

Since:
4.4
See Also:
PublicSuffixList, PublicSuffixMatcher

Constructor Summary
PublicSuffixDomainFilter(CommonCookieAttributeHandler handler, PublicSuffixList suffixList)
           
PublicSuffixDomainFilter(CommonCookieAttributeHandler handler, PublicSuffixMatcher publicSuffixMatcher)
           
 
Method Summary
static CommonCookieAttributeHandler decorate(CommonCookieAttributeHandler handler, PublicSuffixMatcher publicSuffixMatcher)
           
 String getAttributeName()
           
 boolean match(Cookie cookie, CookieOrigin origin)
          Never matches if the cookie's domain is from the blacklist.
 void parse(SetCookie cookie, String value)
          Parse the given cookie attribute value and update the corresponding Cookie property.
 void validate(Cookie cookie, CookieOrigin origin)
          Peforms cookie validation for the given attribute value.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PublicSuffixDomainFilter

public PublicSuffixDomainFilter(CommonCookieAttributeHandler handler,
                                PublicSuffixMatcher publicSuffixMatcher)

PublicSuffixDomainFilter

public PublicSuffixDomainFilter(CommonCookieAttributeHandler handler,
                                PublicSuffixList suffixList)
Method Detail

match

public boolean match(Cookie cookie,
                     CookieOrigin origin)
Never matches if the cookie's domain is from the blacklist.

Specified by:
match in interface CookieAttributeHandler
Parameters:
cookie - Cookie to match
origin - the cookie source to match against
Returns:
true if the match is successful; false otherwise

parse

public void parse(SetCookie cookie,
                  String value)
           throws MalformedCookieException
Description copied from interface: CookieAttributeHandler
Parse the given cookie attribute value and update the corresponding Cookie property.

Specified by:
parse in interface CookieAttributeHandler
Parameters:
cookie - Cookie to be updated
value - cookie attribute value from the cookie response header
Throws:
MalformedCookieException

validate

public void validate(Cookie cookie,
                     CookieOrigin origin)
              throws MalformedCookieException
Description copied from interface: CookieAttributeHandler
Peforms cookie validation for the given attribute value.

Specified by:
validate in interface CookieAttributeHandler
Parameters:
cookie - Cookie to validate
origin - the cookie source to validate against
Throws:
MalformedCookieException - if cookie validation fails for this attribute

getAttributeName

public String getAttributeName()
Specified by:
getAttributeName in interface CommonCookieAttributeHandler

decorate

public static CommonCookieAttributeHandler decorate(CommonCookieAttributeHandler handler,
                                                    PublicSuffixMatcher publicSuffixMatcher)


Copyright © 1999–2017 The Apache Software Foundation. All rights reserved.