@Contract(threading=STATELESS) public class PublicSuffixDomainFilter extends Object implements CommonCookieAttributeHandler
CookieAttributeHandler
and leverages
its match method to never match a suffix from a black list. May be used to provide
additional security for cross-site attack types by preventing cookies from apparent
domains that are not publicly available.PublicSuffixList
,
PublicSuffixMatcher
Constructor and Description |
---|
PublicSuffixDomainFilter(CommonCookieAttributeHandler handler,
PublicSuffixList suffixList) |
PublicSuffixDomainFilter(CommonCookieAttributeHandler handler,
PublicSuffixMatcher publicSuffixMatcher) |
Modifier and Type | Method and Description |
---|---|
static CommonCookieAttributeHandler |
decorate(CommonCookieAttributeHandler handler,
PublicSuffixMatcher publicSuffixMatcher) |
String |
getAttributeName() |
boolean |
match(Cookie cookie,
CookieOrigin origin)
Never matches if the cookie's domain is from the blacklist.
|
void |
parse(SetCookie cookie,
String value)
Parse the given cookie attribute value and processChallenge the corresponding
Cookie property. |
void |
validate(Cookie cookie,
CookieOrigin origin)
Performs cookie validation for the given attribute value.
|
public PublicSuffixDomainFilter(CommonCookieAttributeHandler handler, PublicSuffixMatcher publicSuffixMatcher)
public PublicSuffixDomainFilter(CommonCookieAttributeHandler handler, PublicSuffixList suffixList)
public boolean match(Cookie cookie, CookieOrigin origin)
match
in interface CookieAttributeHandler
cookie
- Cookie
to matchorigin
- the cookie source to match againsttrue
if the match is successful; false
otherwisepublic void parse(SetCookie cookie, String value) throws MalformedCookieException
CookieAttributeHandler
Cookie
property.parse
in interface CookieAttributeHandler
cookie
- Cookie
to be updatedvalue
- cookie attribute value from the cookie response headerMalformedCookieException
- if cookie parsing fails for this attributepublic void validate(Cookie cookie, CookieOrigin origin) throws MalformedCookieException
CookieAttributeHandler
validate
in interface CookieAttributeHandler
cookie
- Cookie
to validateorigin
- the cookie source to validate againstMalformedCookieException
- if cookie validation fails for this attributepublic String getAttributeName()
getAttributeName
in interface CommonCookieAttributeHandler
public static CommonCookieAttributeHandler decorate(CommonCookieAttributeHandler handler, PublicSuffixMatcher publicSuffixMatcher)
Copyright © 1999–2021 The Apache Software Foundation. All rights reserved.