Module org.eclipse.jetty.server
Package org.eclipse.jetty.server

Class SecureRequestCustomizer

java.lang.Object
org.eclipse.jetty.server.SecureRequestCustomizer
All Implemented Interfaces:
HttpConfiguration.Customizer
public class SecureRequestCustomizer extends Object implements HttpConfiguration.Customizer

Customizer that extracts the attribute of an SSLContext and makes them available via Attributes.getAttribute(String) using the names:

  • EndPoint.SslSessionData.ATTRIBUTE for EndPoint.SslSessionData
  • X509_ATTRIBUTE for the local certificate as a X509 instance
See Also:
  • EndPoint.SslSessionData

  • Field Details

  • Constructor Details

    • SecureRequestCustomizer

      public SecureRequestCustomizer()

    • SecureRequestCustomizer

      public SecureRequestCustomizer(@Name("sniHostCheck") boolean sniHostCheck)

    • SecureRequestCustomizer

      public SecureRequestCustomizer(@Name("sniHostCheck") boolean sniHostCheck, @Name("stsMaxAgeSeconds") long stsMaxAgeSeconds, @Name("stsIncludeSubdomains") boolean stsIncludeSubdomains)
      Parameters:
      sniHostCheck - True if the SNI Host name must match.
      stsMaxAgeSeconds - The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.
      stsIncludeSubdomains - If true, a include subdomain property is sent with any Strict-Transport-Security header

    • SecureRequestCustomizer

      public SecureRequestCustomizer(@Name("sniRequired") boolean sniRequired, @Name("sniHostCheck") boolean sniHostCheck, @Name("stsMaxAgeSeconds") long stsMaxAgeSeconds, @Name("stsIncludeSubdomains") boolean stsIncludeSubdomains)
      Parameters:
      sniRequired - True if a SNI certificate is required.
      sniHostCheck - True if the SNI Host name must match.
      stsMaxAgeSeconds - The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.
      stsIncludeSubdomains - If true, a include subdomain property is sent with any Strict-Transport-Security header

  • Method Details

    • isSniHostCheck

      public boolean isSniHostCheck()
      Returns:
      True if the SNI Host name must match when there is an SNI certificate.

    • setSniHostCheck

      public void setSniHostCheck(boolean sniHostCheck)
      Parameters:
      sniHostCheck - True if the SNI Host name must match when there is an SNI certificate.

    • isSniRequired

      public boolean isSniRequired()
      Returns:
      True if SNI is required, else requests will be rejected with 400 response.
      See Also:
      • SslContextFactory.Server.isSniRequired()

    • setSniRequired

      public void setSniRequired(boolean sniRequired)
      Parameters:
      sniRequired - True if SNI is required, else requests will be rejected with 400 response.
      See Also:
      • SslContextFactory.Server.setSniRequired(boolean)

    • getStsMaxAge

      public long getStsMaxAge()
      Returns:
      The max age in seconds for a Strict-Transport-Security response header. If set less than zero then no header is sent.

    • setStsMaxAge

      public void setStsMaxAge(long stsMaxAgeSeconds)
      Sets the Strict-Transport-Security max age in seconds.
      Parameters:
      stsMaxAgeSeconds - the max age in seconds for the Strict-Transport-Security response header. If less than zero then no Strict-Transport-Security response header is set.

    • setStsMaxAge

      public void setStsMaxAge(long period, TimeUnit units)
      Sets the Strict-Transport-Security max age in the given time unit.
      Parameters:
      period - The max age value
      units - The TimeUnit of the max age

    • isStsIncludeSubDomains

      public boolean isStsIncludeSubDomains()
      Returns:
      whether the includeSubdomains attribute is sent with the Strict-Transport-Security response header

    • setStsIncludeSubDomains

      public void setStsIncludeSubDomains(boolean stsIncludeSubDomains)
      Set whether the includeSubdomains attribute is sent with the Strict-Transport-Security response header.
      Parameters:
      stsIncludeSubDomains - whether the includeSubdomains attribute is sent with the Strict-Transport-Security response header

    • customize

      public Request customize(Request request, org.eclipse.jetty.http.HttpFields.Mutable responseHeaders)
      Specified by:
      customize in interface HttpConfiguration.Customizer

    • newSecureRequest

      protected Request newSecureRequest(Request request, org.eclipse.jetty.io.EndPoint.SslSessionData sslSessionData)

    • checkSni

      protected void checkSni(Request request, SSLSession session)

    • toString

      public String toString()
      Overrides:
      toString in class Object