Package org.apache.http.impl.cookie

Class PublicSuffixDomainFilter

java.lang.Object

org.apache.http.impl.cookie.PublicSuffixDomainFilter

All Implemented Interfaces:

CommonCookieAttributeHandler, CookieAttributeHandler

@Contract(threading=IMMUTABLE_CONDITIONAL)
public class PublicSuffixDomainFilter
extends Object
implements CommonCookieAttributeHandler

Wraps a CookieAttributeHandler and leverages its match method to never match a suffix from a black list. May be used to provide additional security for cross-site attack types by preventing cookies from apparent domains that are not publicly available.

Since:

4.4

See Also:

PublicSuffixList, PublicSuffixMatcher

Constructor Summary

Constructors

Constructor	Description
PublicSuffixDomainFilter(CommonCookieAttributeHandler handler, PublicSuffixList suffixList)
PublicSuffixDomainFilter(CommonCookieAttributeHandler handler, PublicSuffixMatcher publicSuffixMatcher)

Method Summary

Modifier and Type	Method	Description
static CommonCookieAttributeHandler	decorate(CommonCookieAttributeHandler handler, PublicSuffixMatcher publicSuffixMatcher)
String	getAttributeName()
boolean	match(Cookie cookie, CookieOrigin origin)	Never matches if the cookie's domain is from the blacklist.
void	parse(SetCookie cookie, String value)	Parse the given cookie attribute value and update the corresponding Cookie property.
void	validate(Cookie cookie, CookieOrigin origin)	Peforms cookie validation for the given attribute value.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PublicSuffixDomainFilter

public PublicSuffixDomainFilter(CommonCookieAttributeHandler handler,
                                PublicSuffixMatcher publicSuffixMatcher)

PublicSuffixDomainFilter

public PublicSuffixDomainFilter(CommonCookieAttributeHandler handler,
                                PublicSuffixList suffixList)

Method Detail

match

public boolean match(Cookie cookie,
                     CookieOrigin origin)

Never matches if the cookie's domain is from the blacklist.

Specified by:

match in interface CookieAttributeHandler

Parameters:

cookie - Cookie to match

origin - the cookie source to match against

Returns:

true if the match is successful; false otherwise

parse

public void parse(SetCookie cookie,
                  String value)
           throws MalformedCookieException

Description copied from interface: CookieAttributeHandler

Parse the given cookie attribute value and update the corresponding Cookie property.

Specified by:

parse in interface CookieAttributeHandler

Parameters:

cookie - Cookie to be updated

value - cookie attribute value from the cookie response header

Throws:

MalformedCookieException

validate

public void validate(Cookie cookie,
                     CookieOrigin origin)
              throws MalformedCookieException

Description copied from interface: CookieAttributeHandler

Peforms cookie validation for the given attribute value.

Specified by:

validate in interface CookieAttributeHandler

Parameters:

cookie - Cookie to validate

origin - the cookie source to validate against

Throws:

MalformedCookieException - if cookie validation fails for this attribute

getAttributeName

public String getAttributeName()

Specified by:

getAttributeName in interface CommonCookieAttributeHandler

decorate

public static CommonCookieAttributeHandler decorate(CommonCookieAttributeHandler handler,
                                                    PublicSuffixMatcher publicSuffixMatcher)