Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.http.impl.cookie
Class PublicSuffixFilterHC4

java.lang.Object
  extended by org.apache.http.impl.cookie.PublicSuffixFilterHC4
All Implemented Interfaces:
org.apache.http.cookie.CookieAttributeHandler
public class PublicSuffixFilterHC4
extends java.lang.Object
implements org.apache.http.cookie.CookieAttributeHandler

Wraps a CookieAttributeHandler and leverages its match method to never match a suffix from a black list. May be used to provide additional security for cross-site attack types by preventing cookies from apparent domains that are not publicly available. An uptodate list of suffixes can be obtained from publicsuffix.org

Since:
4.0

Constructor Summary
PublicSuffixFilterHC4(org.apache.http.cookie.CookieAttributeHandler wrapped)
           
 
Method Summary
 boolean match(org.apache.http.cookie.Cookie cookie, org.apache.http.cookie.CookieOrigin origin)
          Never matches if the cookie's domain is from the blacklist.
 void parse(org.apache.http.cookie.SetCookie cookie, java.lang.String value)
           
 void setExceptions(java.util.Collection<java.lang.String> exceptions)
          Sets the exceptions from the blacklist.
 void setPublicSuffixes(java.util.Collection<java.lang.String> suffixes)
          Sets the suffix blacklist patterns.
 void validate(org.apache.http.cookie.Cookie cookie, org.apache.http.cookie.CookieOrigin origin)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PublicSuffixFilterHC4

public PublicSuffixFilterHC4(org.apache.http.cookie.CookieAttributeHandler wrapped)
Method Detail

setPublicSuffixes

public void setPublicSuffixes(java.util.Collection<java.lang.String> suffixes)
Sets the suffix blacklist patterns. A pattern can be "com", "*.jp" TODO add support for patterns like "lib.*.us"

Parameters:
suffixes -

setExceptions

public void setExceptions(java.util.Collection<java.lang.String> exceptions)
Sets the exceptions from the blacklist. Exceptions can not be patterns. TODO add support for patterns

Parameters:
exceptions -

match

public boolean match(org.apache.http.cookie.Cookie cookie,
                     org.apache.http.cookie.CookieOrigin origin)
Never matches if the cookie's domain is from the blacklist.

Specified by:
match in interface org.apache.http.cookie.CookieAttributeHandler

parse

public void parse(org.apache.http.cookie.SetCookie cookie,
                  java.lang.String value)
           throws org.apache.http.cookie.MalformedCookieException
Specified by:
parse in interface org.apache.http.cookie.CookieAttributeHandler
Throws:
org.apache.http.cookie.MalformedCookieException

validate

public void validate(org.apache.http.cookie.Cookie cookie,
                     org.apache.http.cookie.CookieOrigin origin)
              throws org.apache.http.cookie.MalformedCookieException
Specified by:
validate in interface org.apache.http.cookie.CookieAttributeHandler
Throws:
org.apache.http.cookie.MalformedCookieException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD