Class SameSiteCookieHeaderFilter
- All Implemented Interfaces:
Filter,ChainableFilter,Ordered
Filter which adds the SameSite attribute to cookies, until the Java API supports it
natively, if ever.
Explicitly named cookies are configured and placed into a Map of cookie name to same-site attribute value.
All other cookies may be assigned a default value.
Cookies with an existing same-site cookie flag are left unaltered - copied back into the response without modification.
A single cookie can only have at most one same-site value set. Attempts in the configuration to
give more than one same-site value to a cookie are caught during argument injection and throw an
IllegalArgumentException.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate classAn implementation of theHttpServletResponsewhich adds the same-site flag to Set-Cookie headers for the set of configured cookies.static enumThe allowed same-site cookie attribute values.Nested classes/interfaces inherited from interface net.shibboleth.shared.spring.servlet.ChainableFilter
ChainableFilter.FilterOrder -
Field Summary
FieldsModifier and TypeFieldDescriptionOptional default value to apply.private final org.slf4j.LoggerClass logger.private static final StringThe name of the same-site cookie attribute.Map of cookie name to same-site attribute value.Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoiddestroy()intgetOrder()voidinit(FilterConfig filterConfig) protected voidrunFilter(ServletRequest request, ServletResponse response, FilterChain chain) Subclasses should override this method to be called when the filter is directed to activate.voidSet an optional default value to apply to all unmapped cookies.voidSet the names of cookies to add the same-site attribute to.Methods inherited from class net.shibboleth.shared.servlet.AbstractConditionalFilter
doFilter, getActivationCondition, setActivationCondition
-
Field Details
-
SAMESITE_ATTRIBITE_NAME
The name of the same-site cookie attribute.- See Also:
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
defaultValue
Optional default value to apply. -
sameSiteCookies
Map of cookie name to same-site attribute value.
-
-
Constructor Details
-
SameSiteCookieHeaderFilter
public SameSiteCookieHeaderFilter()Constructor.
-
-
Method Details
-
setSameSiteCookies
public void setSameSiteCookies(@Nullable Map<SameSiteCookieHeaderFilter.SameSiteValue, List<String>> map) Set the names of cookies to add the same-site attribute to.The argument map is flattened to remove the nested collection. The argument map allows duplicate cookie names to appear in order to detect configuration errors which would otherwise not be found during argument injection e.g. trying to set a session identifier cookie as both SameSite=Strict and SameSite=None. Instead, duplicates are detected here, throwing a terminating
IllegalArgumentExceptionif found.- Parameters:
map- the map of same-site attribute values to cookie names.
-
init
- Specified by:
initin interfaceFilter- Overrides:
initin classAbstractConditionalFilter- Throws:
ServletException
-
destroy
public void destroy()- Specified by:
destroyin interfaceFilter- Overrides:
destroyin classAbstractConditionalFilter
-
getOrder
public int getOrder()- Specified by:
getOrderin interfaceChainableFilter- Specified by:
getOrderin interfaceOrdered
-
runFilter
protected void runFilter(@Nonnull ServletRequest request, @Nonnull ServletResponse response, @Nonnull FilterChain chain) throws IOException, ServletException Subclasses should override this method to be called when the filter is directed to activate.- Specified by:
runFilterin classAbstractConditionalFilter- Parameters:
request- servlet requestresponse- servlet responsechain- filter chain- Throws:
IOException- on errorServletException- on error