Class SameSiteCookieHeaderFilter.SameSiteResponseProxy

java.lang.Object
javax.servlet.ServletResponseWrapper
javax.servlet.http.HttpServletResponseWrapper
net.shibboleth.utilities.java.support.net.SameSiteCookieHeaderFilter.SameSiteResponseProxy
All Implemented Interfaces:
javax.servlet.http.HttpServletResponse, javax.servlet.ServletResponse
Enclosing class:
SameSiteCookieHeaderFilter

private class SameSiteCookieHeaderFilter.SameSiteResponseProxy
extends javax.servlet.http.HttpServletResponseWrapper
An implementation of the HttpServletResponse which adds the same-site flag to Set-Cookie headers for the set of configured cookies.
  • Field Summary

    Fields
    Modifier and Type Field Description
    private javax.servlet.http.HttpServletResponse response
    The response.

    Fields inherited from interface javax.servlet.http.HttpServletResponse

    SC_ACCEPTED, SC_BAD_GATEWAY, SC_BAD_REQUEST, SC_CONFLICT, SC_CONTINUE, SC_CREATED, SC_EXPECTATION_FAILED, SC_FORBIDDEN, SC_FOUND, SC_GATEWAY_TIMEOUT, SC_GONE, SC_HTTP_VERSION_NOT_SUPPORTED, SC_INTERNAL_SERVER_ERROR, SC_LENGTH_REQUIRED, SC_METHOD_NOT_ALLOWED, SC_MOVED_PERMANENTLY, SC_MOVED_TEMPORARILY, SC_MULTIPLE_CHOICES, SC_NO_CONTENT, SC_NON_AUTHORITATIVE_INFORMATION, SC_NOT_ACCEPTABLE, SC_NOT_FOUND, SC_NOT_IMPLEMENTED, SC_NOT_MODIFIED, SC_OK, SC_PARTIAL_CONTENT, SC_PAYMENT_REQUIRED, SC_PRECONDITION_FAILED, SC_PROXY_AUTHENTICATION_REQUIRED, SC_REQUEST_ENTITY_TOO_LARGE, SC_REQUEST_TIMEOUT, SC_REQUEST_URI_TOO_LONG, SC_REQUESTED_RANGE_NOT_SATISFIABLE, SC_RESET_CONTENT, SC_SEE_OTHER, SC_SERVICE_UNAVAILABLE, SC_SWITCHING_PROTOCOLS, SC_TEMPORARY_REDIRECT, SC_UNAUTHORIZED, SC_UNSUPPORTED_MEDIA_TYPE, SC_USE_PROXY
  • Constructor Summary

    Constructors
    Constructor Description
    SameSiteResponseProxy​(javax.servlet.http.HttpServletResponse resp)
    Constructor.
  • Method Summary

    Modifier and Type Method Description
    private void appendSameSite()
    Add the SameSite attribute to those cookies configured in the sameSiteCookies map iff they do not already contain the same-site flag.
    private void appendSameSiteAttribute​(String cookieHeader, String sameSiteValue, boolean first)
    Append the SameSite cookie attribute with the specified samesite-value to the cookieHeader iff it does not already have one set.
    javax.servlet.ServletOutputStream getOutputStream()
    PrintWriter getWriter()
    void sendError​(int sc)
    void sendError​(int sc, String msg)
    void sendRedirect​(String location)

    Methods inherited from class javax.servlet.http.HttpServletResponseWrapper

    addCookie, addDateHeader, addHeader, addIntHeader, containsHeader, encodeRedirectUrl, encodeRedirectURL, encodeUrl, encodeURL, getHeader, getHeaderNames, getHeaders, getStatus, setDateHeader, setHeader, setIntHeader, setStatus, setStatus

    Methods inherited from class javax.servlet.ServletResponseWrapper

    flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, getResponse, isCommitted, isWrapperFor, isWrapperFor, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale, setResponse

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface javax.servlet.ServletResponse

    flushBuffer, getBufferSize, getCharacterEncoding, getContentType, getLocale, isCommitted, reset, resetBuffer, setBufferSize, setCharacterEncoding, setContentLength, setContentLengthLong, setContentType, setLocale
  • Field Details

    • response

      @Nonnull private final javax.servlet.http.HttpServletResponse response
      The response.
  • Constructor Details

    • SameSiteResponseProxy

      public SameSiteResponseProxy​(@Nonnull javax.servlet.http.HttpServletResponse resp)
      Constructor.
      Parameters:
      resp - the response to delegate to
  • Method Details

    • sendError

      public void sendError​(int sc) throws IOException
      Specified by:
      sendError in interface javax.servlet.http.HttpServletResponse
      Overrides:
      sendError in class javax.servlet.http.HttpServletResponseWrapper
      Throws:
      IOException
    • getWriter

      public PrintWriter getWriter() throws IOException
      Specified by:
      getWriter in interface javax.servlet.ServletResponse
      Overrides:
      getWriter in class javax.servlet.ServletResponseWrapper
      Throws:
      IOException
    • sendError

      public void sendError​(int sc, String msg) throws IOException
      Specified by:
      sendError in interface javax.servlet.http.HttpServletResponse
      Overrides:
      sendError in class javax.servlet.http.HttpServletResponseWrapper
      Throws:
      IOException
    • sendRedirect

      public void sendRedirect​(String location) throws IOException
      Specified by:
      sendRedirect in interface javax.servlet.http.HttpServletResponse
      Overrides:
      sendRedirect in class javax.servlet.http.HttpServletResponseWrapper
      Throws:
      IOException
    • getOutputStream

      public javax.servlet.ServletOutputStream getOutputStream() throws IOException
      Specified by:
      getOutputStream in interface javax.servlet.ServletResponse
      Overrides:
      getOutputStream in class javax.servlet.ServletResponseWrapper
      Throws:
      IOException
    • appendSameSite

      private void appendSameSite()
      Add the SameSite attribute to those cookies configured in the sameSiteCookies map iff they do not already contain the same-site flag. All other cookies are copied over to the response without modification.
    • appendSameSiteAttribute

      private void appendSameSiteAttribute​(@Nonnull @NotEmpty String cookieHeader, @Nonnull @NotEmpty String sameSiteValue, @Nonnull boolean first)
      Append the SameSite cookie attribute with the specified samesite-value to the cookieHeader iff it does not already have one set.
      Parameters:
      cookieHeader - the cookie header value
      sameSiteValue - the SameSite attribute value e.g. None, Lax, or Strict
      first - true iff this is the first Set-Cookie header