Package com.microstrategy.web.filter

Class CookieProcessorFilter

java.lang.Object

com.microstrategy.web.filter.CookieProcessorFilter

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

WebCookieProcessorFilter

public class CookieProcessorFilter
extends java.lang.Object
implements javax.servlet.Filter

Centralized configuration of cookie attributes (i.e. HttpOnly, Secure, SameSite). Note that SameSite attribute is currently limited to application cookies only - we cannot currently configure SameSite for the JSESSIONID cookie because it is not currently supported by the Servlet API. To enable this filter, add (if not already) the following <filter> declaration to WEB-INF/web.xml:

 <web-app ...>
  ...
  <filter>
    <filter-name>cookieProcessorFilter</filter-name>
    <filter-class>com.microstrategy.web.filter.CookieProcessorFilter</filter-class>
    
    <!-- Global settings -->
    <init-param>
      <param-name>sameSite</param-name>
      <!-- UNSET, STRICT, LAX, NONE -->
      <param-value>UNSET</param-value>
    </init-param>
    <init-param>
      <param-name>httpOnly</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>secure</param-name>
      <param-value>false</param-value>
    </init-param>

    <!-- Specific cookie settings - can override any of the global settings for specific cookies -->
    <init-param>
      <param-name>bSet.httpOnly</param-name>
      <param-value>false</param-value>
    </init-param>
    
  </filter>
  <filter-mapping>
  <filter-name>cookieProcessorFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
 

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	CookieProcessorFilter.CookieAttributes	This class is needed because existing JEE Servlet API do not currently support the SameSite attribute.
static interface	CookieProcessorFilter.CookieHandler	Used in conjunction with resolve(String, CookieHandler) method to take action on the resolved cookie attributes.
static class	CookieProcessorFilter.CookieResponseWrapper	Intercepts invocations to HttpServletResponse, particularly HttpServletResponse.addCookie(Cookie).
static class	CookieProcessorFilter.SameSite
static class	CookieProcessorFilter.ServletEventListenerForSessionCookieConfig

Field Summary

Fields

Modifier and Type	Field	Description
protected static java.lang.String	HTTP_ONLY
protected static java.lang.String	SAME_SITE
protected static java.lang.String	SECURE

Constructor Summary

Constructors

Constructor	Description
CookieProcessorFilter()

Method Summary

Modifier and Type	Method	Description
static void	adjustSessionCookie(javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse resp)
void	destroy()
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
protected void	getCookieSettings(javax.servlet.FilterConfig config)
static java.lang.String	getInfo()
void	init(javax.servlet.FilterConfig config)
static CookieProcessorFilter.CookieAttributes	resolve(java.lang.String cookieName)
static void	resolve(java.lang.String cookieName, CookieProcessorFilter.CookieHandler handler)	Resolves desired cookie attribute values from global and cookie specific configuration settings.
static void	setCookieAttribute(java.lang.String cookieName, java.lang.String cookieAttribute, java.lang.String value)	Configure cookie attributes.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SAME_SITE

protected static final java.lang.String SAME_SITE

See Also:

Constant Field Values

SECURE

protected static final java.lang.String SECURE

See Also:

Constant Field Values

HTTP_ONLY

protected static final java.lang.String HTTP_ONLY

See Also:

Constant Field Values

Constructor Detail

CookieProcessorFilter

public CookieProcessorFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig config)
          throws javax.servlet.ServletException

Specified by:

init in interface javax.servlet.Filter

Throws:

javax.servlet.ServletException

getCookieSettings

protected void getCookieSettings(javax.servlet.FilterConfig config)

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

java.io.IOException

javax.servlet.ServletException

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter

setCookieAttribute

public static void setCookieAttribute(java.lang.String cookieName,
                                      java.lang.String cookieAttribute,
                                      java.lang.String value)

Configure cookie attributes. Setting value to Null or empty String will clear the setting.

Parameters:

cookieName - name of the cookie. Null or empty String designates all cookies.

cookieAttribute - Options: sameSite, httpOnly, secure

value - httpOnly, secure options: true, false; sameSite options: UNSET, STRICT, LAX, NONE

resolve

public static void resolve(java.lang.String cookieName,
                           CookieProcessorFilter.CookieHandler handler)

Resolves desired cookie attribute values from global and cookie specific configuration settings.

Parameters:

cookieName - Cookie to resolve. If null, then global settings are returned.

handler - Callback handler to assist with setting cookie attribute values.

resolve

public static CookieProcessorFilter.CookieAttributes resolve(java.lang.String cookieName)

adjustSessionCookie

public static void adjustSessionCookie(javax.servlet.http.HttpServletRequest req,
                                       javax.servlet.http.HttpServletResponse resp)

getInfo

public static java.lang.String getInfo()