Package com.microstrategy.web.filter

Class CookieProcessorFilter

  • All Implemented Interfaces:
    javax.servlet.Filter
    public class CookieProcessorFilter
extends java.lang.Object
implements javax.servlet.Filter
    Centralized configuration of cookie attributes (i.e. HttpOnly, Secure, SameSite). Note that SameSite attribute is currently limited to application cookies only - we cannot currently configure SameSite for the JSESSIONID cookie because it is not currently supported by the Servlet API. To enable this filter, add (if not already) the following <filter> declaration to WEB-INF/web.xml: 
    
 <web-app ...>
  ...
  <filter>
    <filter-name>cookieProcessorFilter</filter-name>
    <filter-class>com.microstrategy.web.filter.CookieProcessorFilter</filter-class>
    
    <!-- Global settings -->
    <init-param>
      <param-name>sameSite</param-name>
      <!-- UNSET, STRICT, LAX, NONE -->
      <param-value>UNSET</param-value>
    </init-param>
    <init-param>
      <param-name>httpOnly</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>secure</param-name>
      <param-value>false</param-value>
    </init-param>

    <!-- Specific cookie settings - can override any of the global settings for specific cookies -->
    <init-param>
      <param-name>bSet.httpOnly</param-name>
      <param-value>false</param-value>
    </init-param>
    
  </filter>
  <filter-mapping>
  <filter-name>cookieProcessorFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

    • Constructor Detail

      • CookieProcessorFilter

        public CookieProcessorFilter()

    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig config)
          throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws java.io.IOException,
                     javax.servlet.ServletException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        java.io.IOException
        javax.servlet.ServletException

      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter

      • setCookieAttribute

        public static void setCookieAttribute​(java.lang.String cookieName,
                                      java.lang.String cookieAttribute,
                                      java.lang.String value)
        Configure cookie attributes. Setting value to Null or empty String will clear the setting.
        Parameters:
        cookieName - name of the cookie. Null or empty String designates all cookies.
        cookieAttribute - Options: sameSite, httpOnly, secure
        value - httpOnly, secure options: true, false; sameSite options: UNSET, STRICT, LAX, NONE

      • resolve

        public static void resolve​(java.lang.String cookieName,
                           CookieProcessorFilter.CookieHandler handler)
        Resolves desired cookie attribute values from global and cookie specific configuration settings.
        Parameters:
        cookieName - Cookie to resolve. If null, then global settings are returned.
        handler - Callback handler to assist with setting cookie attribute values.

      • getInfo

        public static java.lang.String getInfo()