Package com.microstrategy.web.filter
Class CookieProcessorFilter
- java.lang.Object
-
- com.microstrategy.web.filter.CookieProcessorFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
public class CookieProcessorFilter extends java.lang.Object implements javax.servlet.Filter
Centralized configuration of cookie attributes (i.e. HttpOnly, Secure, SameSite). Note that SameSite attribute is currently limited to application cookies only - we cannot currently configure SameSite for the JSESSIONID cookie because it is not currently supported by the Servlet API. To enable this filter, add (if not already) the following<filter>
declaration toWEB-INF/web.xml
:<web-app ...> ... <filter> <filter-name>cookieProcessorFilter</filter-name> <filter-class>com.microstrategy.web.filter.CookieProcessorFilter</filter-class> <!-- Global settings --> <init-param> <param-name>sameSite</param-name> <!-- UNSET, STRICT, LAX, NONE --> <param-value>UNSET</param-value> </init-param> <init-param> <param-name>httpOnly</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>secure</param-name> <param-value>false</param-value> </init-param> <!-- Specific cookie settings - can override any of the global settings for specific cookies --> <init-param> <param-name>bSet.httpOnly</param-name> <param-value>false</param-value> </init-param> </filter> <filter-mapping> <filter-name>cookieProcessorFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
CookieProcessorFilter.CookieAttributes
This class is needed because existing JEE Servlet API do not currently support the SameSite attribute.static interface
CookieProcessorFilter.CookieHandler
Used in conjunction withresolve(String, CookieHandler)
method to take action on the resolved cookie attributes.static class
CookieProcessorFilter.CookieResponseWrapper
Intercepts invocations toHttpServletResponse
, particularlyHttpServletResponse.addCookie(Cookie)
.static class
CookieProcessorFilter.SameSite
static class
CookieProcessorFilter.ServletEventListenerForSessionCookieConfig
-
Constructor Summary
Constructors Constructor Description CookieProcessorFilter()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
destroy()
void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
static java.lang.String
getInfo()
void
init(javax.servlet.FilterConfig config)
static void
resolve(java.lang.String cookieName, CookieProcessorFilter.CookieHandler handler)
Resolves desired cookie attribute values from global and cookie specific configuration settings.static void
setCookieAttribute(java.lang.String cookieName, java.lang.String cookieAttribute, java.lang.String value)
Configure cookie attributes.
-
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig config) throws javax.servlet.ServletException
- Specified by:
init
in interfacejavax.servlet.Filter
- Throws:
javax.servlet.ServletException
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
java.io.IOException
javax.servlet.ServletException
-
destroy
public void destroy()
- Specified by:
destroy
in interfacejavax.servlet.Filter
-
setCookieAttribute
public static void setCookieAttribute(java.lang.String cookieName, java.lang.String cookieAttribute, java.lang.String value)
Configure cookie attributes. Setting value to Null or empty String will clear the setting.- Parameters:
cookieName
- name of the cookie. Null or empty String designates all cookies.cookieAttribute
- Options: sameSite, httpOnly, securevalue
- httpOnly, secure options: true, false; sameSite options: UNSET, STRICT, LAX, NONE
-
resolve
public static void resolve(java.lang.String cookieName, CookieProcessorFilter.CookieHandler handler)
Resolves desired cookie attribute values from global and cookie specific configuration settings.- Parameters:
cookieName
- Cookie to resolve. If null, then global settings are returned.handler
- Callback handler to assist with setting cookie attribute values.
-
getInfo
public static java.lang.String getInfo()
-
-