org.apache.nifi.web.security.cookie

Class StandardApplicationCookieService

java.lang.Object

org.apache.nifi.web.security.cookie.StandardApplicationCookieService

All Implemented Interfaces:

ApplicationCookieService

Direct Known Subclasses:

StandardCookieCsrfTokenRepository.CsrfApplicationCookieService

public class StandardApplicationCookieService
extends Object
implements ApplicationCookieService

Standard implementation of Application Cookie Service using Spring Framework utilities

Field Summary

Fields

Modifier and Type	Field and Description
private static String	DEFAULT_PATH
private static boolean	HTTP_ONLY_ENABLED
private static org.slf4j.Logger	logger
private static Duration	MAX_AGE_REMOVE
private static Duration	MAX_AGE_SESSION
private static Duration	MAX_AGE_STANDARD
private static boolean	SECURE_ENABLED

Constructor Summary

Constructors

Constructor and Description
StandardApplicationCookieService()

Method Summary

Modifier and Type	Method and Description
void	addCookie(URI resourceUri, javax.servlet.http.HttpServletResponse response, ApplicationCookieName applicationCookieName, String value) Generate cookie with specified value
void	addSessionCookie(URI resourceUri, javax.servlet.http.HttpServletResponse response, ApplicationCookieName applicationCookieName, String value) Generate cookie with session-based expiration and specified value as well as SameSite Strict property
protected org.springframework.http.ResponseCookie.ResponseCookieBuilder	getCookieBuilder(URI resourceUri, ApplicationCookieName applicationCookieName, String value, Duration maxAge) Get Response Cookie Builder with standard properties
private String	getCookiePath(URI resourceUri)
Optional<String>	getCookieValue(javax.servlet.http.HttpServletRequest request, ApplicationCookieName applicationCookieName) Get cookie value using specified name
void	removeCookie(URI resourceUri, javax.servlet.http.HttpServletResponse response, ApplicationCookieName applicationCookieName) Generate cookie with an empty value instructing the client to remove the cookie with a maximum age of 60 seconds
private void	setResponseCookie(javax.servlet.http.HttpServletResponse response, org.springframework.http.ResponseCookie responseCookie)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

MAX_AGE_SESSION

private static final Duration MAX_AGE_SESSION

MAX_AGE_REMOVE

private static final Duration MAX_AGE_REMOVE

MAX_AGE_STANDARD

private static final Duration MAX_AGE_STANDARD

DEFAULT_PATH

private static final String DEFAULT_PATH

See Also:

Constant Field Values

SECURE_ENABLED

private static final boolean SECURE_ENABLED

See Also:

Constant Field Values

HTTP_ONLY_ENABLED

private static final boolean HTTP_ONLY_ENABLED

See Also:

Constant Field Values

logger

private static final org.slf4j.Logger logger

Constructor Detail

StandardApplicationCookieService

public StandardApplicationCookieService()

Method Detail

addCookie

public void addCookie(URI resourceUri,
                      javax.servlet.http.HttpServletResponse response,
                      ApplicationCookieName applicationCookieName,
                      String value)

Generate cookie with specified value

Specified by:

addCookie in interface ApplicationCookieService

Parameters:

resourceUri - Resource URI containing path and domain

response - HTTP Servlet Response

applicationCookieName - Application Cookie Name to be added

value - Cookie value to be added

addSessionCookie

public void addSessionCookie(URI resourceUri,
                             javax.servlet.http.HttpServletResponse response,
                             ApplicationCookieName applicationCookieName,
                             String value)

Generate cookie with session-based expiration and specified value as well as SameSite Strict property

Specified by:

addSessionCookie in interface ApplicationCookieService

Parameters:

resourceUri - Resource URI containing path and domain

response - HTTP Servlet Response

applicationCookieName - Application Cookie Name

value - Cookie value to be added

getCookieValue

public Optional<String> getCookieValue(javax.servlet.http.HttpServletRequest request,
                                       ApplicationCookieName applicationCookieName)

Get cookie value using specified name

Specified by:

getCookieValue in interface ApplicationCookieService

Parameters:

request - HTTP Servlet Response

applicationCookieName - Application Cookie Name to be retrieved

Returns:

Optional Cookie Value

removeCookie

public void removeCookie(URI resourceUri,
                         javax.servlet.http.HttpServletResponse response,
                         ApplicationCookieName applicationCookieName)

Generate cookie with an empty value instructing the client to remove the cookie with a maximum age of 60 seconds

Specified by:

removeCookie in interface ApplicationCookieService

Parameters:

resourceUri - Resource URI containing path and domain

response - HTTP Servlet Response

applicationCookieName - Application Cookie Name to be removed

getCookieBuilder

protected org.springframework.http.ResponseCookie.ResponseCookieBuilder getCookieBuilder(URI resourceUri,
                                                                                         ApplicationCookieName applicationCookieName,
                                                                                         String value,
                                                                                         Duration maxAge)

Get Response Cookie Builder with standard properties

Parameters:

resourceUri - Resource URI containing path and domain

applicationCookieName - Application Cookie Name to be used

value - Cookie value

maxAge - Max Age

Returns:

Response Cookie Builder

setResponseCookie

private void setResponseCookie(javax.servlet.http.HttpServletResponse response,
                               org.springframework.http.ResponseCookie responseCookie)

getCookiePath

private String getCookiePath(URI resourceUri)