Class SameSiteCookies


  • public class SameSiteCookies
    extends Object
    Defines the behavior of shared cookies for which a SameSite policy may be applied.

    When the SameSite setting is enabled in the security configuration, the SameSiteCookiesFilter class will create, in the HTTP response, a dedicated Set-Cookie header with a SameSite=None attribute for each shared cookie and each path of delegated UIs and previews of the product.

    Products are recommended to register at initialization time:

    Since:
    2.0.0
    See Also:
    SameSiteCookiesFilter
    • Method Detail

      • setPaths

        public static void setPaths​(String... paths)
        Registers the paths of delegated UIs and previews of the product (e.g. /servlet/oslc-connect/my-preview).

        Products are recommended to register at initialization time those paths.

        Parameters:
        paths - the paths of delegated UIs and previews of the product
        See Also:
        SameSiteCookiesFilter
      • setDefaultNames

        public static void setDefaultNames​(String... cookies)
                                    throws SettingStoreException
        Registers the given cookie names as default shared cookies (e.g JSESSIONID).

        Products are recommended to register at initialization time the default session cookies as shared cookies. The session cookie is usually JSESSIONID, but this may vary depending on the web container or integration.

        It is worth noting that this method is only for initializing the list of default shared cookies. It doesn't alter the actual list of shared cookies if they were configured by the server administrator.

        Parameters:
        cookies - the cookie names to set as default in the Shared Cookies setting.
        Throws:
        SettingStoreException - if an error occurs while querying or updating the setting store.