Class SameSiteCookiesFilter
- java.lang.Object
-
- com.sodius.oslc.server.services.HttpFilter
-
- com.sodius.oslc.server.security.services.SameSiteCookiesFilter
-
- All Implemented Interfaces:
Filter
public class SameSiteCookiesFilter extends HttpFilter
Sets in the HTTP response someSet-Cookie
headers with aSameSite=None
attribute for each shared cookie and each path of delegated UIs and previews of the product.This filter aims at filtering only the paths on which a login form is involved, where a session cookie (or more generally a shared cookie) is created. The application administrator has the capability to extend the scope of the filter through a dedicated setting, so that all paths of the application are filtered. This is notably useful if a given customer is using a custom login page (with a dedicated path), which cannot be natively declared by the filter.
Here are the steps to correctly use this filter:
- Register the filter for all URLs of the application, using
<url-pattern>
. - Declare the paths for the login pages of the application, using
<init-param>
with"loginPaths"
as parameter name and a comma-separated value. - At application initialization phase, configure the default Shared Cookies and delegated UI paths with the
SameSiteCookies
class.
Here is an extract of filter declaration:
<url-pattern>/*</url-pattern> <init-param> <param-name>loginPaths</param-name> <param-value>/path1/login.jsp,/path2/other-login</param-value> </init-param>
- Since:
- 2.0.0
- See Also:
SameSiteCookies
-
-
Constructor Summary
Constructors Constructor Description SameSiteCookiesFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
Processes this filter and either executes or blocks the chain.void
init(FilterConfig filterConfig)
This implementation does nothing.-
Methods inherited from class com.sodius.oslc.server.services.HttpFilter
destroy, doFilter, handleOslcError
-
-
-
-
Method Detail
-
init
public void init(FilterConfig filterConfig) throws ServletException
Description copied from class:HttpFilter
This implementation does nothing. Subclasses may override.- Specified by:
init
in interfaceFilter
- Overrides:
init
in classHttpFilter
- Parameters:
filterConfig
- the configuration of the filter.- Throws:
ServletException
- not thrown by this implementation.
-
doFilter
protected void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException
Description copied from class:HttpFilter
Processes this filter and either executes or blocks the chain.Subclasses may throw a
OslcWebApplicationException
to report anOslcError
. This filter will automatically serialize such error in the HTTP response.- Specified by:
doFilter
in classHttpFilter
- Parameters:
request
- the request.response
- the response.chain
- the filter chain to process.- Throws:
IOException
- if an I/O error occurs.ServletException
- if the filter execution fails.
-
-