Class PublicSuffixFilter

  • All Implemented Interfaces:
    CookieAttributeHandler

    @Deprecated
    public class PublicSuffixFilter
    extends java.lang.Object
    implements CookieAttributeHandler
    Deprecated.
    Wraps a CookieAttributeHandler and leverages its match method to never match a suffix from a black list. May be used to provide additional security for cross-site attack types by preventing cookies from apparent domains that are not publicly available. An uptodate list of suffixes can be obtained from publicsuffix.org
    Since:
    4.0
    • Field Detail

      • exceptions

        private java.util.Collection<java.lang.String> exceptions
        Deprecated.
      • suffixes

        private java.util.Collection<java.lang.String> suffixes
        Deprecated.
    • Method Detail

      • setPublicSuffixes

        public void setPublicSuffixes​(java.util.Collection<java.lang.String> suffixes)
        Deprecated.
        Sets the suffix blacklist patterns. A pattern can be "com", "*.jp" TODO add support for patterns like "lib.*.us"
        Parameters:
        suffixes -
      • setExceptions

        public void setExceptions​(java.util.Collection<java.lang.String> exceptions)
        Deprecated.
        Sets the exceptions from the blacklist. Exceptions can not be patterns. TODO add support for patterns
        Parameters:
        exceptions -
      • match

        public boolean match​(Cookie cookie,
                             CookieOrigin origin)
        Deprecated.
        Never matches if the cookie's domain is from the blacklist.
        Specified by:
        match in interface CookieAttributeHandler
        Parameters:
        cookie - Cookie to match
        origin - the cookie source to match against
        Returns:
        true if the match is successful; false otherwise
      • isForPublicSuffix

        private boolean isForPublicSuffix​(Cookie cookie)
        Deprecated.