001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.wicket.util.cookies;
018
019import org.apache.wicket.util.io.IClusterable;
020
021/**
022 * This class provides default values that are used by {@link org.apache.wicket.util.cookies.CookieUtils}
023 * class when it creates cookies.
024 * 
025 * @author Juergen Donnerstag
026 */
027public class CookieDefaults implements IClusterable
028{
029        private static final long serialVersionUID = 1L;
030
031        public enum SameSite
032        {
033                /**
034                 * Cookies will be sent in all contexts, i.e. in responses to both
035                 * first-party and cross-site requests. If SameSite=None is set,
036                 * the cookie Secure attribute must also be set (or the cookie will be blocked).
037                 */
038                None,
039
040                /**
041                 * Cookies will only be sent in a first-party context and not be sent
042                 * along with requests initiated by third party websites.
043                 */
044                Strict,
045
046                /**
047                 * Cookies are not sent on normal cross-site subrequests (for example to load
048                 * images or frames into a third party site), but are sent when a user is
049                 * navigating to the origin site (i.e., when following a link).
050                 */
051                Lax
052        }
053
054        /** Max age that the component will be persisted in seconds. */
055        private int maxAge = 3600 * 24 * 30; // 30 days
056
057        /** Cookie comment. */
058        private String comment;
059
060        /** Cookie domain. */
061        private String domain;
062
063        /** Whether the cookie is secure. */
064        private boolean secure;
065
066        /** Cookie version. */
067        private int version;
068
069        private boolean httpOnly;
070
071        private SameSite sameSite = SameSite.Lax;
072
073        /**
074         * Gets the max age. After
075         * 
076         * @return the max age
077         */
078        public int getMaxAge()
079        {
080                return maxAge;
081        }
082
083        /**
084         * Sets the maximum age of the cookie in seconds.
085         * 
086         * @param maxAge
087         *            the max age in seconds.
088         */
089        public void setMaxAge(int maxAge)
090        {
091                this.maxAge = maxAge;
092        }
093
094        /**
095         * Gets the cookie comment.
096         * 
097         * @return the cookie comment
098         */
099        public String getComment()
100        {
101                return comment;
102        }
103
104        /**
105         * Sets the cookie comment.
106         * 
107         * @param comment
108         *            the cookie comment
109         */
110        public void setComment(String comment)
111        {
112                this.comment = comment;
113        }
114
115        /**
116         * Gets the cookie domain name.
117         * 
118         * @return the cookie domain name
119         */
120        public String getDomain()
121        {
122                return domain;
123        }
124
125        /**
126         * Sets the cookie domain name.
127         * 
128         * @param domain
129         *            the cookie domain name
130         */
131        public void setDomain(String domain)
132        {
133                this.domain = domain;
134        }
135
136        /**
137         * Returns true if the browser is sending cookies only over a secure protocol, or false if the
138         * browser can send cookies using any protocol.
139         * 
140         * @return whether this cookie is secure
141         */
142        public boolean getSecure()
143        {
144                return secure;
145        }
146
147        /**
148         * Indicates to the browser whether the cookie should only be sent using a secure protocol, such
149         * as HTTPS or SSL.
150         * 
151         * @param secure
152         *            if true, sends the cookie from the browser to the server using only when using a
153         *            secure protocol; if false, sent on any protocol
154         */
155        public void setSecure(boolean secure)
156        {
157                this.secure = secure;
158        }
159
160        /**
161         * Returns the version of the protocol this cookie complies with. Version 1 complies with RFC
162         * 2109, and version 0 complies with the original cookie specification drafted by Netscape.
163         * Cookies provided by a browser use and identify the browser's cookie version.
164         * 
165         * @return 0 if the cookie complies with the original Netscape specification; 1 if the cookie
166         *         complies with RFC 2109
167         */
168        @Deprecated(
169                since = "Servlet 6.0 / Wicket 10",
170                forRemoval = true
171        )
172        public int getVersion()
173        {
174                return version;
175        }
176
177        /**
178         * Sets the version of the cookie protocol this cookie complies with. Version 0 complies with
179         * the original Netscape cookie specification. Version 1 complies with RFC 2109. <br/>
180         * Since RFC 2109 is still somewhat new, consider version 1 as experimental; do not use it yet
181         * on production sites.
182         * 
183         * @param version
184         *            0 if the cookie should comply with the original Netscape specification; 1 if the
185         *            cookie should comply with RFC 2109
186         */
187        @Deprecated(
188                since = "Servlet 6.0 / Wicket 10",
189                forRemoval = true
190        )
191        public void setVersion(int version)
192        {
193                this.version = version;
194        }
195
196        /**
197         * Checks whether this Cookie has been marked as <i>HttpOnly</i>.
198         *
199         * @return true if this Cookie has been marked as <i>HttpOnly</i>, false otherwise
200         */
201        public boolean isHttpOnly()
202        {
203                return httpOnly;
204        }
205
206        /**
207         * Marks or unmarks this Cookie as <i>HttpOnly</i>.
208         *
209         * <p><i>HttpOnly</i> cookies are not supposed to be exposed to
210         * client-side scripting code, and may therefore help mitigate certain
211         * kinds of cross-site scripting attacks.
212         *
213         * @param httpOnly true if this cookie is to be marked as <i>HttpOnly</i>, false otherwise
214         */
215        public void setHttpOnly(boolean httpOnly)
216        {
217                this.httpOnly = httpOnly;
218        }
219
220        /**
221         * Sets the SameSite attribute of the cookie.
222         *
223         * @param sameSite the SameSite attribute of the cookie
224         */
225        public void setSameSite(SameSite sameSite)
226        {
227                this.sameSite = sameSite;
228        }
229
230        /**
231         * Gets the SameSite attribute of the cookie.
232         *
233         * @return the SameSite attribute of the cookie
234         */
235        public SameSite getSameSite()
236        {
237                return sameSite != null ? sameSite : SameSite.Lax;
238        }
239}