001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.wicket.util.cookies; 018 019import org.apache.wicket.util.io.IClusterable; 020 021/** 022 * This class provides default values that are used by {@link org.apache.wicket.util.cookies.CookieUtils} 023 * class when it creates cookies. 024 * 025 * @author Juergen Donnerstag 026 */ 027public class CookieDefaults implements IClusterable 028{ 029 private static final long serialVersionUID = 1L; 030 031 public enum SameSite 032 { 033 /** 034 * Cookies will be sent in all contexts, i.e. in responses to both 035 * first-party and cross-site requests. If SameSite=None is set, 036 * the cookie Secure attribute must also be set (or the cookie will be blocked). 037 */ 038 None, 039 040 /** 041 * Cookies will only be sent in a first-party context and not be sent 042 * along with requests initiated by third party websites. 043 */ 044 Strict, 045 046 /** 047 * Cookies are not sent on normal cross-site subrequests (for example to load 048 * images or frames into a third party site), but are sent when a user is 049 * navigating to the origin site (i.e., when following a link). 050 */ 051 Lax 052 } 053 054 /** Max age that the component will be persisted in seconds. */ 055 private int maxAge = 3600 * 24 * 30; // 30 days 056 057 /** Cookie comment. */ 058 private String comment; 059 060 /** Cookie domain. */ 061 private String domain; 062 063 /** Whether the cookie is secure. */ 064 private boolean secure; 065 066 /** Cookie version. */ 067 private int version; 068 069 private boolean httpOnly; 070 071 private SameSite sameSite = SameSite.Lax; 072 073 /** 074 * Gets the max age. After 075 * 076 * @return the max age 077 */ 078 public int getMaxAge() 079 { 080 return maxAge; 081 } 082 083 /** 084 * Sets the maximum age of the cookie in seconds. 085 * 086 * @param maxAge 087 * the max age in seconds. 088 */ 089 public void setMaxAge(int maxAge) 090 { 091 this.maxAge = maxAge; 092 } 093 094 /** 095 * Gets the cookie comment. 096 * 097 * @return the cookie comment 098 */ 099 public String getComment() 100 { 101 return comment; 102 } 103 104 /** 105 * Sets the cookie comment. 106 * 107 * @param comment 108 * the cookie comment 109 */ 110 public void setComment(String comment) 111 { 112 this.comment = comment; 113 } 114 115 /** 116 * Gets the cookie domain name. 117 * 118 * @return the cookie domain name 119 */ 120 public String getDomain() 121 { 122 return domain; 123 } 124 125 /** 126 * Sets the cookie domain name. 127 * 128 * @param domain 129 * the cookie domain name 130 */ 131 public void setDomain(String domain) 132 { 133 this.domain = domain; 134 } 135 136 /** 137 * Returns true if the browser is sending cookies only over a secure protocol, or false if the 138 * browser can send cookies using any protocol. 139 * 140 * @return whether this cookie is secure 141 */ 142 public boolean getSecure() 143 { 144 return secure; 145 } 146 147 /** 148 * Indicates to the browser whether the cookie should only be sent using a secure protocol, such 149 * as HTTPS or SSL. 150 * 151 * @param secure 152 * if true, sends the cookie from the browser to the server using only when using a 153 * secure protocol; if false, sent on any protocol 154 */ 155 public void setSecure(boolean secure) 156 { 157 this.secure = secure; 158 } 159 160 /** 161 * Returns the version of the protocol this cookie complies with. Version 1 complies with RFC 162 * 2109, and version 0 complies with the original cookie specification drafted by Netscape. 163 * Cookies provided by a browser use and identify the browser's cookie version. 164 * 165 * @return 0 if the cookie complies with the original Netscape specification; 1 if the cookie 166 * complies with RFC 2109 167 */ 168 @Deprecated( 169 since = "Servlet 6.0 / Wicket 10", 170 forRemoval = true 171 ) 172 public int getVersion() 173 { 174 return version; 175 } 176 177 /** 178 * Sets the version of the cookie protocol this cookie complies with. Version 0 complies with 179 * the original Netscape cookie specification. Version 1 complies with RFC 2109. <br/> 180 * Since RFC 2109 is still somewhat new, consider version 1 as experimental; do not use it yet 181 * on production sites. 182 * 183 * @param version 184 * 0 if the cookie should comply with the original Netscape specification; 1 if the 185 * cookie should comply with RFC 2109 186 */ 187 @Deprecated( 188 since = "Servlet 6.0 / Wicket 10", 189 forRemoval = true 190 ) 191 public void setVersion(int version) 192 { 193 this.version = version; 194 } 195 196 /** 197 * Checks whether this Cookie has been marked as <i>HttpOnly</i>. 198 * 199 * @return true if this Cookie has been marked as <i>HttpOnly</i>, false otherwise 200 */ 201 public boolean isHttpOnly() 202 { 203 return httpOnly; 204 } 205 206 /** 207 * Marks or unmarks this Cookie as <i>HttpOnly</i>. 208 * 209 * <p><i>HttpOnly</i> cookies are not supposed to be exposed to 210 * client-side scripting code, and may therefore help mitigate certain 211 * kinds of cross-site scripting attacks. 212 * 213 * @param httpOnly true if this cookie is to be marked as <i>HttpOnly</i>, false otherwise 214 */ 215 public void setHttpOnly(boolean httpOnly) 216 { 217 this.httpOnly = httpOnly; 218 } 219 220 /** 221 * Sets the SameSite attribute of the cookie. 222 * 223 * @param sameSite the SameSite attribute of the cookie 224 */ 225 public void setSameSite(SameSite sameSite) 226 { 227 this.sameSite = sameSite; 228 } 229 230 /** 231 * Gets the SameSite attribute of the cookie. 232 * 233 * @return the SameSite attribute of the cookie 234 */ 235 public SameSite getSameSite() 236 { 237 return sameSite != null ? sameSite : SameSite.Lax; 238 } 239}