001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.wicket.util.cookies; 018 019import org.apache.wicket.util.io.IClusterable; 020 021/** 022 * This class provides default values that are used by {@link org.apache.wicket.util.cookies.CookieUtils} 023 * class when it creates cookies. 024 * 025 * @author Juergen Donnerstag 026 */ 027public class CookieDefaults implements IClusterable 028{ 029 private static final long serialVersionUID = 1L; 030 031 public enum SameSite 032 { 033 /** 034 * Cookies will be sent in all contexts, i.e. in responses to both 035 * first-party and cross-site requests. If SameSite=None is set, 036 * the cookie Secure attribute must also be set (or the cookie will be blocked). 037 */ 038 None, 039 040 /** 041 * Cookies will only be sent in a first-party context and not be sent 042 * along with requests initiated by third party websites. 043 */ 044 Strict, 045 046 /** 047 * Cookies are not sent on normal cross-site subrequests (for example to load 048 * images or frames into a third party site), but are sent when a user is 049 * navigating to the origin site (i.e., when following a link). 050 */ 051 Lax 052 } 053 054 /** Max age that the component will be persisted in seconds. */ 055 private int maxAge = 3600 * 24 * 30; // 30 days 056 057 /** Cookie comment. */ 058 private String comment; 059 060 /** Cookie domain. */ 061 private String domain; 062 063 /** Whether the cookie is secure. */ 064 private boolean secure; 065 066 /** Cookie version. */ 067 private int version; 068 069 private boolean httpOnly; 070 071 /** 072 * Gets the max age. After 073 * 074 * @return the max age 075 */ 076 public int getMaxAge() 077 { 078 return maxAge; 079 } 080 081 /** 082 * Sets the maximum age of the cookie in seconds. 083 * 084 * @param maxAge 085 * the max age in seconds. 086 */ 087 public void setMaxAge(int maxAge) 088 { 089 this.maxAge = maxAge; 090 } 091 092 /** 093 * Gets the cookie comment. 094 * 095 * @return the cookie comment 096 */ 097 public String getComment() 098 { 099 return comment; 100 } 101 102 /** 103 * Sets the cookie comment. 104 * 105 * @param comment 106 * the cookie comment 107 */ 108 public void setComment(String comment) 109 { 110 this.comment = comment; 111 } 112 113 /** 114 * Gets the cookie domain name. 115 * 116 * @return the cookie domain name 117 */ 118 public String getDomain() 119 { 120 return domain; 121 } 122 123 /** 124 * Sets the cookie domain name. 125 * 126 * @param domain 127 * the cookie domain name 128 */ 129 public void setDomain(String domain) 130 { 131 this.domain = domain; 132 } 133 134 /** 135 * Returns true if the browser is sending cookies only over a secure protocol, or false if the 136 * browser can send cookies using any protocol. 137 * 138 * @return whether this cookie is secure 139 */ 140 public boolean getSecure() 141 { 142 return secure; 143 } 144 145 /** 146 * Indicates to the browser whether the cookie should only be sent using a secure protocol, such 147 * as HTTPS or SSL. 148 * 149 * @param secure 150 * if true, sends the cookie from the browser to the server using only when using a 151 * secure protocol; if false, sent on any protocol 152 */ 153 public void setSecure(boolean secure) 154 { 155 this.secure = secure; 156 } 157 158 /** 159 * Returns the version of the protocol this cookie complies with. Version 1 complies with RFC 160 * 2109, and version 0 complies with the original cookie specification drafted by Netscape. 161 * Cookies provided by a browser use and identify the browser's cookie version. 162 * 163 * @return 0 if the cookie complies with the original Netscape specification; 1 if the cookie 164 * complies with RFC 2109 165 */ 166 public int getVersion() 167 { 168 return version; 169 } 170 171 /** 172 * Sets the version of the cookie protocol this cookie complies with. Version 0 complies with 173 * the original Netscape cookie specification. Version 1 complies with RFC 2109. <br/> 174 * Since RFC 2109 is still somewhat new, consider version 1 as experimental; do not use it yet 175 * on production sites. 176 * 177 * @param version 178 * 0 if the cookie should comply with the original Netscape specification; 1 if the 179 * cookie should comply with RFC 2109 180 */ 181 public void setVersion(int version) 182 { 183 this.version = version; 184 } 185 186 /** 187 * Checks whether this Cookie has been marked as <i>HttpOnly</i>. 188 * 189 * @return true if this Cookie has been marked as <i>HttpOnly</i>, false otherwise 190 */ 191 public boolean isHttpOnly() 192 { 193 return httpOnly; 194 } 195 196 /** 197 * Marks or unmarks this Cookie as <i>HttpOnly</i>. 198 * 199 * <p><i>HttpOnly</i> cookies are not supposed to be exposed to 200 * client-side scripting code, and may therefore help mitigate certain 201 * kinds of cross-site scripting attacks. 202 * 203 * @param httpOnly true if this cookie is to be marked as <i>HttpOnly</i>, false otherwise 204 */ 205 public void setHttpOnly(boolean httpOnly) 206 { 207 this.httpOnly = httpOnly; 208 } 209}