001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.wicket.util.cookies;
018
019import org.apache.wicket.util.io.IClusterable;
020
021/**
022 * This class provides default values that are used by {@link org.apache.wicket.util.cookies.CookieUtils}
023 * class when it creates cookies.
024 * 
025 * @author Juergen Donnerstag
026 */
027public class CookieDefaults implements IClusterable
028{
029        private static final long serialVersionUID = 1L;
030
031        public enum SameSite
032        {
033                /**
034                 * Cookies will be sent in all contexts, i.e. in responses to both
035                 * first-party and cross-site requests. If SameSite=None is set,
036                 * the cookie Secure attribute must also be set (or the cookie will be blocked).
037                 */
038                None,
039
040                /**
041                 * Cookies will only be sent in a first-party context and not be sent
042                 * along with requests initiated by third party websites.
043                 */
044                Strict,
045
046                /**
047                 * Cookies are not sent on normal cross-site subrequests (for example to load
048                 * images or frames into a third party site), but are sent when a user is
049                 * navigating to the origin site (i.e., when following a link).
050                 */
051                Lax
052        }
053
054        /** Max age that the component will be persisted in seconds. */
055        private int maxAge = 3600 * 24 * 30; // 30 days
056
057        /** Cookie comment. */
058        private String comment;
059
060        /** Cookie domain. */
061        private String domain;
062
063        /** Whether the cookie is secure. */
064        private boolean secure;
065
066        /** Cookie version. */
067        private int version;
068
069        private boolean httpOnly;
070
071        /**
072         * Gets the max age. After
073         * 
074         * @return the max age
075         */
076        public int getMaxAge()
077        {
078                return maxAge;
079        }
080
081        /**
082         * Sets the maximum age of the cookie in seconds.
083         * 
084         * @param maxAge
085         *            the max age in seconds.
086         */
087        public void setMaxAge(int maxAge)
088        {
089                this.maxAge = maxAge;
090        }
091
092        /**
093         * Gets the cookie comment.
094         * 
095         * @return the cookie comment
096         */
097        public String getComment()
098        {
099                return comment;
100        }
101
102        /**
103         * Sets the cookie comment.
104         * 
105         * @param comment
106         *            the cookie comment
107         */
108        public void setComment(String comment)
109        {
110                this.comment = comment;
111        }
112
113        /**
114         * Gets the cookie domain name.
115         * 
116         * @return the cookie domain name
117         */
118        public String getDomain()
119        {
120                return domain;
121        }
122
123        /**
124         * Sets the cookie domain name.
125         * 
126         * @param domain
127         *            the cookie domain name
128         */
129        public void setDomain(String domain)
130        {
131                this.domain = domain;
132        }
133
134        /**
135         * Returns true if the browser is sending cookies only over a secure protocol, or false if the
136         * browser can send cookies using any protocol.
137         * 
138         * @return whether this cookie is secure
139         */
140        public boolean getSecure()
141        {
142                return secure;
143        }
144
145        /**
146         * Indicates to the browser whether the cookie should only be sent using a secure protocol, such
147         * as HTTPS or SSL.
148         * 
149         * @param secure
150         *            if true, sends the cookie from the browser to the server using only when using a
151         *            secure protocol; if false, sent on any protocol
152         */
153        public void setSecure(boolean secure)
154        {
155                this.secure = secure;
156        }
157
158        /**
159         * Returns the version of the protocol this cookie complies with. Version 1 complies with RFC
160         * 2109, and version 0 complies with the original cookie specification drafted by Netscape.
161         * Cookies provided by a browser use and identify the browser's cookie version.
162         * 
163         * @return 0 if the cookie complies with the original Netscape specification; 1 if the cookie
164         *         complies with RFC 2109
165         */
166        public int getVersion()
167        {
168                return version;
169        }
170
171        /**
172         * Sets the version of the cookie protocol this cookie complies with. Version 0 complies with
173         * the original Netscape cookie specification. Version 1 complies with RFC 2109. <br/>
174         * Since RFC 2109 is still somewhat new, consider version 1 as experimental; do not use it yet
175         * on production sites.
176         * 
177         * @param version
178         *            0 if the cookie should comply with the original Netscape specification; 1 if the
179         *            cookie should comply with RFC 2109
180         */
181        public void setVersion(int version)
182        {
183                this.version = version;
184        }
185
186        /**
187         * Checks whether this Cookie has been marked as <i>HttpOnly</i>.
188         *
189         * @return true if this Cookie has been marked as <i>HttpOnly</i>, false otherwise
190         */
191        public boolean isHttpOnly()
192        {
193                return httpOnly;
194        }
195
196        /**
197         * Marks or unmarks this Cookie as <i>HttpOnly</i>.
198         *
199         * <p><i>HttpOnly</i> cookies are not supposed to be exposed to
200         * client-side scripting code, and may therefore help mitigate certain
201         * kinds of cross-site scripting attacks.
202         *
203         * @param httpOnly true if this cookie is to be marked as <i>HttpOnly</i>, false otherwise
204         */
205        public void setHttpOnly(boolean httpOnly)
206        {
207                this.httpOnly = httpOnly;
208        }
209}