Package org.eclipse.jetty.http

Class UriCompliance

java.lang.Object

org.eclipse.jetty.http.UriCompliance

All Implemented Interfaces:

ComplianceViolation.Mode

public final class UriCompliance
extends java.lang.Object
implements ComplianceViolation.Mode

URI compliance modes for Jetty request handling. A Compliance mode consists of a set of UriCompliance.Violations which are allowed when the mode is enabled.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	UriCompliance.Violation	These are URI compliance "violations", which may be allowed by the compliance mode.

Field Summary

Fields

Modifier and Type	Field	Description
static UriCompliance	DEFAULT	The default compliance mode that extends RFC3986 compliance with additional violations to avoid most ambiguous URIs.
static UriCompliance	LEGACY	LEGACY compliance mode that models Jetty-9.4 behavior by allowing UriCompliance.Violation.AMBIGUOUS_PATH_SEGMENT, UriCompliance.Violation.AMBIGUOUS_EMPTY_SEGMENT, UriCompliance.Violation.AMBIGUOUS_PATH_SEPARATOR, UriCompliance.Violation.AMBIGUOUS_PATH_ENCODING and UriCompliance.Violation.UTF16_ENCODINGS
protected static org.slf4j.Logger	LOG
static UriCompliance	RFC3986	Compliance mode that exactly follows RFC3986, including allowing all additional ambiguous URI Violations.
static UriCompliance	RFC3986_UNAMBIGUOUS	Compliance mode that follows RFC3986 plus it does not allow any ambiguous URI UriCompliance.Violations.
static UriCompliance	SAFE	Deprecated. equivalent to DEFAULT
static UriCompliance	STRICT	Deprecated. equivalent to RFC3986
static UriCompliance	UNSAFE	Compliance mode that allows all URI Violations, including allowing ambiguous paths in non canonicalized form.

Constructor Summary

Constructors

Constructor	Description
UriCompliance(java.lang.String name, java.util.Set<UriCompliance.Violation> violations)

Method Summary

Modifier and Type	Method	Description
boolean	allows(ComplianceViolation violation)
static java.lang.String	checkUriCompliance(UriCompliance compliance, HttpURI uri)
static UriCompliance	from(java.lang.String spec)	Create compliance set from string.
static UriCompliance	from(java.util.Set<UriCompliance.Violation> violations)	Create compliance set from a set of allowed Violations.
java.util.Set<UriCompliance.Violation>	getAllowed()	Get the set of UriCompliance.Violations allowed by this compliance mode.
java.util.Set<UriCompliance.Violation>	getKnown()
java.lang.String	getName()
java.lang.String	toString()
static UriCompliance	valueOf(java.lang.String name)
UriCompliance	with(java.lang.String name, UriCompliance.Violation... violations)	Create a new UriCompliance mode that includes the passed UriCompliance.Violations.
UriCompliance	without(java.lang.String name, UriCompliance.Violation... violations)	Create a new UriCompliance mode that excludes the passed UriCompliance.Violations.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

LOG

protected static final org.slf4j.Logger LOG

DEFAULT

public static final UriCompliance DEFAULT

The default compliance mode that extends RFC3986 compliance with additional violations to avoid most ambiguous URIs. This mode does allow UriCompliance.Violation.AMBIGUOUS_PATH_SEPARATOR, but disallows all out UriCompliance.Violations.

LEGACY

public static final UriCompliance LEGACY

LEGACY compliance mode that models Jetty-9.4 behavior by allowing UriCompliance.Violation.AMBIGUOUS_PATH_SEGMENT, UriCompliance.Violation.AMBIGUOUS_EMPTY_SEGMENT, UriCompliance.Violation.AMBIGUOUS_PATH_SEPARATOR, UriCompliance.Violation.AMBIGUOUS_PATH_ENCODING and UriCompliance.Violation.UTF16_ENCODINGS

RFC3986

public static final UriCompliance RFC3986

Compliance mode that exactly follows RFC3986, including allowing all additional ambiguous URI Violations.

RFC3986_UNAMBIGUOUS

public static final UriCompliance RFC3986_UNAMBIGUOUS

Compliance mode that follows RFC3986 plus it does not allow any ambiguous URI UriCompliance.Violations.

UNSAFE

public static final UriCompliance UNSAFE

Compliance mode that allows all URI Violations, including allowing ambiguous paths in non canonicalized form.

SAFE

@Deprecated
public static final UriCompliance SAFE

Deprecated.

equivalent to DEFAULT

STRICT

@Deprecated
public static final UriCompliance STRICT

Deprecated.

equivalent to RFC3986

Constructor Detail

UriCompliance

public UriCompliance(java.lang.String name,
                     java.util.Set<UriCompliance.Violation> violations)

Method Detail

valueOf

public static UriCompliance valueOf(java.lang.String name)

from

public static UriCompliance from(java.util.Set<UriCompliance.Violation> violations)

Create compliance set from a set of allowed Violations.

Parameters:

violations - A string of violations to allow:

Returns:

the compliance from the string spec

from

public static UriCompliance from(java.lang.String spec)

Create compliance set from string.

Format: <BASE>[,[-]<violation>]...

BASE is one of:

0

No UriCompliance.Violations

*

All UriCompliance.Violations

<name>

The name of a static instance of UriCompliance (e.g. RFC3986).

The remainder of the list can contain then names of UriCompliance.Violations to include them in the mode, or prefixed with a '-' to exclude them from the mode. Examples are:

0,AMBIGUOUS_PATH_PARAMETER

Only allow UriCompliance.Violation.AMBIGUOUS_PATH_PARAMETER

*,-AMBIGUOUS_PATH_PARAMETER

Only all except UriCompliance.Violation.AMBIGUOUS_PATH_PARAMETER

RFC3986,AMBIGUOUS_PATH_PARAMETER

Same as RFC3986 plus UriCompliance.Violation.AMBIGUOUS_PATH_PARAMETER

Parameters:

spec - A string describing the compliance

Returns:

the UriCompliance instance derived from the string description

allows

public boolean allows(ComplianceViolation violation)

Specified by:

allows in interface ComplianceViolation.Mode

Parameters:

violation - The ComplianceViolation to test

Returns:

true iff the violation is allowed by this mode.

getName

public java.lang.String getName()

Specified by:

getName in interface ComplianceViolation.Mode

Returns:

The name of the compliance violation mode.

getAllowed

public java.util.Set<UriCompliance.Violation> getAllowed()

Get the set of UriCompliance.Violations allowed by this compliance mode.

Specified by:

getAllowed in interface ComplianceViolation.Mode

Returns:

The immutable set of UriCompliance.Violations allowed by this compliance mode.

getKnown

public java.util.Set<UriCompliance.Violation> getKnown()

Specified by:

getKnown in interface ComplianceViolation.Mode

Returns:

The immutable set of all known violations for this mode.

with

public UriCompliance with(java.lang.String name,
                          UriCompliance.Violation... violations)

Create a new UriCompliance mode that includes the passed UriCompliance.Violations.

Parameters:

name - The name of the new mode

violations - The violations to include

Returns:

A new UriCompliance mode.

without

public UriCompliance without(java.lang.String name,
                             UriCompliance.Violation... violations)

Create a new UriCompliance mode that excludes the passed UriCompliance.Violations.

Parameters:

name - The name of the new mode

violations - The violations to exclude

Returns:

A new UriCompliance mode.

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

checkUriCompliance

public static java.lang.String checkUriCompliance(UriCompliance compliance,
                                                  HttpURI uri)