Package org.eclipse.jetty.http
Class UriCompliance
- java.lang.Object
-
- org.eclipse.jetty.http.UriCompliance
-
- All Implemented Interfaces:
ComplianceViolation.Mode
public final class UriCompliance extends java.lang.Object implements ComplianceViolation.Mode
URI compliance modes for Jetty request handling. A Compliance mode consists of a set ofUriCompliance.Violation
s which are allowed when the mode is enabled.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
UriCompliance.Violation
These are URI compliance "violations", which may be allowed by the compliance mode.
-
Field Summary
Fields Modifier and Type Field Description static UriCompliance
DEFAULT
The default compliance mode that extends RFC3986 compliance with additional violations to avoid most ambiguous URIs.static UriCompliance
LEGACY
LEGACY compliance mode that models Jetty-9.4 behavior by allowingUriCompliance.Violation.AMBIGUOUS_PATH_SEGMENT
,UriCompliance.Violation.AMBIGUOUS_EMPTY_SEGMENT
,UriCompliance.Violation.AMBIGUOUS_PATH_SEPARATOR
,UriCompliance.Violation.AMBIGUOUS_PATH_ENCODING
andUriCompliance.Violation.UTF16_ENCODINGS
protected static org.slf4j.Logger
LOG
static UriCompliance
RFC3986
Compliance mode that exactly follows RFC3986, including allowing all additional ambiguous URI Violations.static UriCompliance
RFC3986_UNAMBIGUOUS
Compliance mode that follows RFC3986 plus it does not allow any ambiguous URIUriCompliance.Violation
s.static UriCompliance
SAFE
Deprecated.equivalent to DEFAULTstatic UriCompliance
STRICT
Deprecated.equivalent to RFC3986static UriCompliance
UNSAFE
Compliance mode that allows all URI Violations, including allowing ambiguous paths in non canonicalized form.
-
Constructor Summary
Constructors Constructor Description UriCompliance(java.lang.String name, java.util.Set<UriCompliance.Violation> violations)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
allows(ComplianceViolation violation)
static java.lang.String
checkUriCompliance(UriCompliance compliance, HttpURI uri)
static UriCompliance
from(java.lang.String spec)
Create compliance set from string.static UriCompliance
from(java.util.Set<UriCompliance.Violation> violations)
Create compliance set from a set of allowed Violations.java.util.Set<UriCompliance.Violation>
getAllowed()
Get the set ofUriCompliance.Violation
s allowed by this compliance mode.java.util.Set<UriCompliance.Violation>
getKnown()
java.lang.String
getName()
java.lang.String
toString()
static UriCompliance
valueOf(java.lang.String name)
UriCompliance
with(java.lang.String name, UriCompliance.Violation... violations)
Create a new UriCompliance mode that includes the passedUriCompliance.Violation
s.UriCompliance
without(java.lang.String name, UriCompliance.Violation... violations)
Create a new UriCompliance mode that excludes the passedUriCompliance.Violation
s.
-
-
-
Field Detail
-
LOG
protected static final org.slf4j.Logger LOG
-
DEFAULT
public static final UriCompliance DEFAULT
The default compliance mode that extends RFC3986 compliance with additional violations to avoid most ambiguous URIs. This mode does allowUriCompliance.Violation.AMBIGUOUS_PATH_SEPARATOR
, but disallows all outUriCompliance.Violation
s.
-
LEGACY
public static final UriCompliance LEGACY
LEGACY compliance mode that models Jetty-9.4 behavior by allowingUriCompliance.Violation.AMBIGUOUS_PATH_SEGMENT
,UriCompliance.Violation.AMBIGUOUS_EMPTY_SEGMENT
,UriCompliance.Violation.AMBIGUOUS_PATH_SEPARATOR
,UriCompliance.Violation.AMBIGUOUS_PATH_ENCODING
andUriCompliance.Violation.UTF16_ENCODINGS
-
RFC3986
public static final UriCompliance RFC3986
Compliance mode that exactly follows RFC3986, including allowing all additional ambiguous URI Violations.
-
RFC3986_UNAMBIGUOUS
public static final UriCompliance RFC3986_UNAMBIGUOUS
Compliance mode that follows RFC3986 plus it does not allow any ambiguous URIUriCompliance.Violation
s.
-
UNSAFE
public static final UriCompliance UNSAFE
Compliance mode that allows all URI Violations, including allowing ambiguous paths in non canonicalized form.
-
SAFE
@Deprecated public static final UriCompliance SAFE
Deprecated.equivalent to DEFAULT
-
STRICT
@Deprecated public static final UriCompliance STRICT
Deprecated.equivalent to RFC3986
-
-
Constructor Detail
-
UriCompliance
public UriCompliance(java.lang.String name, java.util.Set<UriCompliance.Violation> violations)
-
-
Method Detail
-
valueOf
public static UriCompliance valueOf(java.lang.String name)
-
from
public static UriCompliance from(java.util.Set<UriCompliance.Violation> violations)
Create compliance set from a set of allowed Violations.- Parameters:
violations
- A string of violations to allow:- Returns:
- the compliance from the string spec
-
from
public static UriCompliance from(java.lang.String spec)
Create compliance set from string.Format: <BASE>[,[-]<violation>]...
BASE is one of:
- 0
- No
UriCompliance.Violation
s - *
- All
UriCompliance.Violation
s - <name>
- The name of a static instance of UriCompliance (e.g.
RFC3986
).
The remainder of the list can contain then names of
UriCompliance.Violation
s to include them in the mode, or prefixed with a '-' to exclude them from the mode. Examples are:0,AMBIGUOUS_PATH_PARAMETER
- Only allow
UriCompliance.Violation.AMBIGUOUS_PATH_PARAMETER
*,-AMBIGUOUS_PATH_PARAMETER
- Only all except
UriCompliance.Violation.AMBIGUOUS_PATH_PARAMETER
RFC3986,AMBIGUOUS_PATH_PARAMETER
- Same as RFC3986 plus
UriCompliance.Violation.AMBIGUOUS_PATH_PARAMETER
- Parameters:
spec
- A string describing the compliance- Returns:
- the UriCompliance instance derived from the string description
-
allows
public boolean allows(ComplianceViolation violation)
- Specified by:
allows
in interfaceComplianceViolation.Mode
- Parameters:
violation
- TheComplianceViolation
to test- Returns:
- true iff the violation is allowed by this mode.
-
getName
public java.lang.String getName()
- Specified by:
getName
in interfaceComplianceViolation.Mode
- Returns:
- The name of the compliance violation mode.
-
getAllowed
public java.util.Set<UriCompliance.Violation> getAllowed()
Get the set ofUriCompliance.Violation
s allowed by this compliance mode.- Specified by:
getAllowed
in interfaceComplianceViolation.Mode
- Returns:
- The immutable set of
UriCompliance.Violation
s allowed by this compliance mode.
-
getKnown
public java.util.Set<UriCompliance.Violation> getKnown()
- Specified by:
getKnown
in interfaceComplianceViolation.Mode
- Returns:
- The immutable set of all known violations for this mode.
-
with
public UriCompliance with(java.lang.String name, UriCompliance.Violation... violations)
Create a new UriCompliance mode that includes the passedUriCompliance.Violation
s.- Parameters:
name
- The name of the new modeviolations
- The violations to include- Returns:
- A new
UriCompliance
mode.
-
without
public UriCompliance without(java.lang.String name, UriCompliance.Violation... violations)
Create a new UriCompliance mode that excludes the passedUriCompliance.Violation
s.- Parameters:
name
- The name of the new modeviolations
- The violations to exclude- Returns:
- A new
UriCompliance
mode.
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
-
checkUriCompliance
public static java.lang.String checkUriCompliance(UriCompliance compliance, HttpURI uri)
-
-