Package ch.tocco.nice2.web.core.api.servlet

Class AuthCookie

java.lang.Object

ch.tocco.nice2.web.core.api.servlet.AbstractNiceCookie

ch.tocco.nice2.web.core.api.servlet.AuthCookie

public class AuthCookie
extends AbstractNiceCookie

Implements the nice_auth cookie.

Field Summary

Fields

Modifier and Type	Field	Description
static final Pattern	HEADER_PATTERN
static final String	NAME

Fields inherited from class ch.tocco.nice2.web.core.api.servlet.AbstractNiceCookie

addedToResponse, content, expires

Constructor Summary

Constructors

Constructor	Description
AuthCookie(@Nullable String content)

Method Summary

Modifier and Type	Method	Description
protected String	getName()
protected List<String>	getSpecificTokens(jakarta.servlet.http.HttpServletRequest request)
protected boolean	shouldBeSecured(jakarta.servlet.http.HttpServletRequest request)	Some of our automated tests run on a headless browser without an https connection.

Methods inherited from class ch.tocco.nice2.web.core.api.servlet.AbstractNiceCookie

addToResponse, setExpires

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

NAME

public static final String NAME

See Also:

• Constant Field Values

HEADER_PATTERN

public static final Pattern HEADER_PATTERN

Constructor Details

AuthCookie

public AuthCookie(@Nullable
 @Nullable String content)

Method Details

getSpecificTokens

protected List<String> getSpecificTokens(jakarta.servlet.http.HttpServletRequest request)

Specified by:

getSpecificTokens in class AbstractNiceCookie

getName

protected String getName()

Specified by:

getName in class AbstractNiceCookie

shouldBeSecured

protected boolean shouldBeSecured(jakarta.servlet.http.HttpServletRequest request)

Some of our automated tests run on a headless browser without an https connection. Therefore it must be possible to use Tocco without https. On production, https is ensured through configuration of the server setup. We can be sure that the cookie is always safe on production.

Specified by:

shouldBeSecured in class AbstractNiceCookie

Parameters:

request - the current request to the backend