Class HttpHeaderValidationUtil


  • public final class HttpHeaderValidationUtil
    extends java.lang.Object
    Functions used to perform various validations of HTTP header names and values.
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean isConnectionHeader​(java.lang.CharSequence name, boolean ignoreTeHeader)
      Check if a header name is "connection related".
      static boolean isTeNotTrailers​(java.lang.CharSequence name, java.lang.CharSequence value)
      If the given header is HttpHeaderNames.TE and the given header value is not HttpHeaderValues.TRAILERS, then return true.
      static int validateToken​(java.lang.CharSequence token)
      Validate a token contains only allowed characters.
      static int validateValidHeaderValue​(java.lang.CharSequence value)
      Validate the given HTTP header value by searching for any illegal characters.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Method Detail

      • isConnectionHeader

        public static boolean isConnectionHeader​(java.lang.CharSequence name,
                                                 boolean ignoreTeHeader)
        Check if a header name is "connection related".

        The RFC9110 only specify an incomplete list of the following headers:

        • Connection
        • Proxy-Connection
        • Keep-Alive
        • TE
        • Transfer-Encoding
        • Upgrade
        Parameters:
        name - the name of the header to check. The check is case-insensitive.
        ignoreTeHeader - true if the TE header should be ignored by this check. This is relevant for HTTP/2 header validation, where the TE header has special rules.
        Returns:
        true if the given header name is one of the specified connection-related headers.
      • isTeNotTrailers

        public static boolean isTeNotTrailers​(java.lang.CharSequence name,
                                              java.lang.CharSequence value)
        If the given header is HttpHeaderNames.TE and the given header value is not HttpHeaderValues.TRAILERS, then return true. Otherwie, false.

        The string comparisons are case-insensitive.

        This check is important for HTTP/2 header validation.

        Parameters:
        name - the header name to check if it is TE or not.
        value - the header value to check if it is something other than TRAILERS.
        Returns:
        true only if the header name is TE, and the header value is not TRAILERS. Otherwise, false.
      • validateValidHeaderValue

        public static int validateValidHeaderValue​(java.lang.CharSequence value)
        Validate the given HTTP header value by searching for any illegal characters.
        Parameters:
        value - the HTTP header value to validate.
        Returns:
        the index of the first illegal character found, or -1 if there are none and the header value is valid.
      • validateToken

        public static int validateToken​(java.lang.CharSequence token)
        Validate a token contains only allowed characters.

        The token format is used for variety of HTTP components, like cookie-name, field-name of a header-field, or request method.

        Parameters:
        token - the token to validate.
        Returns:
        the index of the first invalid token character found, or -1 if there are none.