Class EffectiveOriginResolver
java.lang.Object
com.soklet.EffectiveOriginResolver
Resolves a client's effective origin (scheme + host + optional port) from request headers.
Forwarded headers can be spoofed if Soklet is reachable directly. Choose a EffectiveOriginResolver.TrustPolicy that matches your
deployment and, for EffectiveOriginResolver.TrustPolicy.TRUST_PROXY_ALLOWLIST, provide a trusted proxy predicate or allowlist.
If the remote address is missing or not trusted, forwarded headers are ignored.
Extraction order is: trusted forwarded headers → Host → (optional) Origin fallback. Origin
never overrides a conflicting host value; it only fills missing scheme/port or supplies host when absent.
Defaults: if allowOriginFallback(Boolean) is left unset, Origin fallback is enabled only for
EffectiveOriginResolver.TrustPolicy.TRUST_ALL; otherwise it is disabled.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enumForwarded header trust policy. -
Method Summary
Modifier and TypeMethodDescriptionallowOriginFallback(@Nullable Boolean allowOriginFallback) Controls whetherOriginis used as a fallback signal when determining the client URL prefix.remoteAddress(@Nullable InetSocketAddress remoteAddress) The remote address of the client connection.resolve()Resolves the effective origin.trustedProxyAddresses(@NonNull Set<@NonNull InetAddress> trustedProxyAddresses) Allows specifying an IP allowlist for trusted proxies.trustedProxyPredicate(@Nullable Predicate<InetSocketAddress> trustedProxyPredicate) Predicate used whenEffectiveOriginResolver.TrustPolicy.TRUST_PROXY_ALLOWLISTis in effect.static @NonNull EffectiveOriginResolverwithHeaders(@NonNull Map<@NonNull String, @NonNull Set<@NonNull String>> headers, @NonNull EffectiveOriginResolver.TrustPolicy trustPolicy) Acquires a resolver seeded with raw request headers and a trust policy.static @NonNull EffectiveOriginResolverwithRequest(@NonNull Request request, @NonNull EffectiveOriginResolver.TrustPolicy trustPolicy) Acquires a resolver seeded with aRequestand a trust policy.
-
Method Details
-
withHeaders
public static @NonNull EffectiveOriginResolver withHeaders(@NonNull Map<@NonNull String, @NonNull Set<@NonNull String>> headers, @NonNull EffectiveOriginResolver.TrustPolicy trustPolicy) Acquires a resolver seeded with raw request headers and a trust policy.- Parameters:
headers- HTTP request headerstrustPolicy- how forwarded headers should be trusted- Returns:
- the resolver
-
withRequest
public static @NonNull EffectiveOriginResolver withRequest(@NonNull Request request, @NonNull EffectiveOriginResolver.TrustPolicy trustPolicy) Acquires a resolver seeded with aRequestand a trust policy.- Parameters:
request- the current requesttrustPolicy- how forwarded headers should be trusted- Returns:
- the resolver
-
resolve
Resolves the effective origin.- Returns:
- the effective origin, or
Optional.empty()if it could not be determined
-
remoteAddress
The remote address of the client connection.- Parameters:
remoteAddress- the remote address, ornullif unavailable- Returns:
- this resolver
-
trustedProxyPredicate
public @NonNull EffectiveOriginResolver trustedProxyPredicate(@Nullable Predicate<InetSocketAddress> trustedProxyPredicate) Predicate used whenEffectiveOriginResolver.TrustPolicy.TRUST_PROXY_ALLOWLISTis in effect.- Parameters:
trustedProxyPredicate- predicate that returnstruefor trusted proxies- Returns:
- this resolver
-
trustedProxyAddresses
public @NonNull EffectiveOriginResolver trustedProxyAddresses(@NonNull Set<@NonNull InetAddress> trustedProxyAddresses) Allows specifying an IP allowlist for trusted proxies.- Parameters:
trustedProxyAddresses- IP addresses of trusted proxies- Returns:
- this resolver
-
allowOriginFallback
Controls whetherOriginis used as a fallback signal when determining the client URL prefix.- Parameters:
allowOriginFallback-trueto allowOriginfallback,falseto disable it- Returns:
- this resolver
-