Class SslFilter

  • All Implemented Interfaces:
    Filter, Nameable, PathConfigProcessor

    public class SslFilter
    extends PortFilter
    Filter which requires a request to be over SSL. Access is allowed if the request is received on the configured server port and the request.isSecure(). If either condition is false, the filter chain will not continue.

    The port property defaults to 443 and also additionally guarantees that the request scheme is always 'https' (except for port 80, which retains the 'http' scheme).

    In addition the filter allows enabling HTTP Strict Transport Security (HSTS). This feature is opt-in and disabled by default. If enabled HSTS will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS.

    The maxAge property defaults 31536000, and includeSubDomains is false.

    Warning: Use this setting with care and only if you plan to enable SSL on every path.

    Example configs:
     /secure/path/** = ssl
    with HSTS enabled
     ssl.hsts.enabled = true
     /** = ssl
    See Also:
    HTTP Strict Transport Security (HSTS)