Module de.cuioss.http
Package de.cuioss.http.security.config

Class SecurityDefaults

java.lang.Object
de.cuioss.http.security.config.SecurityDefaults
public final class SecurityDefaults extends Object
Comprehensive collection of default values and constants for HTTP security configuration.

This class provides centralized constants for all security-related configuration values, making it easy to reference standard limits, common patterns, and recommended settings across the HTTP security validation system.

Design Principles

  • Centralized Constants - Single source of truth for all defaults
  • Security-First - Defaults prioritize security while maintaining usability
  • Industry Standards - Based on RFC specifications and best practices
  • Categorized - Organized by HTTP component type for easy navigation

Constant Categories

  • Length Limits - Maximum sizes for various HTTP components
  • Count Limits - Maximum quantities for collections
  • Security Patterns - Common attack patterns to detect
  • Content Types - Standard MIME types and their security implications
  • Character Sets - Character validation patterns
  • Configuration Presets - Pre-built configurations for common scenarios

Usage Examples

 // Use constants in configuration
 SecurityConfiguration config = SecurityConfiguration.builder()
     .maxPathLength(SecurityDefaults.MAX_PATH_LENGTH_DEFAULT)
     .maxParameterCount(SecurityDefaults.MAX_PARAMETER_COUNT_DEFAULT)
     .blockedContentTypes(SecurityDefaults.DANGEROUS_CONTENT_TYPES)
     .build();

 // Check against limits
 if (path.length() > SecurityDefaults.MAX_PATH_LENGTH_STRICT) {
     throw new UrlSecurityException(...);
 }

 // Use pattern constants
 if (SecurityDefaults.PATH_TRAVERSAL_PATTERNS.stream().anyMatch(input::contains)) {
     // Handle path traversal attempt
 }
Implements: Task C3 from HTTP verification specification
Since:
1.0
See Also: