StaticResponseHandler
Creates a response to a request statically, or based on something in the context.
Usage
{
"name": string,
"type": "StaticResponseHandler",
"config": {
"status": configuration expression<number>,
"reason": configuration expression<string>,
"headers": {
configuration expression<string>: [ runtime expression<string>, ... ], ...
},
"trailers": {
configuration expression<string>: [ runtime expression<string>, ... ], ...
},
"entity": runtime expression<string> or [ runtime expression<string>, ... ]
}
}
Properties
"status"
: Status object-
The response status. For more information, refer to Status.
"reason"
: configuration expression<string>, optional-
Used only for custom HTTP status codes. For more information, refer to Response Status Codes and Status Code Registry.
"headers"
: map, optional-
One or more headers to set for a response, with the format
name: [ value, … ]
, where:When the property
entity
is used, set aContent-Type
header with the correct content type value. The following example sets the content type of a message entity in the response:"headers": { "Content-Type": [ "text/html; charset=UTF-8" ] }
The following example is used in
federate-handler.json
to redirect the original URI from the request:"headers": { "Location": [ "http://sp.example.com:8080/saml/SPInitiatedSSO" ] }
Default: Empty
"trailers"
: map, optional-
One or more trailers to set for a response, with the format
name: [ value, … ]
, where:-
name is a configuration expression<string> for a trailer name. If multiple expressions resolve to the same string, name has multiple values.
The following trailer names are not allowed:
-
Message framing headers (for example,
Transfer-Encoding
andContent-Length
) -
Routing headers (for example,
Host
) -
Request modifiers (for example, controls and conditionals such as
Cache-Control
,Max-Forwards
, andTE
) -
Authentication headers (for example,
Authorization
andSet-Cookie
) -
Content-Encoding
-
Content-Type
-
Content-Range
-
Trailer
-
-
value is one or more runtime expression<strings> for trailer values.
Default: Empty
-
"entity"
: runtime expression<string> or array of runtime expression<string>, optional-
The message entity body to include in a response.
If a
Content-Type
header is present, the entity must conform to the header and set the content length header automatically.Methods are provided for accessing the entity as byte, string, or JSON content. For information, refer to Entity.
Attackers during reconnaissance can use response messages to identify information about a deployment. For security, limit the amount of information in messages, and avoid using words that help identify IG. Default: Empty
Example
{
"name": "ErrorHandler",
"type":"StaticResponseHandler",
"config": {
"status": 500,
"headers": {
"Content-Type": [ "text/html; charset=UTF-8" ]
},
"entity": "<html><h2>Epic #FAIL</h2></html>"
}
}
{
"handler": {
"type": "StaticResponseHandler",
"config": {
"status": 200,
"headers": {
"content-type": [ "text/html" ]
},
"entity": [
"<html>",
" <body>",
" <h1>Request Details</h1>",
" <p>The path was: ${request.uri.path}<p>",
" <p>The query params were: ${toString(request.queryParams)}</p>",
" <p>The headers were: ${toString(request.headers.entrySet())}<p>",
" </body>",
"</html>"
]
}
}
}