Package org.mockserver.configuration

Class Configuration

  • public class Configuration
extends Object
    Author:
    jamesdbloom

    • Constructor Detail

      • Configuration

        public Configuration()

    • Method Detail

      • logLevel

        public org.slf4j.event.Level logLevel()

      • logLevel

        public Configuration logLevel​(org.slf4j.event.Level level)
        Override the default logging level of INFO
        Parameters:
        level - the log level, which can be TRACE, DEBUG, INFO, WARN, ERROR, OFF, FINEST, FINE, INFO, WARNING, SEVERE

      • logLevel

        public Configuration logLevel​(String level)
        Override the default logging level of INFO
        Parameters:
        level - the log level, which can be TRACE, DEBUG, INFO, WARN, ERROR, OFF, FINEST, FINE, INFO, WARNING, SEVERE

      • disableSystemOut

        public Boolean disableSystemOut()

      • disableSystemOut

        public Configuration disableSystemOut​(Boolean disableSystemOut)
        Disable printing log to system out for JVM, default is enabled
        Parameters:
        disableSystemOut - printing log to system out for JVM

      • disableLogging

        public Boolean disableLogging()

      • disableLogging

        public Configuration disableLogging​(Boolean disableLogging)
        Disable all logging and processing of log events

        The default is false

        Parameters:
        disableLogging - disable all logging

      • detailedMatchFailures

        public Boolean detailedMatchFailures()

      • detailedMatchFailures

        public Configuration detailedMatchFailures​(Boolean detailedMatchFailures)
        If true (the default) the log event recording that a request matcher did not match will include a detailed reason why each non-matching field did not match.
        Parameters:
        detailedMatchFailures - enabled detailed match failure log events

      • launchUIForLogLevelDebug

        public Boolean launchUIForLogLevelDebug()

      • launchUIForLogLevelDebug

        public Configuration launchUIForLogLevelDebug​(Boolean launchUIForLogLevelDebug)
        If true (the default) the ClientAndServer constructor will open the UI in the default browser when the log level is set to DEBUG.
        Parameters:
        launchUIForLogLevelDebug - enabled ClientAndServer constructor launching UI when log level is DEBUG

      • metricsEnabled

        public Boolean metricsEnabled()

      • metricsEnabled

        public Configuration metricsEnabled​(Boolean metricsEnabled)
        Enable gathering of metrics, default is false
        Parameters:
        metricsEnabled - enable metrics

      • mcpEnabled

        public Boolean mcpEnabled()

      • grpcDescriptorDirectory

        public String grpcDescriptorDirectory()

      • grpcDescriptorDirectory

        public Configuration grpcDescriptorDirectory​(String grpcDescriptorDirectory)

      • grpcProtoDirectory

        public String grpcProtoDirectory()

      • grpcEnabled

        public Boolean grpcEnabled()

      • grpcProtocPath

        public String grpcProtocPath()

      • dnsEnabled

        public Boolean dnsEnabled()

      • dnsPort

        public Integer dnsPort()

      • compactLogFormat

        public Boolean compactLogFormat()

      • maxExpectations

        public Integer maxExpectations()

      • maxExpectations

        public Configuration maxExpectations​(Integer maxExpectations)

        Maximum number of expectations stored in memory. Expectations are stored in a circular queue so once this limit is reach the oldest and lowest priority expectations are overwritten

        The default maximum depends on the available memory in the JVM with an upper limit of 15000

        Parameters:
        maxExpectations - maximum number of expectations to store

      • maxLogEntries

        public Integer maxLogEntries()

      • maxLogEntries

        public Configuration maxLogEntries​(Integer maxLogEntries)

        Maximum number of log entries stored in memory. Log entries are stored in a circular queue so once this limit is reach the oldest log entries are overwritten

        The default maximum depends on the available memory in the JVM with an upper limit of 100000

        Parameters:
        maxLogEntries - maximum number of expectations to store

      • maxWebSocketExpectations

        public Integer maxWebSocketExpectations()

      • maxWebSocketExpectations

        public Configuration maxWebSocketExpectations​(Integer maxWebSocketExpectations)

        Maximum number of remote (not the same JVM) method callbacks (i.e. web sockets) registered for expectations. The web socket client registry entries are stored in a circular queue so once this limit is reach the oldest are overwritten.

        The default is 1500

        Parameters:
        maxWebSocketExpectations - maximum number of method callbacks (i.e. web sockets) registered for expectations

      • outputMemoryUsageCsv

        public Boolean outputMemoryUsageCsv()

      • outputMemoryUsageCsv

        public Configuration outputMemoryUsageCsv​(Boolean outputMemoryUsageCsv)

        Output JVM memory usage metrics to CSV file periodically called memoryUsage_<yyyy-MM-dd>.csv

        Parameters:
        outputMemoryUsageCsv - output of JVM memory metrics

      • memoryUsageCsvDirectory

        public String memoryUsageCsvDirectory()

      • memoryUsageCsvDirectory

        public Configuration memoryUsageCsvDirectory​(String memoryUsageCsvDirectory)

        Directory to output JVM memory usage metrics CSV files to when outputMemoryUsageCsv enabled

        Parameters:
        memoryUsageCsvDirectory - directory to save JVM memory metrics CSV files

      • nioEventLoopThreadCount

        public Integer nioEventLoopThreadCount()

      • nioEventLoopThreadCount

        public Configuration nioEventLoopThreadCount​(Integer nioEventLoopThreadCount)

        Netty worker thread pool size for handling requests and response. These threads handle deserializing and serialising HTTP requests and responses and some other fast logic, long running tasks are done on the action handler thread pool.

        Parameters:
        nioEventLoopThreadCount - Netty worker thread pool size

      • actionHandlerThreadCount

        public Integer actionHandlerThreadCount()

      • actionHandlerThreadCount

        public Configuration actionHandlerThreadCount​(Integer actionHandlerThreadCount)

        Number of threads for the action handler thread pool

        These threads are used for handling actions such as:

        • serialising and writing expectation or proxied responses
        • handling response delays in a non-blocking way (i.e. using a scheduler)
        • executing class callbacks
        • handling method / closure callbacks (using web sockets)

        Default is maximum of 5 or available processors count

        Parameters:
        actionHandlerThreadCount - Netty worker thread pool size

      • clientNioEventLoopThreadCount

        public Integer clientNioEventLoopThreadCount()

      • clientNioEventLoopThreadCount

        public Configuration clientNioEventLoopThreadCount​(Integer clientNioEventLoopThreadCount)

        Client Netty worker thread pool size for handling requests and response. These threads handle deserializing and serialising HTTP requests and responses and some other fast logic.

        Default is 5 threads

        Parameters:
        clientNioEventLoopThreadCount - Client Netty worker thread pool size

      • webSocketClientEventLoopThreadCount

        public Integer webSocketClientEventLoopThreadCount()

      • webSocketClientEventLoopThreadCount

        public Configuration webSocketClientEventLoopThreadCount​(Integer webSocketClientEventLoopThreadCount)

        Client Netty worker thread pool size for handling requests and response. These threads handle deserializing and serialising HTTP requests and responses and some other fast logic.

        Default is 5 threads

        Parameters:
        webSocketClientEventLoopThreadCount - Client Netty worker thread pool size

      • maxFutureTimeoutInMillis

        public Long maxFutureTimeoutInMillis()

      • maxFutureTimeoutInMillis

        public Configuration maxFutureTimeoutInMillis​(Long maxFutureTimeoutInMillis)
        Maximum time allowed in milliseconds for any future to wait, for example when waiting for a response over a web socket callback.

        Default is 60,000 ms

        Parameters:
        maxFutureTimeoutInMillis - maximum time allowed in milliseconds

      • matchersFailFast

        public Boolean matchersFailFast()

      • matchersFailFast

        public Configuration matchersFailFast​(Boolean matchersFailFast)
        If true (the default) request matchers will fail on the first non-matching field, if false request matchers will compare all fields. This is useful to see all mismatching fields in the log event recording that a request matcher did not match.
        Parameters:
        matchersFailFast - enabled request matchers failing fast

      • maxSocketTimeoutInMillis

        public Long maxSocketTimeoutInMillis()

      • maxSocketTimeoutInMillis

        public Configuration maxSocketTimeoutInMillis​(Long maxSocketTimeoutInMillis)
        Maximum time in milliseconds allowed for a response from a socket

        Default is 20,000 ms

        Parameters:
        maxSocketTimeoutInMillis - maximum time in milliseconds allowed

      • socketConnectionTimeoutInMillis

        public Long socketConnectionTimeoutInMillis()

      • socketConnectionTimeoutInMillis

        public Configuration socketConnectionTimeoutInMillis​(Long socketConnectionTimeoutInMillis)
        Maximum time in milliseconds allowed to connect to a socket

        Default is 20,000 ms

        Parameters:
        socketConnectionTimeoutInMillis - maximum time allowed in milliseconds

      • connectionDelay

        public Delay connectionDelay()

      • alwaysCloseSocketConnections

        public Boolean alwaysCloseSocketConnections()

      • alwaysCloseSocketConnections

        public Configuration alwaysCloseSocketConnections​(Boolean alwaysCloseSocketConnections)

        If true socket connections will always be closed after a response is returned, if false connection is only closed if request header indicate connection should be closed.

        Default is false

        Parameters:
        alwaysCloseSocketConnections - true socket connections will always be closed after a response is returned

      • localBoundIP

        public String localBoundIP()

      • localBoundIP

        public Configuration localBoundIP​(String localBoundIP)
        The local IP address to bind to for accepting new socket connections

        Default is 0.0.0.0

        Parameters:
        localBoundIP - local IP address to bind to for accepting new socket connections

      • maxInitialLineLength

        public Integer maxInitialLineLength()

      • maxInitialLineLength

        public Configuration maxInitialLineLength​(Integer maxInitialLineLength)
        Maximum size of the first line of an HTTP request

        The default is Integer.MAX_VALUE

        Parameters:
        maxInitialLineLength - maximum size of the first line of an HTTP request

      • maxHeaderSize

        public Integer maxHeaderSize()

      • maxHeaderSize

        public Configuration maxHeaderSize​(Integer maxHeaderSize)
        Maximum size of HTTP request headers

        The default is Integer.MAX_VALUE

        Parameters:
        maxHeaderSize - maximum size of HTTP request headers

      • maxChunkSize

        public Integer maxChunkSize()

      • maxChunkSize

        public Configuration maxChunkSize​(Integer maxChunkSize)
        Maximum size of HTTP chunks in request or responses

        The default is Integer.MAX_VALUE

        Parameters:
        maxChunkSize - maximum size of HTTP chunks in request or responses

      • maxRequestBodySize

        public Integer maxRequestBodySize()

      • maxRequestBodySize

        public Configuration maxRequestBodySize​(Integer maxRequestBodySize)
        Maximum aggregated body size (in bytes) accepted on inbound HTTP/1.1 and HTTP/2 requests.

        The default is 10,485,760 bytes (10 MiB).

        Parameters:
        maxRequestBodySize - maximum inbound request body size in bytes

      • maxResponseBodySize

        public Integer maxResponseBodySize()

      • maxResponseBodySize

        public Configuration maxResponseBodySize​(Integer maxResponseBodySize)
        Maximum aggregated body size (in bytes) accepted on responses received from upstream servers when MockServer is acting as a proxy or forwarder.

        The default is 52,428,800 bytes (50 MiB).

        Parameters:
        maxResponseBodySize - maximum upstream response body size in bytes

      • maxLlmConversationBodySize

        public Integer maxLlmConversationBodySize()

      • maxLlmConversationBodySize

        public Configuration maxLlmConversationBodySize​(Integer maxLlmConversationBodySize)
        Maximum body size (in bytes) for LLM conversation request bodies.

        The default is 1,048,576 bytes (1 MiB). Valid range is [16384, 67108864].

        Parameters:
        maxLlmConversationBodySize - maximum LLM conversation body size in bytes

      • useSemicolonAsQueryParameterSeparator

        public Boolean useSemicolonAsQueryParameterSeparator()

      • useSemicolonAsQueryParameterSeparator

        public Configuration useSemicolonAsQueryParameterSeparator​(Boolean useSemicolonAsQueryParameterSeparator)
        If true semicolons are treated as a separator for a query parameter string, if false the semicolon is treated as a normal character that is part of a query parameter value.

        The default is true

        Parameters:
        useSemicolonAsQueryParameterSeparator - if true semicolons are treated as a separator for a query parameter string

      • assumeAllRequestsAreHttp

        public Boolean assumeAllRequestsAreHttp()

      • assumeAllRequestsAreHttp

        public Configuration assumeAllRequestsAreHttp​(Boolean assumeAllRequestsAreHttp)
        If false requests are assumed as binary if the method isn't one of "GET", "POST", "PUT", "HEAD", "OPTIONS", "PATCH", "DELETE", "TRACE" or "CONNECT"

        The default is false

        Parameters:
        assumeAllRequestsAreHttp - if false requests are assumed as binary if the method isn't one of "GET", "POST", "PUT", "HEAD", "OPTIONS", "PATCH", "DELETE", "TRACE" or "CONNECT"

      • http2Enabled

        public Boolean http2Enabled()

      • http2Enabled

        public Configuration http2Enabled​(Boolean http2Enabled)
        If false HTTP/2 is disabled and ALPN no longer advertises h2, so HTTP/2 capable clients are forced to use HTTP/1.1 (and the HTTP/2 cleartext h2c upgrade is not detected)

        The default is true

        Parameters:
        http2Enabled - if false HTTP/2 is disabled and clients are forced to use HTTP/1.1

      • streamingResponsesEnabled

        public Boolean streamingResponsesEnabled()

      • streamingResponsesEnabled

        public Configuration streamingResponsesEnabled​(Boolean streamingResponsesEnabled)
        If true (the default) streaming responses (Server-Sent Events with Content-Type: text/event-stream) received while proxying are relayed to the client incrementally as they arrive, instead of being fully buffered before being forwarded. This keeps streaming APIs (such as LLM APIs) responsive when proxied. Only SSE responses are detected as streaming; ordinary chunked responses are aggregated normally.

        Default is true

        Parameters:
        streamingResponsesEnabled - enable incremental relay of streaming responses while proxying

      • maxStreamingCaptureBytes

        public Integer maxStreamingCaptureBytes()

      • maxStreamingCaptureBytes

        public Configuration maxStreamingCaptureBytes​(Integer maxStreamingCaptureBytes)
        The maximum number of bytes of a streaming response body captured into the event log while relaying it. The full stream is always relayed to the client; this only bounds how much is retained for the dashboard and retrieve API. Once exceeded the logged body is truncated and flagged.

        Default is 262144 (256 KB)

        Parameters:
        maxStreamingCaptureBytes - maximum number of streaming response body bytes captured into the event log

      • streamIdleTimeoutSeconds

        public Integer streamIdleTimeoutSeconds()

      • streamIdleTimeoutSeconds

        public Configuration streamIdleTimeoutSeconds​(Integer streamIdleTimeoutSeconds)
        The maximum time in seconds a streaming response connection may be idle (no chunk received) before it is considered dead and closed. This replaces the fixed socket timeout for streaming responses, which would otherwise terminate long-lived streams.

        Default is 60 seconds

        Parameters:
        streamIdleTimeoutSeconds - maximum idle time in seconds between streaming response chunks

      • forwardBinaryRequestsWithoutWaitingForResponse

        public Boolean forwardBinaryRequestsWithoutWaitingForResponse()

      • forwardBinaryRequestsWithoutWaitingForResponse

        public Configuration forwardBinaryRequestsWithoutWaitingForResponse​(Boolean forwardBinaryRequestsWithoutWaitingForResponse)
        If true the BinaryProxyListener is called before a response is received from the remote host. This enables the proxying of messages without a response.

        The default is false

        Parameters:
        forwardBinaryRequestsWithoutWaitingForResponse - target value

      • binaryProxyListener

        public Configuration binaryProxyListener​(BinaryProxyListener binaryProxyListener)
        Set a org.mockserver.model.BinaryProxyListener called when binary content is proxied
        Parameters:
        binaryProxyListener - a BinaryProxyListener called when binary content is proxied

      • enableCORSForAPI

        public Boolean enableCORSForAPI()

      • enableCORSForAPI

        public Configuration enableCORSForAPI​(Boolean enableCORSForAPI)
        Enable CORS for MockServer REST API so that the API can be used for javascript running in browsers, such as selenium

        The default is false

        Parameters:
        enableCORSForAPI - CORS for MockServer REST API

      • enableCORSForAllResponses

        public Boolean enableCORSForAllResponses()

      • enableCORSForAllResponses

        public Configuration enableCORSForAllResponses​(Boolean enableCORSForAllResponses)
        Enable CORS for all responses from MockServer, including the REST API and expectation responses

        The default is false

        Parameters:
        enableCORSForAllResponses - CORS for all responses from MockServer

      • corsAllowOrigin

        public String corsAllowOrigin()

      • corsAllowOrigin

        public Configuration corsAllowOrigin​(String corsAllowOrigin)

        the value used for CORS in the access-control-allow-origin header.

        The default is ""

        Parameters:
        corsAllowOrigin - the value used for CORS in the access-control-allow-methods header

      • corsAllowMethods

        public String corsAllowMethods()

      • corsAllowMethods

        public Configuration corsAllowMethods​(String corsAllowMethods)

        the value used for CORS in the access-control-allow-methods header.

        The default is ""

        Parameters:
        corsAllowMethods - the value used for CORS in the access-control-allow-methods header

      • corsAllowHeaders

        public String corsAllowHeaders()

      • corsAllowHeaders

        public Configuration corsAllowHeaders​(String corsAllowHeaders)

        the value used for CORS in the access-control-allow-headers and access-control-expose-headers headers.

        In addition to this default value any headers specified in the request header access-control-request-headers also get added to access-control-allow-headers and access-control-expose-headers headers in a CORS response.

        The default is ""

        Parameters:
        corsAllowHeaders - the value used for CORS in the access-control-allow-headers and access-control-expose-headers headers

      • corsAllowCredentials

        public Boolean corsAllowCredentials()

      • corsAllowCredentials

        public Configuration corsAllowCredentials​(Boolean corsAllowCredentials)
        The value used for CORS in the access-control-allow-credentials header.

        The default is false

        Parameters:
        corsAllowCredentials - the value used for CORS in the access-control-allow-credentials header

      • corsMaxAgeInSeconds

        public Integer corsMaxAgeInSeconds()

      • corsMaxAgeInSeconds

        public Configuration corsMaxAgeInSeconds​(Integer corsMaxAgeInSeconds)
        The value used for CORS in the access-control-max-age header.

        The default is 0

        Parameters:
        corsMaxAgeInSeconds - the value used for CORS in the access-control-max-age header.

      • javascriptDisallowedClasses

        public String javascriptDisallowedClasses()

      • javascriptDisallowedClasses

        public Configuration javascriptDisallowedClasses​(String javascriptDisallowedClasses)
        Set comma separate list of classes not allowed to be used by javascript templates

        The default is all allowed

        Parameters:
        javascriptDisallowedClasses - comma separated list of classes not allowed to be used

      • javascriptDisallowedText

        public String javascriptDisallowedText()

      • javascriptDisallowedText

        public Configuration javascriptDisallowedText​(String javascriptDisallowedText)
        Set comma separate list of text not allowed to be contained in javascript templates

        The default is all allowed

        Parameters:
        javascriptDisallowedText - comma separated list of text not allowed to be contained in javascript templates

      • velocityDisallowClassLoading

        public Boolean velocityDisallowClassLoading()

      • velocityDisallowClassLoading

        public Configuration velocityDisallowClassLoading​(Boolean velocityDisallowClassLoading)
        If true class loading is not allowed in velocity templates

        The default is false

        Parameters:
        velocityDisallowClassLoading - class loading is not allowed in velocity templates

      • velocityDisallowedText

        public String velocityDisallowedText()

      • velocityDisallowedText

        public Configuration velocityDisallowedText​(String velocityDisallowedText)
        Set comma separate list of text not allowed to be contained in velocity templates

        The default is all allowed

        Parameters:
        velocityDisallowedText - comma separated list of text not allowed to be contained in velocity templates

      • mustacheDisallowedText

        public String mustacheDisallowedText()

      • mustacheDisallowedText

        public Configuration mustacheDisallowedText​(String mustacheDisallowedText)
        Set comma separate list of text not allowed to be contained in mustache templates

        The default is all allowed

        Parameters:
        mustacheDisallowedText - comma separated list of text not allowed to be contained in mustache templates

      • initializationClass

        public String initializationClass()

      • initializationClass

        public Configuration initializationClass​(String initializationClass)
        The class (and package) used to initialize expectations in MockServer at startup, if set MockServer will load and call this class to initialize expectations when is starts.

        The default is null

        Parameters:
        initializationClass - class (and package) used to initialize expectations in MockServer at startup

      • initializationJsonPath

        public String initializationJsonPath()

      • initializationJsonPath

        public Configuration initializationJsonPath​(String initializationJsonPath)

        The path to the json file used to initialize expectations in MockServer at startup, if set MockServer will load this file and initialise expectations for each item in the file when is starts.

        The expected format of the file is a JSON array of expectations, as per the REST API format

        To watch multiple files use a file globs as documented here: https://mock-server.com/mock_server/initializing_expectations.html#expectation_initializer_json_glob_patterns

        Parameters:
        initializationJsonPath - path to the json file used to initialize expectations in MockServer at startup

      • initializationOpenAPIPath

        public String initializationOpenAPIPath()

      • initializationOpenAPIPath

        public Configuration initializationOpenAPIPath​(String initializationOpenAPIPath)

        The path to the OpenAPI spec file used to initialize expectations in MockServer at startup, if set MockServer will load this file and create expectations for each operation when it starts.

        The file can be a YAML (.yaml, .yml) or JSON (.json) OpenAPI v3 specification.

        To watch multiple files use file globs as documented here: https://mock-server.com/mock_server/initializing_expectations.html#expectation_initializer_json_glob_patterns

        Parameters:
        initializationOpenAPIPath - path to the OpenAPI spec file used to initialize expectations in MockServer at startup

      • openAPIContextPathPrefix

        public String openAPIContextPathPrefix()

      • openAPIContextPathPrefix

        public Configuration openAPIContextPathPrefix​(String openAPIContextPathPrefix)

        A path prefix to add to all paths generated from OpenAPI specifications.

        For example, if set to "/api/v1" then a path "/pets" from the spec becomes "/api/v1/pets".

        Parameters:
        openAPIContextPathPrefix - the path prefix to add to OpenAPI paths

      • openAPIResponseValidation

        public Boolean openAPIResponseValidation()

      • openAPIResponseValidation

        public Configuration openAPIResponseValidation​(Boolean openAPIResponseValidation)

        If enabled MockServer will validate that mock responses conform to the OpenAPI spec schema they were generated from.

        Validation is advisory only - responses are still returned to the client even if validation fails.

        The default is false

        Parameters:
        openAPIResponseValidation - if enabled mock responses will be validated against the OpenAPI spec schema

      • watchInitializationJson

        public Boolean watchInitializationJson()

      • watchInitializationJson

        public Configuration watchInitializationJson​(Boolean watchInitializationJson)

        If enabled the initialization json file will be watched for changes, any changes found will result in expectations being created, remove or updated by matching against their key.

        If duplicate keys exist only the last duplicate key in the file will be processed and all duplicates except the last duplicate will be removed.

        The order of expectations in the file is the order in which they are created if they are new, however, re-ordering existing expectations does not change the order they are matched against incoming requests.

        The default is false

        Parameters:
        watchInitializationJson - if enabled the initialization json file will be watched for changes

      • persistExpectations

        public Boolean persistExpectations()

      • persistExpectations

        public Configuration persistExpectations​(Boolean persistExpectations)
        Enable the persisting of expectations as json, which is updated whenever the expectation state is updated (i.e. add, clear, expires, etc.)

        The default is false

        Parameters:
        persistExpectations - the persisting of expectations as json

      • persistedExpectationsPath

        public String persistedExpectationsPath()

      • persistedExpectationsPath

        public Configuration persistedExpectationsPath​(String persistedExpectationsPath)
        The file path used to save persisted expectations as json, which is updated whenever the expectation state is updated (i.e. add, clear, expires, etc.)

        The default is "persistedExpectations.json"

        Parameters:
        persistedExpectationsPath - file path used to save persisted expectations as json

      • persistRecordedExpectations

        public Boolean persistRecordedExpectations()

      • persistRecordedExpectations

        public Configuration persistRecordedExpectations​(Boolean persistRecordedExpectations)
        Enable the persisting of recorded expectations (proxy traffic) as json, which is updated whenever a new request is forwarded

        The default is false

        Parameters:
        persistRecordedExpectations - the persisting of recorded expectations as json

      • persistedRecordedExpectationsPath

        public String persistedRecordedExpectationsPath()

      • persistedRecordedExpectationsPath

        public Configuration persistedRecordedExpectationsPath​(String persistedRecordedExpectationsPath)
        The file path used to save persisted recorded expectations as json, which is updated whenever a new request is forwarded

        The default is "persistedRecordedExpectations.json"

        Parameters:
        persistedRecordedExpectationsPath - file path used to save persisted recorded expectations as json

      • maximumNumberOfRequestToReturnInVerificationFailure

        public Integer maximumNumberOfRequestToReturnInVerificationFailure()

      • maximumNumberOfRequestToReturnInVerificationFailure

        public Configuration maximumNumberOfRequestToReturnInVerificationFailure​(Integer maximumNumberOfRequestToReturnInVerificationFailure)
        The maximum number of requests to return in verification failure result, if more expectations are found the failure result does not list them separately
        Parameters:
        maximumNumberOfRequestToReturnInVerificationFailure - maximum number of expectations to return in verification failure result

      • detailedVerificationFailures

        public Boolean detailedVerificationFailures()

      • detailedVerificationFailures

        public Configuration detailedVerificationFailures​(Boolean detailedVerificationFailures)
        If true (the default) verification failure messages include a detailed diff showing which fields did not match for the closest matching request.
        Parameters:
        detailedVerificationFailures - enabled detailed verification failure messages

      • attemptToProxyIfNoMatchingExpectation

        public Boolean attemptToProxyIfNoMatchingExpectation()

      • attemptToProxyIfNoMatchingExpectation

        public Configuration attemptToProxyIfNoMatchingExpectation​(Boolean attemptToProxyIfNoMatchingExpectation)
        If true (the default) when no matching expectation is found, and the host header of the request does not match MockServer's host, then MockServer attempts to proxy the request if that fails then a 404 is returned. If false when no matching expectation is found, and MockServer is not being used as a proxy, then MockServer always returns a 404 immediately.
        Parameters:
        attemptToProxyIfNoMatchingExpectation - enables automatically attempted proxying of request that don't match an expectation and look like they should be proxied

      • forwardHttpProxy

        public Configuration forwardHttpProxy​(InetSocketAddress forwardHttpProxy)
        Use HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

        The default is null

        Parameters:
        forwardHttpProxy - host and port for HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

      • forwardHttpsProxy

        public Configuration forwardHttpsProxy​(InetSocketAddress forwardHttpsProxy)
        Use HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests, supports TLS tunnelling of HTTPS requests

        The default is null

        Parameters:
        forwardHttpsProxy - host and port for HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

      • forwardSocksProxy

        public Configuration forwardSocksProxy​(InetSocketAddress forwardSocksProxy)
        Use SOCKS proxy for all outbound / forwarded requests, support TLS tunnelling of TCP connections

        The default is null

        Parameters:
        forwardSocksProxy - host and port for SOCKS proxy for all outbound / forwarded requests

      • forwardProxyAuthenticationUsername

        public String forwardProxyAuthenticationUsername()

      • forwardProxyAuthenticationUsername

        public Configuration forwardProxyAuthenticationUsername​(String forwardProxyAuthenticationUsername)

        Username for proxy authentication when using HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

        Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

        The default is null

        Parameters:
        forwardProxyAuthenticationUsername - username for proxy authentication

      • forwardProxyAuthenticationPassword

        public String forwardProxyAuthenticationPassword()

      • forwardProxyAuthenticationPassword

        public Configuration forwardProxyAuthenticationPassword​(String forwardProxyAuthenticationPassword)

        Password for proxy authentication when using HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

        Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

        The default is null

        Parameters:
        forwardProxyAuthenticationPassword - password for proxy authentication

      • proxyAuthenticationRealm

        public String proxyAuthenticationRealm()

      • proxyAuthenticationRealm

        public Configuration proxyAuthenticationRealm​(String proxyAuthenticationRealm)
        The authentication realm for proxy authentication to MockServer
        Parameters:
        proxyAuthenticationRealm - the authentication realm for proxy authentication

      • proxyAuthenticationUsername

        public String proxyAuthenticationUsername()

      • proxyAuthenticationUsername

        public Configuration proxyAuthenticationUsername​(String proxyAuthenticationUsername)

        The required username for proxy authentication to MockServer

        Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

        The default is ""

        Parameters:
        proxyAuthenticationUsername - required username for proxy authentication to MockServer

      • proxyAuthenticationPassword

        public String proxyAuthenticationPassword()

      • proxyAuthenticationPassword

        public Configuration proxyAuthenticationPassword​(String proxyAuthenticationPassword)

        The required password for proxy authentication to MockServer

        Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

        The default is ""

        Parameters:
        proxyAuthenticationPassword - required password for proxy authentication to MockServer

      • noProxyHosts

        public String noProxyHosts()

      • noProxyHosts

        public Configuration noProxyHosts​(String noProxyHosts)

        The list of hostnames to not use the configured proxy. Several values may be present, seperated by comma (,)

        The default is ""
        Parameters:
        noProxyHosts - Comma-seperated list of hosts to not be proxied.

      • proxyRemoteHost

        public String proxyRemoteHost()

      • proxyRemoteHost

        public Configuration proxyRemoteHost​(String proxyRemoteHost)
        The hostname of the remote server to proxy all requests to. When set, unmatched requests are forwarded to this host.
        Parameters:
        proxyRemoteHost - the hostname to forward requests to

      • proxyRemotePort

        public Integer proxyRemotePort()

      • proxyRemotePort

        public Configuration proxyRemotePort​(Integer proxyRemotePort)
        The port of the remote server to proxy all requests to. Must be specified together with proxyRemoteHost.
        Parameters:
        proxyRemotePort - the port to forward requests to

      • forwardAdjustHostHeader

        public Boolean forwardAdjustHostHeader()

      • forwardAdjustHostHeader

        public Configuration forwardAdjustHostHeader​(Boolean forwardAdjustHostHeader)
        If true (the default) the Host header will be automatically adjusted to match the target server when forwarding requests. This prevents HTTP 421 Misdirected Request errors when the target server validates Host headers. If false the original Host header is preserved.
        Parameters:
        forwardAdjustHostHeader - enables automatic Host header adjustment for forwarded requests

      • forwardDefaultHostHeader

        public String forwardDefaultHostHeader()

      • forwardDefaultHostHeader

        public Configuration forwardDefaultHostHeader​(String forwardDefaultHostHeader)
        Set a default Host header value to use when forwarding requests. When set, the Host header will be overridden with this value for all forwarded requests, regardless of the target server's address. This is useful when the target server routes requests based on the Host header.
        Parameters:
        forwardDefaultHostHeader - the Host header value to set on forwarded requests

      • proxyPassMappings

        public Configuration proxyPassMappings​(List<ProxyPassMapping> proxyPassMappings)
        Configure ProxyPass mappings that map incoming path prefixes to upstream servers with automatic path rewriting.
        Parameters:
        proxyPassMappings - list of ProxyPassMapping objects

      • globalResponseDelayMillis

        public Long globalResponseDelayMillis()

      • globalResponseDelayMillis

        public Configuration globalResponseDelayMillis​(Long globalResponseDelayMillis)

      • livenessHttpGetPath

        public String livenessHttpGetPath()

      • livenessHttpGetPath

        public Configuration livenessHttpGetPath​(String livenessHttpGetPath)
        Path to support HTTP GET requests for status response (also available on PUT /mockserver/status).

        If this value is not modified then only PUT /mockserver/status but is a none blank value is provided for this value then GET requests to this path will return the 200 Ok status response showing the MockServer version and bound ports.

        A GET request to this path will be matched before any expectation matching or proxying of requests.

        The default is ""

        Parameters:
        livenessHttpGetPath - path to support HTTP GET requests for status response

      • controlPlaneTLSMutualAuthenticationRequired

        public Boolean controlPlaneTLSMutualAuthenticationRequired()

      • controlPlaneTLSMutualAuthenticationRequired

        public Configuration controlPlaneTLSMutualAuthenticationRequired​(Boolean controlPlaneTLSMutualAuthenticationRequired)
        Require mTLS (also called client authentication and two-way TLS) for all control plane requests
        Parameters:
        controlPlaneTLSMutualAuthenticationRequired - TLS mutual authentication for all control plane requests

      • controlPlaneTLSMutualAuthenticationCAChain

        public String controlPlaneTLSMutualAuthenticationCAChain()

      • controlPlaneTLSMutualAuthenticationCAChain

        public Configuration controlPlaneTLSMutualAuthenticationCAChain​(String controlPlaneTLSMutualAuthenticationCAChain)
        File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for control plane mTLS authentication

        The X.509 Certificate Chain is for trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

        This certificate chain will be used for to performs mTLS (client authentication) for inbound TLS connections if controlPlaneTLSMutualAuthenticationRequired is enabled

        Parameters:
        controlPlaneTLSMutualAuthenticationCAChain - File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates

      • controlPlanePrivateKeyPath

        public String controlPlanePrivateKeyPath()

      • controlPlanePrivateKeyPath

        public Configuration controlPlanePrivateKeyPath​(String controlPlanePrivateKeyPath)
        File system path or classpath location of a fixed custom private key for control plane connections using mTLS for authentication.

        The private key must be a PKCS#8 or PKCS#1 PEM file and must be the private key corresponding to the controlPlaneX509CertificatePath X509 (public key) configuration. The controlPlaneTLSMutualAuthenticationCAChain configuration must be the Certificate Authority for the corresponding X509 certificate (i.e. able to valid its signature).

        To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

        This configuration will be ignored unless x509CertificatePath is also set.

        Parameters:
        controlPlanePrivateKeyPath - location of the PKCS#8 PEM file containing the private key

      • controlPlaneX509CertificatePath

        public String controlPlaneX509CertificatePath()

      • controlPlaneX509CertificatePath

        public Configuration controlPlaneX509CertificatePath​(String controlPlaneX509CertificatePath)
        File system path or classpath location of a fixed custom X.509 Certificate for control plane connections using mTLS for authentication.

        The certificate must be a X509 PEM file and must be the public key corresponding to the controlPlanePrivateKeyPath private key configuration. The controlPlaneTLSMutualAuthenticationCAChain configuration must be the Certificate Authority for this certificate (i.e. able to valid its signature).

        This configuration will be ignored unless privateKeyPath is also set.

        Parameters:
        controlPlaneX509CertificatePath - location of the PEM file containing the X509 certificate

      • controlPlaneJWTAuthenticationRequired

        public Boolean controlPlaneJWTAuthenticationRequired()

      • controlPlaneJWTAuthenticationRequired

        public Configuration controlPlaneJWTAuthenticationRequired​(Boolean controlPlaneJWTAuthenticationRequired)

        Require JWT authentication for all control plane requests

        Parameters:
        controlPlaneJWTAuthenticationRequired - TLS mutual authentication for all control plane requests

      • controlPlaneJWTAuthenticationJWKSource

        public String controlPlaneJWTAuthenticationJWKSource()

      • controlPlaneJWTAuthenticationJWKSource

        public Configuration controlPlaneJWTAuthenticationJWKSource​(String controlPlaneJWTAuthenticationJWKSource)

        JWK source used when JWT authentication is enabled for control plane requests

        JWK source can be a file system path, classpath location or a URL

        See: https://openid.net/specs/draft-jones-json-web-key-03.html

        Parameters:
        controlPlaneJWTAuthenticationJWKSource - file system path, classpath location or a URL of JWK source

      • controlPlaneJWTAuthenticationExpectedAudience

        public String controlPlaneJWTAuthenticationExpectedAudience()

      • controlPlaneJWTAuthenticationExpectedAudience

        public Configuration controlPlaneJWTAuthenticationExpectedAudience​(String controlPlaneJWTAuthenticationExpectedAudience)

        Audience claim (i.e. aud) required when JWT authentication is enabled for control plane requests

        Parameters:
        controlPlaneJWTAuthenticationExpectedAudience - required value for audience claim (i.e. aud)

      • controlPlaneJWTAuthenticationMatchingClaims

        public Map<String,​String> controlPlaneJWTAuthenticationMatchingClaims()

      • controlPlaneJWTAuthenticationMatchingClaims

        public Configuration controlPlaneJWTAuthenticationMatchingClaims​(Map<String,​String> controlPlaneJWTAuthenticationMatchingClaims)

        Matching claims expected when JWT authentication is enabled for control plane requests

        Value should be string with comma separated key=value items, for example: scope=internal public,sub=some_subject

        Parameters:
        controlPlaneJWTAuthenticationMatchingClaims - required values for claims

      • controlPlaneJWTAuthenticationRequiredClaims

        public Set<String> controlPlaneJWTAuthenticationRequiredClaims()

      • controlPlaneJWTAuthenticationRequiredClaims

        public Configuration controlPlaneJWTAuthenticationRequiredClaims​(Set<String> controlPlaneJWTAuthenticationRequiredClaims)

        Required claims that should exist (i.e. with any value) when JWT authentication is enabled for control plane requests

        Value should be string with comma separated values, for example: scope,sub

        Parameters:
        controlPlaneJWTAuthenticationRequiredClaims - required claims

      • proactivelyInitialiseTLS

        public Boolean proactivelyInitialiseTLS()

      • proactivelyInitialiseTLS

        public Configuration proactivelyInitialiseTLS​(Boolean proactivelyInitialiseTLS)

        Proactively initialise TLS during start to ensure that if dynamicallyCreateCertificateAuthorityCertificate is enabled the Certificate Authority X.509 Certificate and Private Key will be created during start up and not when the first TLS connection is received.

        This setting will also ensure any configured private key and X.509 will be loaded during start up and not when the first TLS connection is received to give immediate feedback on any related TLS configuration errors.

        Parameters:
        proactivelyInitialiseTLS - proactively initialise TLS at startup

      • rebuildTLSContext

        public boolean rebuildTLSContext()

      • rebuildTLSContext

        public Configuration rebuildTLSContext​(boolean rebuildTLSContext)

      • rebuildServerTLSContext

        public boolean rebuildServerTLSContext()

      • rebuildServerTLSContext

        public Configuration rebuildServerTLSContext​(boolean rebuildServerTLSContext)

      • tlsProtocols

        public String tlsProtocols()

      • tlsProtocols

        public Configuration tlsProtocols​(String tlsProtocols)
        Comma seperated list of TLS protocols, by default TLSv1,TLSv1.1,TLSv1.2
        Parameters:
        tlsProtocols - comma seperated list of TLS protocols

      • tlsAllowInsecureProtocols

        public Boolean tlsAllowInsecureProtocols()

      • tlsAllowInsecureProtocols

        public Configuration tlsAllowInsecureProtocols​(Boolean tlsAllowInsecureProtocols)
        Whether to allow TLSv1 and TLSv1.1 in the effective TLS protocols list. Both are deprecated by RFC 8996 and vulnerable to BEAST and POODLE. The default is true for backwards compatibility; set to false to opt into a hardened profile that filters TLSv1 and TLSv1.1 out of tlsProtocols.
        Parameters:
        tlsAllowInsecureProtocols - if true, TLSv1 and TLSv1.1 are honoured; if false, they are stripped

      • dynamicallyCreateCertificateAuthorityCertificate

        public Boolean dynamicallyCreateCertificateAuthorityCertificate()

      • dynamicallyCreateCertificateAuthorityCertificate

        public Configuration dynamicallyCreateCertificateAuthorityCertificate​(Boolean dynamicallyCreateCertificateAuthorityCertificate)
        Enable dynamic creation of Certificate Authority X509 certificate and private key.

        Enable this property to increase the security of trusting the MockServer Certificate Authority X509 by ensuring a local dynamic value is used instead of the public value in the MockServer git repo.

        These PEM files will be created and saved in the directory specified with configuration property directoryToSaveDynamicSSLCertificate.

        Parameters:
        dynamicallyCreateCertificateAuthorityCertificate - dynamic creation of Certificate Authority X509 certificate and private key.

      • directoryToSaveDynamicSSLCertificate

        public String directoryToSaveDynamicSSLCertificate()

      • directoryToSaveDynamicSSLCertificate

        public Configuration directoryToSaveDynamicSSLCertificate​(String directoryToSaveDynamicSSLCertificate)
        Directory used to save the dynamically generated Certificate Authority X.509 Certificate and Private Key.
        Parameters:
        directoryToSaveDynamicSSLCertificate - directory to save Certificate Authority X.509 Certificate and Private Key

      • preventCertificateDynamicUpdate

        public Boolean preventCertificateDynamicUpdate()

      • preventCertificateDynamicUpdate

        public Configuration preventCertificateDynamicUpdate​(Boolean preventCertificateDynamicUpdate)
        Prevent certificates from dynamically updating when domain list changes
        Parameters:
        preventCertificateDynamicUpdate - prevent certificates from dynamically updating when domain list changes

      • sslCertificateDomainName

        public String sslCertificateDomainName()

      • sslCertificateDomainName

        public Configuration sslCertificateDomainName​(String sslCertificateDomainName)
        The domain name for auto-generate TLS certificates

        The default is "localhost"

        Parameters:
        sslCertificateDomainName - domain name for auto-generate TLS certificates

      • sslSubjectAlternativeNameDomains

        public Set<String> sslSubjectAlternativeNameDomains()

      • sslSubjectAlternativeNameDomains

        public Configuration sslSubjectAlternativeNameDomains​(String... sslSubjectAlternativeNameDomains)
        The Subject Alternative Name (SAN) domain names for auto-generate TLS certificates

        The default is "localhost"

        Parameters:
        sslSubjectAlternativeNameDomains - Subject Alternative Name (SAN) domain names for auto-generate TLS certificates

      • sslSubjectAlternativeNameDomains

        public Configuration sslSubjectAlternativeNameDomains​(Set<String> sslSubjectAlternativeNameDomains)
        The Subject Alternative Name (SAN) domain names for auto-generate TLS certificates

        The default is "localhost"

        Parameters:
        sslSubjectAlternativeNameDomains - Subject Alternative Name (SAN) domain names for auto-generate TLS certificates

      • sslSubjectAlternativeNameIps

        public Set<String> sslSubjectAlternativeNameIps()

      • sslSubjectAlternativeNameIps

        public Configuration sslSubjectAlternativeNameIps​(String... sslSubjectAlternativeNameIps)

        The Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates

        The default is 127.0.0.1, 0.0.0.0

        Parameters:
        sslSubjectAlternativeNameIps - Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates

      • sslSubjectAlternativeNameIps

        public Configuration sslSubjectAlternativeNameIps​(Set<String> sslSubjectAlternativeNameIps)

        The Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates

        The default is 127.0.0.1, 0.0.0.0

        Parameters:
        sslSubjectAlternativeNameIps - Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates

      • certificateAuthorityPrivateKey

        public String certificateAuthorityPrivateKey()

      • certificateAuthorityPrivateKey

        public Configuration certificateAuthorityPrivateKey​(String certificateAuthorityPrivateKey)
        File system path or classpath location of custom Private Key for Certificate Authority for TLS, the private key must be a PKCS#8 or PKCS#1 PEM file and must match the certificateAuthorityCertificate To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

        The path is not file-existence-checked here because dynamic CA generation (dynamicallyCreateCertificateAuthorityCertificate) sets this to the destination path before the file is written. Typos in user-supplied paths are surfaced by CertificateConfigurationValidator at TLS-init time.

        Parameters:
        certificateAuthorityPrivateKey - location of the PEM file containing the certificate authority private key

      • certificateAuthorityCertificate

        public String certificateAuthorityCertificate()

      • certificateAuthorityCertificate

        public Configuration certificateAuthorityCertificate​(String certificateAuthorityCertificate)
        File system path or classpath location of custom X.509 Certificate for Certificate Authority for TLS, the certificate must be a X509 PEM file and must match the certificateAuthorityPrivateKey

        The path is not file-existence-checked here because dynamic CA generation (dynamicallyCreateCertificateAuthorityCertificate) sets this to the destination path before the file is written. Typos in user-supplied paths are surfaced by CertificateConfigurationValidator at TLS-init time.

        Parameters:
        certificateAuthorityCertificate - location of the PEM file containing the certificate authority X509 certificate

      • privateKeyPath

        public String privateKeyPath()

      • privateKeyPath

        public Configuration privateKeyPath​(String privateKeyPath)
        File system path or classpath location of a fixed custom private key for TLS connections into MockServer.

        The private key must be a PKCS#8 or PKCS#1 PEM file and must be the private key corresponding to the x509CertificatePath X509 (public key) configuration. The certificateAuthorityCertificate configuration must be the Certificate Authority for the corresponding X509 certificate (i.e. able to valid its signature), see: x509CertificatePath.

        To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

        This configuration will be ignored unless x509CertificatePath is also set.

        The path is not file-existence-checked here because dynamic SSL certificate generation sets this to the destination path before the file is written. Typos in user-supplied paths are surfaced by CertificateConfigurationValidator at TLS-init time.

        Parameters:
        privateKeyPath - location of the PKCS#8 PEM file containing the private key

      • x509CertificatePath

        public String x509CertificatePath()

      • x509CertificatePath

        public Configuration x509CertificatePath​(String x509CertificatePath)
        File system path or classpath location of a fixed custom X.509 Certificate for TLS connections into MockServer.

        The certificate must be a X509 PEM file and must be the public key corresponding to the privateKeyPath private key configuration. The certificateAuthorityCertificate configuration must be the Certificate Authority for this certificate (i.e. able to valid its signature).

        This configuration will be ignored unless privateKeyPath is also set.

        The path is not file-existence-checked here because dynamic SSL certificate generation sets this to the destination path before the file is written. Typos in user-supplied paths are surfaced by CertificateConfigurationValidator at TLS-init time.

        Parameters:
        x509CertificatePath - location of the PEM file containing the X509 certificate

      • tlsMutualAuthenticationRequired

        public Boolean tlsMutualAuthenticationRequired()

      • tlsMutualAuthenticationRequired

        public Configuration tlsMutualAuthenticationRequired​(Boolean tlsMutualAuthenticationRequired)
        Require mTLS (also called client authentication and two-way TLS) for all TLS connections / HTTPS requests to MockServer
        Parameters:
        tlsMutualAuthenticationRequired - TLS mutual authentication

      • tlsMutualAuthenticationCertificateChain

        public String tlsMutualAuthenticationCertificateChain()

      • tlsMutualAuthenticationCertificateChain

        public Configuration tlsMutualAuthenticationCertificateChain​(String tlsMutualAuthenticationCertificateChain)
        File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

        This certificate chain will be used if MockServer performs mTLS (client authentication) for inbound TLS connections because tlsMutualAuthenticationRequired is enabled

        Parameters:
        tlsMutualAuthenticationCertificateChain - File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates

      • forwardProxyTLSX509CertificatesTrustManagerType

        public Configuration forwardProxyTLSX509CertificatesTrustManagerType​(ForwardProxyTLSX509CertificatesTrustManager forwardProxyTLSX509CertificatesTrustManagerType)
        Configure trusted set of certificates for forwarded or proxied requests.

        MockServer will only be able to establish a TLS connection to endpoints that have a trusted X509 certificate according to the trust manager type, as follows:

        ALL - Insecure will trust all X509 certificates and not perform host name verification. JVM - Will trust all X509 certificates trust by the JVM. CUSTOM - Will trust all X509 certificates specified in forwardProxyTLSCustomTrustX509Certificates configuration value.

        Parameters:
        forwardProxyTLSX509CertificatesTrustManagerType - trusted set of certificates for forwarded or proxied requests, allowed values: ALL, JVM, CUSTOM.

      • forwardProxyBlockPrivateNetworks

        public Boolean forwardProxyBlockPrivateNetworks()

      • forwardProxyBlockPrivateNetworks

        public Configuration forwardProxyBlockPrivateNetworks​(Boolean forwardProxyBlockPrivateNetworks)
        When set to true, MockServer rejects forward and proxy targets that resolve to loopback, link-local, RFC 1918 private, or cloud metadata addresses (such as 169.254.169.254), blocking server-side request forgery (SSRF) via malicious expectations.

        The default is false so that the common case of forwarding to localhost / Docker bridge / Kubernetes service IPs continues to work. Enable this in hardened or multi-tenant deployments where untrusted callers can register expectations.

        Parameters:
        forwardProxyBlockPrivateNetworks - if true, block forwarding to private or metadata addresses

      • forwardProxyTLSCustomTrustX509Certificates

        public String forwardProxyTLSCustomTrustX509Certificates()

      • forwardProxyTLSCustomTrustX509Certificates

        public Configuration forwardProxyTLSCustomTrustX509Certificates​(String forwardProxyTLSCustomTrustX509Certificates)
        File system path or classpath location of custom file for trusted X509 Certificate Authority roots for forwarded or proxied requests, the certificate chain must be a X509 PEM file.

        MockServer will only be able to establish a TLS connection to endpoints that have an X509 certificate chain that is signed by one of the provided custom certificates, i.e. where a path can be established from the endpoints X509 certificate to one or more of the custom X509 certificates provided.

        Parameters:
        forwardProxyTLSCustomTrustX509Certificates - custom set of trusted X509 certificate authority roots for forwarded or proxied requests in PEM format.

      • forwardProxyPrivateKey

        public String forwardProxyPrivateKey()

      • forwardProxyPrivateKey

        public Configuration forwardProxyPrivateKey​(String forwardProxyPrivateKey)
        File system path or classpath location of custom Private Key for proxied TLS connections out of MockServer, the private key must be a PKCS#8 or PKCS#1 PEM file

        To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

        This private key will be used if MockServer needs to perform mTLS (client authentication) for outbound TLS connections.

        Parameters:
        forwardProxyPrivateKey - location of the PEM file containing the private key

      • forwardProxyCertificateChain

        public String forwardProxyCertificateChain()

      • forwardProxyCertificateChain

        public Configuration forwardProxyCertificateChain​(String forwardProxyCertificateChain)
        File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

        This certificate chain will be used if MockServer needs to perform mTLS (client authentication) for outbound TLS connections.

        Parameters:
        forwardProxyCertificateChain - location of the PEM file containing the certificate chain

      • addSubjectAlternativeName

        public void addSubjectAlternativeName​(String host)

      • addSslSubjectAlternativeNameIps

        public void addSslSubjectAlternativeNameIps​(String... additionalSubjectAlternativeNameIps)

      • clearSslSubjectAlternativeNameIps

        public void clearSslSubjectAlternativeNameIps()

      • addSslSubjectAlternativeNameDomains

        public void addSslSubjectAlternativeNameDomains​(String... additionalSubjectAlternativeNameDomains)

      • clearSslSubjectAlternativeNameDomains

        public void clearSslSubjectAlternativeNameDomains()

      • ringBufferSize

        public int ringBufferSize()