Package org.mockserver.configuration

Class ConfigurationProperties

  • public class ConfigurationProperties
extends Object
    Author:
    jamesdbloom

    • Field Detail

      • DEFAULT_CERTIFICATE_AUTHORITY_PRIVATE_KEY

        public static final String DEFAULT_CERTIFICATE_AUTHORITY_PRIVATE_KEY
        See Also:
        Constant Field Values

      • DEFAULT_CERTIFICATE_AUTHORITY_X509_CERTIFICATE

        public static final String DEFAULT_CERTIFICATE_AUTHORITY_X509_CERTIFICATE
        See Also:
        Constant Field Values

      • PROPERTIES

        public static final Properties PROPERTIES

    • Constructor Detail

      • ConfigurationProperties

        public ConfigurationProperties()

    • Method Detail

      • logLevel

        public static org.slf4j.event.Level logLevel()

      • javaLoggerLogLevel

        public static String javaLoggerLogLevel()

      • logLevel

        public static void logLevel​(String level)
        Override the default logging level of INFO
        Parameters:
        level - the log level, which can be TRACE, DEBUG, INFO, WARN, ERROR, OFF, FINEST, FINE, INFO, WARNING, SEVERE

      • temporaryLogLevel

        public static void temporaryLogLevel​(String level,
                                     Runnable runnable)

      • disableSystemOut

        public static boolean disableSystemOut()

      • disableSystemOut

        public static void disableSystemOut​(boolean disable)
        Disable printing log to system out for JVM, default is enabled
        Parameters:
        disable - printing log to system out for JVM

      • disableLogging

        public static boolean disableLogging()

      • disableLogging

        public static void disableLogging​(boolean disable)
        Disable all logging and processing of log events

        The default is false

        Parameters:
        disable - disable all logging

      • detailedMatchFailures

        public static boolean detailedMatchFailures()

      • detailedMatchFailures

        public static void detailedMatchFailures​(boolean enable)
        If true (the default) the log event recording that a request matcher did not match will include a detailed reason why each non matching field did not match.
        Parameters:
        enable - enabled detailed match failure log events

      • launchUIForLogLevelDebug

        public static boolean launchUIForLogLevelDebug()

      • launchUIForLogLevelDebug

        public static void launchUIForLogLevelDebug​(boolean enable)
        If true (the default) the ClientAndServer constructor will open the UI in the default browser when the log level is set to DEBUG.
        Parameters:
        enable - enabled ClientAndServer constructor launching UI when log level is DEBUG

      • metricsEnabled

        public static boolean metricsEnabled()

      • metricsEnabled

        public static void metricsEnabled​(boolean enable)
        Enable gathering of metrics, default is false
        Parameters:
        enable - enable metrics

      • mcpEnabled

        public static boolean mcpEnabled()

      • mcpEnabled

        public static void mcpEnabled​(boolean enable)
        Enable or disable the MCP (Model Context Protocol) endpoint, default is true
        Parameters:
        enable - enable MCP endpoint

      • grpcDescriptorDirectory

        public static String grpcDescriptorDirectory()

      • grpcDescriptorDirectory

        public static void grpcDescriptorDirectory​(String directory)

      • grpcProtoDirectory

        public static String grpcProtoDirectory()

      • grpcProtoDirectory

        public static void grpcProtoDirectory​(String directory)

      • grpcEnabled

        public static boolean grpcEnabled()

      • grpcEnabled

        public static void grpcEnabled​(boolean enable)

      • grpcProtocPath

        public static String grpcProtocPath()

      • grpcProtocPath

        public static void grpcProtocPath​(String path)

      • dnsEnabled

        public static boolean dnsEnabled()

      • dnsEnabled

        public static void dnsEnabled​(boolean enable)

      • dnsPort

        public static int dnsPort()

      • dnsPort

        public static void dnsPort​(int port)

      • logLevelOverrides

        public static Map<String,​String> logLevelOverrides()

      • logLevelOverrides

        public static void logLevelOverrides​(Map<String,​String> overrides)
        Override the log level for specific log message type categories or individual log message types.

        Keys can be category group names (MATCHING, REQUEST_LIFECYCLE, EXPECTATION_MANAGEMENT, VERIFICATION, SERVER, GENERAL) or individual LogMessageType names (e.g., EXPECTATION_NOT_MATCHED, FORWARDED_REQUEST). Values are SLF4J log level names (TRACE, DEBUG, INFO, WARN, ERROR). Resolution order: individual type override > category group override > global logLevel.

        Parameters:
        overrides - map of category/type names to log level names

      • compactLogFormat

        public static boolean compactLogFormat()

      • compactLogFormat

        public static void compactLogFormat​(boolean enable)
        When enabled, log messages written to stdout/SLF4J use a compact single-line format showing summary information (e.g., method, path, status code, expectation ID) instead of full JSON-serialized request and response details. The dashboard UI, verification, and log retrieval APIs are not affected.
        Parameters:
        enable - enable compact log format

      • heapAvailableInKB

        public static long heapAvailableInKB()

      • maxExpectations

        public static int maxExpectations()

      • maxExpectations

        public static void maxExpectations​(int count)

        Maximum number of expectations stored in memory. Expectations are stored in a circular queue so once this limit is reach the oldest and lowest priority expectations are overwritten

        The default maximum depends on the available memory in the JVM with an upper limit of 15000

        Parameters:
        count - maximum number of expectations to store

      • maxLogEntries

        public static int maxLogEntries()

      • maxLogEntries

        public static void maxLogEntries​(int count)

        Maximum number of log entries stored in memory. Log entries are stored in a circular queue so once this limit is reach the oldest log entries are overwritten.

        The default maximum depends on the available memory in the JVM with an upper limit of 100000, but can be overridden using defaultMaxLogEntries

        Parameters:
        count - maximum number of expectations to store

      • maxWebSocketExpectations

        public static int maxWebSocketExpectations()

      • maxWebSocketExpectations

        public static void maxWebSocketExpectations​(int count)

        Maximum number of remote (not the same JVM) method callbacks (i.e. web sockets) registered for expectations. The web socket client registry entries are stored in a circular queue so once this limit is reach the oldest are overwritten.

        The default is 1500

        Parameters:
        count - maximum number of method callbacks (i.e. web sockets) registered for expectations

      • outputMemoryUsageCsv

        public static boolean outputMemoryUsageCsv()

      • outputMemoryUsageCsv

        public static void outputMemoryUsageCsv​(boolean enable)

        Output JVM memory usage metrics to CSV file periodically called memoryUsage_<yyyy-MM-dd>.csv

        Parameters:
        enable - output of JVM memory metrics

      • memoryUsageCsvDirectory

        public static String memoryUsageCsvDirectory()

      • memoryUsageCsvDirectory

        public static void memoryUsageCsvDirectory​(String directory)

        Directory to output JVM memory usage metrics CSV files to when outputMemoryUsageCsv enabled

        Parameters:
        directory - directory to save JVM memory metrics CSV files

      • nioEventLoopThreadCount

        public static int nioEventLoopThreadCount()

      • nioEventLoopThreadCount

        public static void nioEventLoopThreadCount​(int count)

        Netty worker thread pool size for handling requests and response. These threads are used for fast non-blocking activities such as, reading and de-serialise all requests and responses.

        Parameters:
        count - Netty worker thread pool size

      • actionHandlerThreadCount

        public static int actionHandlerThreadCount()

      • actionHandlerThreadCount

        public static void actionHandlerThreadCount​(int count)

        Number of threads for the action handler thread pool

        These threads are used for handling actions such as:

        • serialising and writing expectation or proxied responses
        • handling response delays in a non-blocking way (i.e. using a scheduler)
        • executing class callbacks
        • handling method / closure callbacks (using web sockets)

        Default is maximum of 5 or available processors count

        Parameters:
        count - Netty worker thread pool size

      • clientNioEventLoopThreadCount

        public static int clientNioEventLoopThreadCount()

      • clientNioEventLoopThreadCount

        public static void clientNioEventLoopThreadCount​(int count)

        Client Netty worker thread pool size for handling requests and response. These threads handle deserializing and serialising HTTP requests and responses and some other fast logic.

        Default is 5 threads

        Parameters:
        count - Client Netty worker thread pool size

      • webSocketClientEventLoopThreadCount

        public static int webSocketClientEventLoopThreadCount()

      • webSocketClientEventLoopThreadCount

        public static void webSocketClientEventLoopThreadCount​(int count)

        Web socket thread pool size for expectations with remote (not the same JVM) method callbacks (i.e. web sockets).

        Default is 5 threads

        Parameters:
        count - web socket worker thread pool size

      • maxFutureTimeout

        public static long maxFutureTimeout()

      • maxFutureTimeout

        public static void maxFutureTimeout​(long milliseconds)
        Maximum time allowed in milliseconds for any future to wait, for example when waiting for a response over a web socket callback.

        Default is 90,000 ms

        Parameters:
        milliseconds - maximum time allowed in milliseconds

      • matchersFailFast

        public static boolean matchersFailFast()

      • matchersFailFast

        public static void matchersFailFast​(boolean enable)
        If true (the default) request matchers will fail on the first non-matching field, if false request matchers will compare all fields. This is useful to see all mismatching fields in the log event recording that a request matcher did not match.
        Parameters:
        enable - enabled request matchers failing fast

      • maxSocketTimeout

        public static long maxSocketTimeout()

      • maxSocketTimeout

        public static void maxSocketTimeout​(long milliseconds)
        Maximum time in milliseconds allowed for a response from a socket

        Default is 20,000 ms

        Parameters:
        milliseconds - maximum time in milliseconds allowed

      • socketConnectionTimeout

        public static long socketConnectionTimeout()

      • socketConnectionTimeout

        public static void socketConnectionTimeout​(long milliseconds)
        Maximum time in milliseconds allowed to connect to a socket

        Default is 20,000 ms

        Parameters:
        milliseconds - maximum time allowed in milliseconds

      • connectionDelayMillis

        public static long connectionDelayMillis()

      • connectionDelayMillis

        public static void connectionDelayMillis​(long milliseconds)

      • alwaysCloseSocketConnections

        public static void alwaysCloseSocketConnections​(boolean alwaysClose)

        If true socket connections will always be closed after a response is returned, if false connection is only closed if request header indicate connection should be closed.

        Default is false

        Parameters:
        alwaysClose - true socket connections will always be closed after a response is returned

      • alwaysCloseSocketConnections

        public static boolean alwaysCloseSocketConnections()

      • streamingResponsesEnabled

        public static boolean streamingResponsesEnabled()

      • streamingResponsesEnabled

        public static void streamingResponsesEnabled​(boolean enable)
        If true (the default) streaming responses (Server-Sent Events with Content-Type: text/event-stream) received while proxying are relayed to the client incrementally as they arrive, instead of being fully buffered before being forwarded. This keeps streaming APIs (such as LLM APIs) responsive when proxied. Only SSE responses are detected as streaming; ordinary chunked responses are aggregated normally.

        Default is true

        Parameters:
        enable - enable incremental relay of streaming responses while proxying

      • maxStreamingCaptureBytes

        public static int maxStreamingCaptureBytes()

      • maxStreamingCaptureBytes

        public static void maxStreamingCaptureBytes​(int bytes)
        The maximum number of bytes of a streaming response body captured into the event log while relaying it. The full stream is always relayed to the client; this only bounds how much is retained for the dashboard and retrieve API. Once exceeded the logged body is truncated and flagged.

        Default is 262144 (256 KB)

        Parameters:
        bytes - maximum number of streaming response body bytes captured into the event log

      • streamIdleTimeoutSeconds

        public static int streamIdleTimeoutSeconds()

      • streamIdleTimeoutSeconds

        public static void streamIdleTimeoutSeconds​(int seconds)
        The maximum time in seconds a streaming response connection may be idle (no chunk received) before it is considered dead and closed. This replaces the fixed socket timeout for streaming responses, which would otherwise terminate long-lived streams.

        Default is 60 seconds

        Parameters:
        seconds - maximum idle time in seconds between streaming response chunks

      • localBoundIP

        public static String localBoundIP()

      • localBoundIP

        public static void localBoundIP​(String localBoundIP)
        The local IP address to bind to for accepting new socket connections

        Default is 0.0.0.0

        Parameters:
        localBoundIP - local IP address to bind to for accepting new socket connections

      • maxInitialLineLength

        public static int maxInitialLineLength()

      • maxInitialLineLength

        public static void maxInitialLineLength​(int length)
        Maximum size of the first line of an HTTP request

        The default is Integer.MAX_VALUE

        Parameters:
        length - maximum size of the first line of an HTTP request

      • maxHeaderSize

        public static int maxHeaderSize()

      • maxHeaderSize

        public static void maxHeaderSize​(int size)
        Maximum size of HTTP request headers

        The default is Integer.MAX_VALUE

        Parameters:
        size - maximum size of HTTP request headers

      • maxChunkSize

        public static int maxChunkSize()

      • maxChunkSize

        public static void maxChunkSize​(int size)
        Maximum size of HTTP chunks in request or responses

        The default is Integer.MAX_VALUE

        Parameters:
        size - maximum size of HTTP chunks in request or responses

      • maxRequestBodySize

        public static int maxRequestBodySize()

      • maxRequestBodySize

        public static void maxRequestBodySize​(int size)
        Maximum aggregated body size (in bytes) accepted on inbound HTTP/1.1 and HTTP/2 requests before MockServer responds with 413 Payload Too Large.

        The default is 10,485,760 bytes (10 MiB). Raise this only if you intentionally mock large uploads; very large limits make MockServer susceptible to memory exhaustion.

        Parameters:
        size - maximum inbound request body size in bytes

      • maxResponseBodySize

        public static int maxResponseBodySize()

      • maxResponseBodySize

        public static void maxResponseBodySize​(int size)
        Maximum aggregated body size (in bytes) accepted on responses received from upstream servers when MockServer is acting as a proxy or forwarder.

        The default is 52,428,800 bytes (50 MiB).

        Parameters:
        size - maximum upstream response body size in bytes

      • maxLlmConversationBodySize

        public static int maxLlmConversationBodySize()

      • maxLlmConversationBodySize

        public static void maxLlmConversationBodySize​(int size)
        Maximum body size (in bytes) for LLM conversation request bodies.

        The default is 1,048,576 bytes (1 MiB). Valid range is [16384, 67108864]. Values outside this range are silently clamped.

        Parameters:
        size - maximum LLM conversation body size in bytes

      • regexMatchingTimeoutMillis

        public static long regexMatchingTimeoutMillis()

      • regexMatchingTimeoutMillis

        public static void regexMatchingTimeoutMillis​(long milliseconds)
        Maximum time (in milliseconds) allowed for evaluating a single regular expression during request matching. A pathological pattern that exceeds this budget is treated as a non-match (and a WARN log entry is written) so the server cannot be wedged by exponential regex backtracking from an attacker-controlled expectation or input.

        The default is 5000 milliseconds. The headroom over typical matching time keeps normal patterns well clear of the cutoff while still bounding pathological backtracking (which takes minutes to hours). Set to 0 or a negative value to disable the timeout.

        Parameters:
        milliseconds - regex evaluation timeout in milliseconds

      • xpathMatchingTimeoutMillis

        public static long xpathMatchingTimeoutMillis()

      • xpathMatchingTimeoutMillis

        public static void xpathMatchingTimeoutMillis​(long milliseconds)
        Maximum time (in milliseconds) allowed for evaluating a single XPath expression against an XML document during request matching. Exceeding this budget is treated as a non-match and a WARN log entry is written, protecting MockServer from XPath-based denial-of-service.

        The default is 5000 milliseconds, well above typical XPath evaluation time, so the timeout only fires on truly pathological expressions or documents. Set to 0 or a negative value to disable the timeout.

        Parameters:
        milliseconds - XPath evaluation timeout in milliseconds

      • customJsonUnitMatchersClass

        public static String customJsonUnitMatchersClass()

      • customJsonUnitMatchersClass

        public static void customJsonUnitMatchersClass​(String customJsonUnitMatchersClass)
        Fully qualified name of a class implementing org.mockserver.matchers.CustomJsonUnitMatcherProvider. When set, the class is instantiated via its public no-arg constructor and the matchers it returns are registered with the json-unit configuration used for JSON body matching, so expectations can reference them via the ${json-unit.matches:name} placeholder (e.g. { "price": "${json-unit.matches:largerThan}" }).

        Misconfigured providers (class not found, wrong type, constructor failure) are logged at WARN and ignored - JSON body matching falls back to the built-in behaviour. Changing the property at runtime causes the provider to be reloaded on the next match.

        The default is the empty string (no custom matchers).

        Parameters:
        customJsonUnitMatchersClass - fully qualified provider class name

      • useSemicolonAsQueryParameterSeparator

        public static void useSemicolonAsQueryParameterSeparator​(boolean useAsQueryParameterSeparator)
        If true semicolons are treated as a separator for a query parameter string, if false the semicolon is treated as a normal character that is part of a query parameter value.

        The default is true

        Parameters:
        useAsQueryParameterSeparator - true semicolons are treated as a separator for a query parameter string

      • useSemicolonAsQueryParameterSeparator

        public static boolean useSemicolonAsQueryParameterSeparator()

      • assumeAllRequestsAreHttp

        public static void assumeAllRequestsAreHttp​(boolean assumeAllRequestsAreHttp)
        If true requests are assumed as binary if the method isn't one of "GET", "POST", "PUT", "HEAD", "OPTIONS", "PATCH", "DELETE", "TRACE" or "CONNECT"

        The default is true

        Parameters:
        assumeAllRequestsAreHttp - if true requests are assumed as binary if the method isn't one of "GET", "POST", "PUT", "HEAD", "OPTIONS", "PATCH", "DELETE", "TRACE" or "CONNECT"

      • assumeAllRequestsAreHttp

        public static boolean assumeAllRequestsAreHttp()

      • http2Enabled

        public static void http2Enabled​(boolean http2Enabled)
        If false HTTP/2 is disabled and ALPN no longer advertises h2, so HTTP/2 capable clients are forced to use HTTP/1.1 (and the HTTP/2 cleartext h2c upgrade is not detected)

        The default is true

        Parameters:
        http2Enabled - if false HTTP/2 is disabled and clients are forced to use HTTP/1.1

      • http2Enabled

        public static boolean http2Enabled()

      • forwardBinaryRequestsWithoutWaitingForResponse

        public static void forwardBinaryRequestsWithoutWaitingForResponse​(boolean forwardBinaryRequestsAsynchronously)
        If true the BinaryRequestProxyingHandler.binaryExchangeCallback is called before a response is received from the remote host. This enables the proxying of messages without a response.

        The default is false

        Parameters:
        forwardBinaryRequestsAsynchronously - target value

      • forwardBinaryRequestsWithoutWaitingForResponse

        public static boolean forwardBinaryRequestsWithoutWaitingForResponse()

      • enableCORSForAPI

        public static boolean enableCORSForAPI()

      • enableCORSForAPI

        public static void enableCORSForAPI​(boolean enable)
        Enable CORS for MockServer REST API so that the API can be used for javascript running in browsers, such as selenium

        The default is false

        Parameters:
        enable - CORS for MockServer REST API

      • enableCORSForAllResponses

        public static boolean enableCORSForAllResponses()

      • enableCORSForAllResponses

        public static void enableCORSForAllResponses​(boolean enable)
        Enable CORS for all responses from MockServer, including the REST API and expectation responses

        The default is false

        Parameters:
        enable - CORS for all responses from MockServer

      • corsAllowOrigin

        public static String corsAllowOrigin()

      • corsAllowOrigin

        public static void corsAllowOrigin​(String corsAllowOrigin)

        the value used for CORS in the access-control-allow-origin header.

        The default is ""

        Parameters:
        corsAllowOrigin - the value used for CORS in the access-control-allow-methods header

      • corsAllowMethods

        public static String corsAllowMethods()

      • corsAllowMethods

        public static void corsAllowMethods​(String corsAllowMethods)

        The value used for CORS in the access-control-allow-methods header.

        The default is "CONNECT, DELETE, GET, HEAD, OPTIONS, POST, PUT, PATCH, TRACE"

        Parameters:
        corsAllowMethods - the value used for CORS in the access-control-allow-methods header

      • corsAllowHeaders

        public static String corsAllowHeaders()

      • corsAllowHeaders

        public static void corsAllowHeaders​(String corsAllowHeaders)

        the value used for CORS in the access-control-allow-headers and access-control-expose-headers headers.

        In addition to this default value any headers specified in the request header access-control-request-headers also get added to access-control-allow-headers and access-control-expose-headers headers in a CORS response.

        The default is "Allow, Content-Encoding, Content-Length, Content-Type, ETag, Expires, Last-Modified, Location, Server, Vary, Authorization"

        Parameters:
        corsAllowHeaders - the value used for CORS in the access-control-allow-headers and access-control-expose-headers headers

      • corsAllowCredentials

        public static boolean corsAllowCredentials()

      • corsAllowCredentials

        public static void corsAllowCredentials​(boolean allow)
        The value used for CORS in the access-control-allow-credentials header.

        The default is true

        Parameters:
        allow - the value used for CORS in the access-control-allow-credentials header

      • corsMaxAgeInSeconds

        public static int corsMaxAgeInSeconds()

      • corsMaxAgeInSeconds

        public static void corsMaxAgeInSeconds​(int ageInSeconds)
        The value used for CORS in the access-control-max-age header.

        The default is 300

        Parameters:
        ageInSeconds - the value used for CORS in the access-control-max-age header.

      • javascriptDisallowedClasses

        public static String javascriptDisallowedClasses()

      • javascriptDisallowedClasses

        public static void javascriptDisallowedClasses​(String javascriptDisallowedClasses)
        Set comma separate list of classes not allowed to be used by javascript templates

        The default is all allowed

        Parameters:
        javascriptDisallowedClasses - comma separated list of classes not allowed to be used

      • javascriptDisallowedText

        public static String javascriptDisallowedText()

      • javascriptDisallowedText

        public static void javascriptDisallowedText​(String javascriptDisallowedText)
        Set comma separate list of text not allowed to be contained in javascript templates

        The default is all allowed

        Parameters:
        javascriptDisallowedText - comma separated list of text not allowed to be contained in javascript templates

      • velocityDisallowClassLoading

        public static boolean velocityDisallowClassLoading()

      • velocityDisallowClassLoading

        public static void velocityDisallowClassLoading​(boolean velocityDisallowClassLoading)
        If true class loading is not allowed in velocity templates

        The default is false

        Parameters:
        velocityDisallowClassLoading - class loading is not allowed in velocity templates

      • velocityDisallowedText

        public static String velocityDisallowedText()

      • velocityDisallowedText

        public static void velocityDisallowedText​(String velocityDisallowedText)
        Set comma separate list of text not allowed to be contained in velocity templates

        The default is all allowed

        Parameters:
        velocityDisallowedText - comma separated list of text not allowed to be contained in velocity templates

      • mustacheDisallowedText

        public static String mustacheDisallowedText()

      • mustacheDisallowedText

        public static void mustacheDisallowedText​(String mustacheDisallowedText)
        Set comma separate list of text not allowed to be contained in mustache templates

        The default is all allowed

        Parameters:
        mustacheDisallowedText - comma separated list of text not allowed to be contained in mustache templates

      • initializationClass

        public static String initializationClass()

      • initializationClass

        public static void initializationClass​(String initializationClass)
        The class (and package) used to initialize expectations in MockServer at startup, if set MockServer will load and call this class to initialise expectations when is starts.

        The default is null

        Parameters:
        initializationClass - class (and package) used to initialize expectations in MockServer at startup

      • initializationJsonPath

        public static String initializationJsonPath()

      • initializationJsonPath

        public static void initializationJsonPath​(String initializationJsonPath)

        The path to the json file used to initialize expectations in MockServer at startup, if set MockServer will load this file and initialise expectations for each item in the file when is starts.

        The expected format of the file is a JSON array of expectations, as per the REST API format

        To watch multiple files use a file globs as documented here: https://mock-server.com/mock_server/initializing_expectations.html#expectation_initializer_json_glob_patterns

        Parameters:
        initializationJsonPath - path to the json file used to initialize expectations in MockServer at startup

      • initializationOpenAPIPath

        public static String initializationOpenAPIPath()

      • initializationOpenAPIPath

        public static void initializationOpenAPIPath​(String initializationOpenAPIPath)

        The path to the OpenAPI spec file used to initialize expectations in MockServer at startup, if set MockServer will load this file and create expectations for each operation when it starts.

        The file can be a YAML (.yaml, .yml) or JSON (.json) OpenAPI v3 specification.

        To watch multiple files use file globs as documented here: https://mock-server.com/mock_server/initializing_expectations.html#expectation_initializer_json_glob_patterns

        Parameters:
        initializationOpenAPIPath - path to the OpenAPI spec file used to initialize expectations in MockServer at startup

      • openAPIContextPathPrefix

        public static String openAPIContextPathPrefix()

      • openAPIContextPathPrefix

        public static void openAPIContextPathPrefix​(String openAPIContextPathPrefix)

        A path prefix to add to all paths generated from OpenAPI specifications.

        For example, if set to "/api/v1" then a path "/pets" from the spec becomes "/api/v1/pets".

        Parameters:
        openAPIContextPathPrefix - the path prefix to add to OpenAPI paths

      • openAPIResponseValidation

        public static boolean openAPIResponseValidation()

      • openAPIResponseValidation

        public static void openAPIResponseValidation​(boolean enable)

        If enabled MockServer will validate that mock responses conform to the OpenAPI spec schema they were generated from.

        Validation is advisory only - responses are still returned to the client even if validation fails.

        The default is false

        Parameters:
        enable - if enabled mock responses will be validated against the OpenAPI spec schema

      • watchInitializationJson

        public static boolean watchInitializationJson()

      • watchInitializationJson

        public static void watchInitializationJson​(boolean enable)

        If enabled the initialization json file will be watched for changes, any changes found will result in expectations being created, remove or updated by matching against their key.

        If duplicate keys exist only the last duplicate key in the file will be processed and all duplicates except the last duplicate will be removed.

        The order of expectations in the file is the order in which they are created if they are new, however, re-ordering existing expectations does not change the order they are matched against incoming requests.

        The default is false

        Parameters:
        enable - if enabled the initialization json file will be watched for changes

      • persistExpectations

        public static boolean persistExpectations()

      • persistExpectations

        public static void persistExpectations​(boolean enable)
        Enable the persisting of expectations as json, which is updated whenever the expectation state is updated (i.e. add, clear, expires, etc)

        The default is false

        Parameters:
        enable - the persisting of expectations as json

      • persistedExpectationsPath

        public static String persistedExpectationsPath()

      • persistedExpectationsPath

        public static void persistedExpectationsPath​(String persistedExpectationsPath)
        The file path used to save persisted expectations as json, which is updated whenever the expectation state is updated (i.e. add, clear, expires, etc)

        The default is "persistedExpectations.json"

        Parameters:
        persistedExpectationsPath - file path used to save persisted expectations as json

      • persistRecordedExpectations

        public static boolean persistRecordedExpectations()

      • persistRecordedExpectations

        public static void persistRecordedExpectations​(boolean enable)
        Enable the persisting of recorded expectations (proxy traffic) as json, which is updated whenever a new request is forwarded

        The default is false

        Parameters:
        enable - the persisting of recorded expectations as json

      • persistedRecordedExpectationsPath

        public static String persistedRecordedExpectationsPath()

      • persistedRecordedExpectationsPath

        public static void persistedRecordedExpectationsPath​(String persistedRecordedExpectationsPath)
        The file path used to save persisted recorded expectations as json, which is updated whenever a new request is forwarded

        The default is "persistedRecordedExpectations.json"

        Parameters:
        persistedRecordedExpectationsPath - file path used to save persisted recorded expectations as json

      • maximumNumberOfRequestToReturnInVerificationFailure

        public static Integer maximumNumberOfRequestToReturnInVerificationFailure()

      • maximumNumberOfRequestToReturnInVerificationFailure

        public static void maximumNumberOfRequestToReturnInVerificationFailure​(Integer maximumNumberOfRequestToReturnInVerification)
        The maximum number of requests to return in verification failure result, if more expectations are found the failure result does not list them separately
        Parameters:
        maximumNumberOfRequestToReturnInVerification - maximum number of expectations to return in verification failure result

      • detailedVerificationFailures

        public static boolean detailedVerificationFailures()

      • detailedVerificationFailures

        public static void detailedVerificationFailures​(boolean enable)
        If true (the default) verification failure messages include a detailed diff showing which fields did not match for the closest matching request.
        Parameters:
        enable - enabled detailed verification failure messages

      • attemptToProxyIfNoMatchingExpectation

        public static boolean attemptToProxyIfNoMatchingExpectation()

      • attemptToProxyIfNoMatchingExpectation

        public static void attemptToProxyIfNoMatchingExpectation​(boolean enable)
        If true (the default) when no matching expectation is found, and the host header of the request does not match MockServer's host, then MockServer attempts to proxy the request if that fails then a 404 is returned. If false when no matching expectation is found, and MockServer is not being used as a proxy, then MockServer always returns a 404 immediately.
        Parameters:
        enable - enables automatically attempted proxying of request that don't match an expectation and look like they should be proxied

      • forwardHttpProxy

        public static void forwardHttpProxy​(String hostAndPort)
        Use HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

        The default is null

        Parameters:
        hostAndPort - host and port for HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

      • forwardHttpProxy

        public static void forwardHttpProxy​(InetSocketAddress hostAndPort)
        Use HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

        The default is null

        Parameters:
        hostAndPort - host and port for HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

      • forwardHttpsProxy

        public static void forwardHttpsProxy​(String hostAndPort)
        Use HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests, supports TLS tunnelling of HTTPS requests

        The default is null

        Parameters:
        hostAndPort - host and port for HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

      • forwardHttpsProxy

        public static void forwardHttpsProxy​(InetSocketAddress hostAndPort)
        Use HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests, supports TLS tunnelling of HTTPS requests

        The default is null

        Parameters:
        hostAndPort - host and port for HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

      • forwardSocksProxy

        public static void forwardSocksProxy​(String hostAndPort)
        Use SOCKS proxy for all outbound / forwarded requests, support TLS tunnelling of TCP connections

        The default is null

        Parameters:
        hostAndPort - host and port for SOCKS proxy for all outbound / forwarded requests

      • forwardSocksProxy

        public static void forwardSocksProxy​(InetSocketAddress hostAndPort)
        Use SOCKS proxy for all outbound / forwarded requests, support TLS tunnelling of TCP connections

        The default is null

        Parameters:
        hostAndPort - host and port for SOCKS proxy for all outbound / forwarded requests

      • forwardProxyAuthenticationUsername

        public static String forwardProxyAuthenticationUsername()

      • forwardProxyAuthenticationUsername

        public static void forwardProxyAuthenticationUsername​(String forwardProxyAuthenticationUsername)

        Username for proxy authentication when using HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

        Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

        The default is null

        Parameters:
        forwardProxyAuthenticationUsername - username for proxy authentication

      • forwardProxyAuthenticationPassword

        public static String forwardProxyAuthenticationPassword()

      • forwardProxyAuthenticationPassword

        public static void forwardProxyAuthenticationPassword​(String forwardProxyAuthenticationPassword)

        Password for proxy authentication when using HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

        Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

        The default is null

        Parameters:
        forwardProxyAuthenticationPassword - password for proxy authentication

      • proxyAuthenticationRealm

        public static String proxyAuthenticationRealm()

      • proxyAuthenticationRealm

        public static void proxyAuthenticationRealm​(String proxyAuthenticationRealm)
        The authentication realm for proxy authentication to MockServer
        Parameters:
        proxyAuthenticationRealm - the authentication realm for proxy authentication

      • proxyAuthenticationUsername

        public static String proxyAuthenticationUsername()

      • proxyAuthenticationUsername

        public static void proxyAuthenticationUsername​(String proxyAuthenticationUsername)

        The required username for proxy authentication to MockServer

        Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

        The default is ""

        Parameters:
        proxyAuthenticationUsername - required username for proxy authentication to MockServer

      • proxyAuthenticationPassword

        public static String proxyAuthenticationPassword()

      • noProxyHosts

        public static void noProxyHosts​(String noProxyHosts)

        The list of hostnames to not use the configured proxy. Several values may be present, seperated by comma (,)

        The default is ""
        Parameters:
        noProxyHosts - Comma-seperated list of hosts to not be proxied.

      • noProxyHosts

        public static String noProxyHosts()

      • proxyRemoteHost

        public static String proxyRemoteHost()

      • proxyRemoteHost

        public static void proxyRemoteHost​(String proxyRemoteHost)

      • proxyRemotePort

        public static Integer proxyRemotePort()

      • proxyRemotePort

        public static void proxyRemotePort​(Integer proxyRemotePort)

      • forwardAdjustHostHeader

        public static boolean forwardAdjustHostHeader()

      • forwardAdjustHostHeader

        public static void forwardAdjustHostHeader​(boolean enable)
        If true (the default) the Host header will be automatically adjusted to match the target server when forwarding requests. This prevents HTTP 421 Misdirected Request errors when the target server validates Host headers. If false the original Host header is preserved.
        Parameters:
        enable - enables automatic Host header adjustment for forwarded requests

      • forwardDefaultHostHeader

        public static String forwardDefaultHostHeader()

      • forwardDefaultHostHeader

        public static void forwardDefaultHostHeader​(String hostHeader)

      • proxyPass

        public static void proxyPass​(String proxyPassJson)
        Configure ProxyPass mappings that map incoming path prefixes to upstream servers with automatic path rewriting. Value is a JSON array of objects with pathPrefix, targetUri, and optional preserveHost fields.
        Parameters:
        proxyPassJson - JSON array string, e.g. [{"pathPrefix":"/api/","targetUri":"https://backend:8443/services/"}]

      • proxyPass

        public static void proxyPass​(List<ProxyPassMapping> mappings)
        Configure ProxyPass mappings that map incoming path prefixes to upstream servers with automatic path rewriting.
        Parameters:
        mappings - list of ProxyPassMapping objects

      • globalResponseDelayMillis

        public static Long globalResponseDelayMillis()

      • globalResponseDelayMillis

        public static void globalResponseDelayMillis​(Long millis)

      • proxyAuthenticationPassword

        public static void proxyAuthenticationPassword​(String proxyAuthenticationPassword)

        The required password for proxy authentication to MockServer

        Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

        The default is ""

        Parameters:
        proxyAuthenticationPassword - required password for proxy authentication to MockServer

      • livenessHttpGetPath

        public static String livenessHttpGetPath()

      • livenessHttpGetPath

        public static void livenessHttpGetPath​(String livenessPath)
        Path to support HTTP GET requests for status response (also available on PUT /mockserver/status).

        If this value is not modified then only PUT /mockserver/status but is a none blank value is provided for this value then GET requests to this path will return the 200 Ok status response showing the MockServer version and bound ports.

        A GET request to this path will be matched before any expectation matching or proxying of requests.

        The default is ""

        Parameters:
        livenessPath - path to support HTTP GET requests for status response

      • controlPlaneTLSMutualAuthenticationRequired

        public static boolean controlPlaneTLSMutualAuthenticationRequired()

      • controlPlaneTLSMutualAuthenticationRequired

        public static void controlPlaneTLSMutualAuthenticationRequired​(boolean enable)
        Require mTLS (also called client authentication and two-way TLS) for all control plane requests
        Parameters:
        enable - TLS mutual authentication for all control plane requests

      • controlPlaneTLSMutualAuthenticationCAChain

        public static String controlPlaneTLSMutualAuthenticationCAChain()

      • controlPlaneTLSMutualAuthenticationCAChain

        public static void controlPlaneTLSMutualAuthenticationCAChain​(String trustCertificateChain)
        File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for control plane mTLS authentication

        The X.509 Certificate Chain is for trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

        This certificate chain will be used for to performs mTLS (client authentication) for inbound TLS connections if controlPlaneTLSMutualAuthenticationRequired is enabled

        Parameters:
        trustCertificateChain - File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates

      • controlPlanePrivateKeyPath

        public static String controlPlanePrivateKeyPath()

      • controlPlanePrivateKeyPath

        public static void controlPlanePrivateKeyPath​(String privateKeyPath)
        File system path or classpath location of a fixed custom private key for control plane connections using mTLS for authentication.

        The private key must be a PKCS#8 or PKCS#1 PEM file and must be the private key corresponding to the controlPlaneX509CertificatePath X509 (public key) configuration. The controlPlaneTLSMutualAuthenticationCAChain configuration must be the Certificate Authority for the corresponding X509 certificate (i.e. able to valid its signature).

        To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

        This configuration will be ignored unless x509CertificatePath is also set.

        Parameters:
        privateKeyPath - location of the PKCS#8 PEM file containing the private key

      • controlPlaneX509CertificatePath

        public static String controlPlaneX509CertificatePath()

      • controlPlaneX509CertificatePath

        public static void controlPlaneX509CertificatePath​(String x509CertificatePath)
        File system path or classpath location of a fixed custom X.509 Certificate for control plane connections using mTLS for authentication.

        The certificate must be a X509 PEM file and must be the public key corresponding to the controlPlanePrivateKeyPath private key configuration. The controlPlaneTLSMutualAuthenticationCAChain configuration must be the Certificate Authority for this certificate (i.e. able to valid its signature).

        This configuration will be ignored unless privateKeyPath is also set.

        Parameters:
        x509CertificatePath - location of the PEM file containing the X509 certificate

      • controlPlaneJWTAuthenticationRequired

        public static boolean controlPlaneJWTAuthenticationRequired()

      • controlPlaneJWTAuthenticationRequired

        public static void controlPlaneJWTAuthenticationRequired​(boolean enable)

        Require JWT authentication for all control plane requests

        Parameters:
        enable - TLS mutual authentication for all control plane requests

      • controlPlaneJWTAuthenticationJWKSource

        public static String controlPlaneJWTAuthenticationJWKSource()

      • controlPlaneJWTAuthenticationJWKSource

        public static void controlPlaneJWTAuthenticationJWKSource​(String controlPlaneJWTAuthenticationJWKSource)

        JWK source used when JWT authentication is enabled for control plane requests

        JWK source can be a file system path, classpath location or a URL

        See: https://openid.net/specs/draft-jones-json-web-key-03.html

        Parameters:
        controlPlaneJWTAuthenticationJWKSource - file system path, classpath location or a URL of JWK source

      • controlPlaneJWTAuthenticationExpectedAudience

        public static String controlPlaneJWTAuthenticationExpectedAudience()

      • controlPlaneJWTAuthenticationExpectedAudience

        public static void controlPlaneJWTAuthenticationExpectedAudience​(String controlPlaneJWTAuthenticationExpectedAudience)

        Audience claim (i.e. aud) required when JWT authentication is enabled for control plane requests

        Parameters:
        controlPlaneJWTAuthenticationExpectedAudience - required value for audience claim (i.e. aud)

      • controlPlaneJWTAuthenticationMatchingClaims

        public static Map<String,​String> controlPlaneJWTAuthenticationMatchingClaims()

      • controlPlaneJWTAuthenticationMatchingClaims

        public static void controlPlaneJWTAuthenticationMatchingClaims​(Map<String,​String> controlPlaneJWTAuthenticationMatchingClaims)

        Matching claims expected when JWT authentication is enabled for control plane requests

        Value should be string with comma separated key=value items, for example: scope=internal public,sub=some_subject

        Parameters:
        controlPlaneJWTAuthenticationMatchingClaims - required values for claims

      • controlPlaneJWTAuthenticationRequiredClaims

        public static Set<String> controlPlaneJWTAuthenticationRequiredClaims()

      • controlPlaneJWTAuthenticationRequiredClaims

        public static void controlPlaneJWTAuthenticationRequiredClaims​(Set<String> controlPlaneJWTAuthenticationRequiredClaims)

        Required claims that should exist (i.e. with any value) when JWT authentication is enabled for control plane requests

        Value should be string with comma separated values, for example: scope,sub

        Parameters:
        controlPlaneJWTAuthenticationRequiredClaims - required claims

      • proactivelyInitialiseTLS

        public static void proactivelyInitialiseTLS​(boolean enable)

        Proactively initialise TLS during start to ensure that if dynamicallyCreateCertificateAuthorityCertificate is enabled the Certificate Authority X.509 Certificate and Private Key will be created during start up and not when the first TLS connection is received.

        This setting will also ensure any configured private key and X.509 will be loaded during start up and not when the first TLS connection is received to give immediate feedback on any related TLS configuration errors.

        Parameters:
        enable - proactively initialise TLS at startup

      • proactivelyInitialiseTLS

        public static boolean proactivelyInitialiseTLS()

      • tlsProtocols

        public static String tlsProtocols()

      • tlsProtocols

        public static void tlsProtocols​(String tlsProtocols)
        Comma seperated list of TLS protocols, by default TLSv1,TLSv1.1,TLSv1.2
        Parameters:
        tlsProtocols - comma seperated list of TLS protocols

      • tlsAllowInsecureProtocols

        public static boolean tlsAllowInsecureProtocols()

      • tlsAllowInsecureProtocols

        public static void tlsAllowInsecureProtocols​(boolean allow)
        Whether to allow TLSv1 and TLSv1.1 in the effective TLS protocols list.

        Both protocols are deprecated by RFC 8996 and vulnerable to BEAST and POODLE. The default is true for backwards compatibility — MockServer's tlsProtocols() default still includes them. Set this to false to opt into a hardened profile: any "TLSv1" or "TLSv1.1" entries in tlsProtocols() are filtered out before the SSL context is built.

        A future major release is expected to flip this default to false.

        Parameters:
        allow - if true, TLSv1 and TLSv1.1 are honoured in tlsProtocols(); if false, they are stripped

      • dynamicallyCreateCertificateAuthorityCertificate

        public static boolean dynamicallyCreateCertificateAuthorityCertificate()

      • dynamicallyCreateCertificateAuthorityCertificate

        public static void dynamicallyCreateCertificateAuthorityCertificate​(boolean enable)
        Enable dynamic creation of Certificate Authority X509 certificate and private key.

        Enable this property to increase the security of trusting the MockServer Certificate Authority X509 by ensuring a local dynamic value is used instead of the public value in the MockServer git repo.

        These PEM files will be created and saved in the directory specified with configuration property directoryToSaveDynamicSSLCertificate.

        Parameters:
        enable - dynamic creation of Certificate Authority X509 certificate and private key.

      • directoryToSaveDynamicSSLCertificate

        public static String directoryToSaveDynamicSSLCertificate()

      • directoryToSaveDynamicSSLCertificate

        public static void directoryToSaveDynamicSSLCertificate​(String directoryToSaveDynamicSSLCertificate)
        Directory used to save the dynamically generated Certificate Authority X.509 Certificate and Private Key.
        Parameters:
        directoryToSaveDynamicSSLCertificate - directory to save Certificate Authority X.509 Certificate and Private Key

      • preventCertificateDynamicUpdate

        public static void preventCertificateDynamicUpdate​(boolean prevent)
        Prevent certificates from dynamically updating when domain list changes
        Parameters:
        prevent - prevent certificates from dynamically updating when domain list changes

      • preventCertificateDynamicUpdate

        public static boolean preventCertificateDynamicUpdate()

      • sslCertificateDomainName

        public static String sslCertificateDomainName()

      • sslCertificateDomainName

        public static void sslCertificateDomainName​(String domainName)
        The domain name for auto-generate TLS certificates

        The default is "localhost"

        Parameters:
        domainName - domain name for auto-generate TLS certificates

      • sslSubjectAlternativeNameDomains

        public static void sslSubjectAlternativeNameDomains​(Set<String> sslSubjectAlternativeNameDomains)
        The Subject Alternative Name (SAN) domain names for auto-generate TLS certificates as a comma separated list

        The default is "localhost"

        Parameters:
        sslSubjectAlternativeNameDomains - Subject Alternative Name (SAN) domain names for auto-generate TLS certificates

      • sslSubjectAlternativeNameDomains

        public static Set<String> sslSubjectAlternativeNameDomains()

      • sslSubjectAlternativeNameIps

        public static void sslSubjectAlternativeNameIps​(Set<String> sslSubjectAlternativeNameIps)

        The Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates as a comma separated list

        The default is "127.0.0.1,0.0.0.0"

        Parameters:
        sslSubjectAlternativeNameIps - Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates

      • sslSubjectAlternativeNameIps

        public static Set<String> sslSubjectAlternativeNameIps()

      • certificateAuthorityPrivateKey

        public static String certificateAuthorityPrivateKey()

      • certificateAuthorityPrivateKey

        public static void certificateAuthorityPrivateKey​(String certificateAuthorityPrivateKey)
        File system path or classpath location of custom Private Key for Certificate Authority for TLS, the private key must be a PKCS#8 or PKCS#1 PEM file and must match the certificateAuthorityCertificate To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt
        Parameters:
        certificateAuthorityPrivateKey - location of the PEM file containing the certificate authority private key

      • certificateAuthorityCertificate

        public static String certificateAuthorityCertificate()

      • certificateAuthorityCertificate

        public static void certificateAuthorityCertificate​(String certificateAuthorityCertificate)
        File system path or classpath location of custom X.509 Certificate for Certificate Authority for TLS, the certificate must be a X509 PEM file and must match the certificateAuthorityPrivateKey
        Parameters:
        certificateAuthorityCertificate - location of the PEM file containing the certificate authority X509 certificate

      • privateKeyPath

        public static String privateKeyPath()

      • privateKeyPath

        public static void privateKeyPath​(String privateKeyPath)
        File system path or classpath location of a fixed custom private key for TLS connections into MockServer.

        The private key must be a PKCS#8 or PKCS#1 PEM file and must be the private key corresponding to the x509CertificatePath X509 (public key) configuration. The certificateAuthorityCertificate configuration must be the Certificate Authority for the corresponding X509 certificate (i.e. able to valid its signature), see: x509CertificatePath.

        To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

        This configuration will be ignored unless x509CertificatePath is also set.

        Parameters:
        privateKeyPath - location of the PKCS#8 PEM file containing the private key

      • x509CertificatePath

        public static String x509CertificatePath()

      • x509CertificatePath

        public static void x509CertificatePath​(String x509CertificatePath)
        File system path or classpath location of a fixed custom X.509 Certificate for TLS connections into MockServer.

        The certificate must be a X509 PEM file and must be the public key corresponding to the privateKeyPath private key configuration. The certificateAuthorityCertificate configuration must be the Certificate Authority for this certificate (i.e. able to valid its signature).

        This configuration will be ignored unless privateKeyPath is also set.

        Parameters:
        x509CertificatePath - location of the PEM file containing the X509 certificate

      • tlsMutualAuthenticationRequired

        public static boolean tlsMutualAuthenticationRequired()

      • tlsMutualAuthenticationRequired

        public static void tlsMutualAuthenticationRequired​(boolean enable)
        Require mTLS (also called client authentication and two-way TLS) for all TLS connections / HTTPS requests to MockServer
        Parameters:
        enable - TLS mutual authentication

      • tlsMutualAuthenticationCertificateChain

        public static String tlsMutualAuthenticationCertificateChain()

      • tlsMutualAuthenticationCertificateChain

        public static void tlsMutualAuthenticationCertificateChain​(String trustCertificateChain)
        File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

        This certificate chain will be used if MockServer performs mTLS (client authentication) for inbound TLS connections because tlsMutualAuthenticationRequired is enabled

        Parameters:
        trustCertificateChain - File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates

      • forwardProxyTLSX509CertificatesTrustManagerType

        public static void forwardProxyTLSX509CertificatesTrustManagerType​(ForwardProxyTLSX509CertificatesTrustManager trustManagerType)
        Configure trusted set of certificates for forwarded or proxied requests.

        MockServer will only be able to establish a TLS connection to endpoints that have a trusted X509 certificate according to the trust manager type, as follows:

        ALL - Insecure will trust all X509 certificates and not perform host name verification. JVM - Will trust all X509 certificates trust by the JVM. CUSTOM - Will trust all X509 certificates specified in forwardProxyTLSCustomTrustX509Certificates configuration value.

        Parameters:
        trustManagerType - trusted set of certificates for forwarded or proxied requests, allowed values: ALL, JVM, CUSTOM.

      • forwardProxyBlockPrivateNetworks

        public static boolean forwardProxyBlockPrivateNetworks()

      • forwardProxyBlockPrivateNetworks

        public static void forwardProxyBlockPrivateNetworks​(boolean block)
        When set to true, MockServer rejects forward and proxy targets that resolve to loopback, link-local, RFC 1918 private, or cloud metadata addresses (such as 169.254.169.254). This blocks server-side request forgery (SSRF) attacks where a malicious expectation forwards through MockServer to internal infrastructure.

        The default is false because MockServer is primarily used to mock services in private or loopback test networks (Docker bridges, Kubernetes service IPs, localhost), so blocking those targets by default would break the common case. Enable this in hardened or multi-tenant deployments where untrusted callers can register expectations.

        Parameters:
        block - if true, block forwarding to private or metadata addresses

      • forwardProxyTLSCustomTrustX509Certificates

        public static String forwardProxyTLSCustomTrustX509Certificates()

      • forwardProxyTLSCustomTrustX509Certificates

        public static void forwardProxyTLSCustomTrustX509Certificates​(String customX509Certificates)
        File system path or classpath location of custom file for trusted X509 Certificate Authority roots for forwarded or proxied requests, the certificate chain must be a X509 PEM file.

        MockServer will only be able to establish a TLS connection to endpoints that have an X509 certificate chain that is signed by one of the provided custom certificates, i.e. where a path can be established from the endpoints X509 certificate to one or more of the custom X509 certificates provided.

        Parameters:
        customX509Certificates - custom set of trusted X509 certificate authority roots for forwarded or proxied requests in PEM format.

      • forwardProxyPrivateKey

        public static String forwardProxyPrivateKey()

      • forwardProxyPrivateKey

        public static void forwardProxyPrivateKey​(String privateKey)
        File system path or classpath location of custom Private Key for proxied TLS connections out of MockServer, the private key must be a PKCS#8 or PKCS#1 PEM file

        To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

        This private key will be used if MockServer needs to perform mTLS (client authentication) for outbound TLS connections.

        Parameters:
        privateKey - location of the PEM file containing the private key

      • forwardProxyCertificateChain

        public static String forwardProxyCertificateChain()

      • forwardProxyCertificateChain

        public static void forwardProxyCertificateChain​(String certificateChain)
        File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

        This certificate chain will be used if MockServer needs to perform mTLS (client authentication) for outbound TLS connections.

        Parameters:
        certificateChain - location of the PEM file containing the certificate chain