Package org.mockserver.configuration

Class Configuration

java.lang.Object
org.mockserver.configuration.Configuration
public class Configuration extends Object
Author:
jamesdbloom

  • Constructor Details

    • Configuration

      public Configuration()

  • Method Details

    • configuration

      public static Configuration configuration()

    • logLevel

      public org.slf4j.event.Level logLevel()

    • logLevel

      public Configuration logLevel(org.slf4j.event.Level level)
      Override the default logging level of INFO
      Parameters:
      level - the log level, which can be TRACE, DEBUG, INFO, WARN, ERROR, OFF, FINEST, FINE, INFO, WARNING, SEVERE

    • logLevel

      public Configuration logLevel(String level)
      Override the default logging level of INFO
      Parameters:
      level - the log level, which can be TRACE, DEBUG, INFO, WARN, ERROR, OFF, FINEST, FINE, INFO, WARNING, SEVERE

    • logEventListener

      public Consumer<LogEntry> logEventListener()

    • logEventListener

      public Configuration logEventListener(Consumer<LogEntry> logEventListener)

    • disableSystemOut

      public Boolean disableSystemOut()

    • disableSystemOut

      public Configuration disableSystemOut(Boolean disableSystemOut)
      Disable printing log to system out for JVM, default is enabled
      Parameters:
      disableSystemOut - printing log to system out for JVM

    • disableLogging

      public Boolean disableLogging()

    • disableLogging

      public Configuration disableLogging(Boolean disableLogging)
      Disable all logging and processing of log events

      The default is false

      Parameters:
      disableLogging - disable all logging

    • detailedMatchFailures

      public Boolean detailedMatchFailures()

    • detailedMatchFailures

      public Configuration detailedMatchFailures(Boolean detailedMatchFailures)
      If true (the default) the log event recording that a request matcher did not match will include a detailed reason why each non-matching field did not match.
      Parameters:
      detailedMatchFailures - enabled detailed match failure log events

    • launchUIForLogLevelDebug

      public Boolean launchUIForLogLevelDebug()

    • launchUIForLogLevelDebug

      public Configuration launchUIForLogLevelDebug(Boolean launchUIForLogLevelDebug)
      If true (the default) the ClientAndServer constructor will open the UI in the default browser when the log level is set to DEBUG.
      Parameters:
      launchUIForLogLevelDebug - enabled ClientAndServer constructor launching UI when log level is DEBUG

    • metricsEnabled

      public Boolean metricsEnabled()

    • metricsEnabled

      public Configuration metricsEnabled(Boolean metricsEnabled)
      Enable gathering of metrics, default is false
      Parameters:
      metricsEnabled - enable metrics

    • slowRequestThresholdMillis

      public Long slowRequestThresholdMillis()

    • slowRequestThresholdMillis

      public Configuration slowRequestThresholdMillis(Long slowRequestThresholdMillis)
      Threshold in milliseconds for flagging slow forwarded requests. When a forwarded request's total time exceeds this threshold, a WARN-level log entry is emitted and the mock_server_slow_requests_total Prometheus counter is incremented.

      Default is 0 (disabled).

      Parameters:
      slowRequestThresholdMillis - threshold in milliseconds, 0 to disable

    • metricsRequestDurationRouteLabels

      public Boolean metricsRequestDurationRouteLabels()

    • metricsRequestDurationRouteLabels

      public Configuration metricsRequestDurationRouteLabels(Boolean metricsRequestDurationRouteLabels)
      Enable per-route (HTTP method) labels on the request duration histogram.
      Parameters:
      metricsRequestDurationRouteLabels - enable method labels

    • otelPropagateTraceContext

      public Boolean otelPropagateTraceContext()

    • otelPropagateTraceContext

      public Configuration otelPropagateTraceContext(Boolean otelPropagateTraceContext)
      When true, MockServer copies the incoming W3C traceparent and tracestate headers into mock responses. Off by default.
      Parameters:
      otelPropagateTraceContext - enable trace context propagation to responses

    • otelGenerateTraceId

      public Boolean otelGenerateTraceId()

    • otelGenerateTraceId

      public Configuration otelGenerateTraceId(Boolean otelGenerateTraceId)
      When true, MockServer generates a new W3C trace ID for incoming requests that do not carry a traceparent header. Off by default.
      Parameters:
      otelGenerateTraceId - enable trace ID generation for requests without traceparent

    • mcpEnabled

      public Boolean mcpEnabled()

    • mcpEnabled

      public Configuration mcpEnabled(Boolean mcpEnabled)

    • wasmEnabled

      public Boolean wasmEnabled()

    • wasmEnabled

      public Configuration wasmEnabled(Boolean wasmEnabled)

    • wasmMaxMemoryPages

      public Integer wasmMaxMemoryPages()

    • wasmMaxMemoryPages

      public Configuration wasmMaxMemoryPages(Integer wasmMaxMemoryPages)

    • grpcDescriptorDirectory

      public String grpcDescriptorDirectory()

    • grpcDescriptorDirectory

      public Configuration grpcDescriptorDirectory(String grpcDescriptorDirectory)

    • grpcProtoDirectory

      public String grpcProtoDirectory()

    • grpcProtoDirectory

      public Configuration grpcProtoDirectory(String grpcProtoDirectory)

    • grpcEnabled

      public Boolean grpcEnabled()

    • grpcEnabled

      public Configuration grpcEnabled(Boolean grpcEnabled)

    • grpcProtocPath

      public String grpcProtocPath()

    • grpcProtocPath

      public Configuration grpcProtocPath(String grpcProtocPath)

    • grpcBidiStreamingEnabled

      public Boolean grpcBidiStreamingEnabled()

    • grpcBidiStreamingEnabled

      public Configuration grpcBidiStreamingEnabled(Boolean grpcBidiStreamingEnabled)
      If true the HTTP/2 pipeline uses Http2FrameCodec + Http2MultiplexHandler instead of HttpToHttp2ConnectionHandler + InboundHttp2ToHttpAdapter for connections where gRPC descriptors are loaded. This is required for true client-streaming and bidirectional-streaming gRPC in a future phase. In Phase 0 the multiplex branch re-aggregates frames so behaviour is identical to the connection-level adapter.

      Default is false

      Parameters:
      grpcBidiStreamingEnabled - enable the multiplex HTTP/2 pipeline for gRPC bidi-streaming support

    • dnsEnabled

      public Boolean dnsEnabled()

    • dnsEnabled

      public Configuration dnsEnabled(Boolean dnsEnabled)

    • dnsPort

      public Integer dnsPort()

    • dnsPort

      public Configuration dnsPort(Integer dnsPort)

    • http3Port

      public Integer http3Port()

    • http3Port

      public Configuration http3Port(Integer http3Port)

    • http3MaxIdleTimeout

      public Long http3MaxIdleTimeout()

    • http3MaxIdleTimeout

      public Configuration http3MaxIdleTimeout(Long http3MaxIdleTimeout)

    • http3InitialMaxData

      public Long http3InitialMaxData()

    • http3InitialMaxData

      public Configuration http3InitialMaxData(Long http3InitialMaxData)

    • http3InitialMaxStreamDataBidirectional

      public Long http3InitialMaxStreamDataBidirectional()

    • http3InitialMaxStreamDataBidirectional

      public Configuration http3InitialMaxStreamDataBidirectional(Long http3InitialMaxStreamDataBidirectional)

    • http3InitialMaxStreamsBidirectional

      public Long http3InitialMaxStreamsBidirectional()

    • http3InitialMaxStreamsBidirectional

      public Configuration http3InitialMaxStreamsBidirectional(Long http3InitialMaxStreamsBidirectional)

    • http3QpackMaxTableCapacity

      public Long http3QpackMaxTableCapacity()

    • http3QpackMaxTableCapacity

      public Configuration http3QpackMaxTableCapacity(Long http3QpackMaxTableCapacity)

    • http3ConnectUdpEnabled

      public Boolean http3ConnectUdpEnabled()

    • http3ConnectUdpEnabled

      public Configuration http3ConnectUdpEnabled(Boolean http3ConnectUdpEnabled)

    • http3AltSvcMaxAge

      public Long http3AltSvcMaxAge()

    • http3AltSvcMaxAge

      public Configuration http3AltSvcMaxAge(Long http3AltSvcMaxAge)

    • http3AdvertiseAltSvc

      public Boolean http3AdvertiseAltSvc()

    • http3AdvertiseAltSvc

      public Configuration http3AdvertiseAltSvc(Boolean http3AdvertiseAltSvc)

    • logLevelOverrides

      public Map<String,String> logLevelOverrides()

    • logLevelOverrides

      public Configuration logLevelOverrides(Map<String,String> logLevelOverrides)

    • compactLogFormat

      public Boolean compactLogFormat()

    • compactLogFormat

      public Configuration compactLogFormat(Boolean compactLogFormat)

    • maxExpectations

      public Integer maxExpectations()

    • maxExpectations

      public Configuration maxExpectations(Integer maxExpectations)

      Maximum number of expectations stored in memory. Expectations are stored in a circular queue so once this limit is reach the oldest and lowest priority expectations are overwritten

      The default maximum depends on the available memory in the JVM with an upper limit of 15000

      Parameters:
      maxExpectations - maximum number of expectations to store

    • maxLogEntries

      public Integer maxLogEntries()

    • maxLogEntries

      public Configuration maxLogEntries(Integer maxLogEntries)

      Maximum number of log entries stored in memory. Log entries are stored in a circular queue so once this limit is reach the oldest log entries are overwritten

      The default maximum depends on the available memory in the JVM with an upper limit of 100000

      Parameters:
      maxLogEntries - maximum number of expectations to store

    • maxWebSocketExpectations

      public Integer maxWebSocketExpectations()

    • maxWebSocketExpectations

      public Configuration maxWebSocketExpectations(Integer maxWebSocketExpectations)

      Maximum number of remote (not the same JVM) method callbacks (i.e. web sockets) registered for expectations. The web socket client registry entries are stored in a circular queue so once this limit is reach the oldest are overwritten.

      The default is 1500

      Parameters:
      maxWebSocketExpectations - maximum number of method callbacks (i.e. web sockets) registered for expectations

    • outputMemoryUsageCsv

      public Boolean outputMemoryUsageCsv()

    • outputMemoryUsageCsv

      public Configuration outputMemoryUsageCsv(Boolean outputMemoryUsageCsv)

      Output JVM memory usage metrics to CSV file periodically called memoryUsage_<yyyy-MM-dd>.csv

      Parameters:
      outputMemoryUsageCsv - output of JVM memory metrics

    • memoryUsageCsvDirectory

      public String memoryUsageCsvDirectory()

    • memoryUsageCsvDirectory

      public Configuration memoryUsageCsvDirectory(String memoryUsageCsvDirectory)

      Directory to output JVM memory usage metrics CSV files to when outputMemoryUsageCsv enabled

      Parameters:
      memoryUsageCsvDirectory - directory to save JVM memory metrics CSV files

    • useNativeTransport

      public Boolean useNativeTransport()

    • useNativeTransport

      public Configuration useNativeTransport(Boolean useNativeTransport)
      If true (the default) MockServer will use the native epoll transport on Linux for higher performance and to enable transparent-proxy SO_ORIGINAL_DST resolution. Set to false to force the NIO transport on all platforms.

      This property is read at start-up only.

      Parameters:
      useNativeTransport - enable native transport when available

    • nioEventLoopThreadCount

      public Integer nioEventLoopThreadCount()

    • nioEventLoopThreadCount

      public Configuration nioEventLoopThreadCount(Integer nioEventLoopThreadCount)

      Netty worker thread pool size for handling requests and response. These threads handle deserializing and serialising HTTP requests and responses and some other fast logic, long running tasks are done on the action handler thread pool.

      Parameters:
      nioEventLoopThreadCount - Netty worker thread pool size

    • actionHandlerThreadCount

      public Integer actionHandlerThreadCount()

    • actionHandlerThreadCount

      public Configuration actionHandlerThreadCount(Integer actionHandlerThreadCount)

      Number of threads for the action handler thread pool

      These threads are used for handling actions such as:

      • serialising and writing expectation or proxied responses
      • handling response delays in a non-blocking way (i.e. using a scheduler)
      • executing class callbacks
      • handling method / closure callbacks (using web sockets)

      Default is maximum of 5 or available processors count

      Parameters:
      actionHandlerThreadCount - Netty worker thread pool size

    • clientNioEventLoopThreadCount

      public Integer clientNioEventLoopThreadCount()

    • clientNioEventLoopThreadCount

      public Configuration clientNioEventLoopThreadCount(Integer clientNioEventLoopThreadCount)

      Client Netty worker thread pool size for handling requests and response. These threads handle deserializing and serialising HTTP requests and responses and some other fast logic.

      Default is 5 threads

      Parameters:
      clientNioEventLoopThreadCount - Client Netty worker thread pool size

    • webSocketClientEventLoopThreadCount

      public Integer webSocketClientEventLoopThreadCount()

    • webSocketClientEventLoopThreadCount

      public Configuration webSocketClientEventLoopThreadCount(Integer webSocketClientEventLoopThreadCount)

      Client Netty worker thread pool size for handling requests and response. These threads handle deserializing and serialising HTTP requests and responses and some other fast logic.

      Default is 5 threads

      Parameters:
      webSocketClientEventLoopThreadCount - Client Netty worker thread pool size

    • maxFutureTimeoutInMillis

      public Long maxFutureTimeoutInMillis()

    • maxFutureTimeoutInMillis

      public Configuration maxFutureTimeoutInMillis(Long maxFutureTimeoutInMillis)
      Maximum time allowed in milliseconds for any future to wait, for example when waiting for a response over a web socket callback.

      Default is 60,000 ms

      Parameters:
      maxFutureTimeoutInMillis - maximum time allowed in milliseconds

    • matchersFailFast

      public Boolean matchersFailFast()

    • matchersFailFast

      public Configuration matchersFailFast(Boolean matchersFailFast)
      If true (the default) request matchers will fail on the first non-matching field, if false request matchers will compare all fields. This is useful to see all mismatching fields in the log event recording that a request matcher did not match.
      Parameters:
      matchersFailFast - enabled request matchers failing fast

    • maxSocketTimeoutInMillis

      public Long maxSocketTimeoutInMillis()

    • maxSocketTimeoutInMillis

      public Configuration maxSocketTimeoutInMillis(Long maxSocketTimeoutInMillis)
      Maximum time in milliseconds allowed for a response from a socket

      Default is 20,000 ms

      Parameters:
      maxSocketTimeoutInMillis - maximum time in milliseconds allowed

    • socketConnectionTimeoutInMillis

      public Long socketConnectionTimeoutInMillis()

    • socketConnectionTimeoutInMillis

      public Configuration socketConnectionTimeoutInMillis(Long socketConnectionTimeoutInMillis)
      Maximum time in milliseconds allowed to connect to a socket

      Default is 20,000 ms

      Parameters:
      socketConnectionTimeoutInMillis - maximum time allowed in milliseconds

    • connectionDelay

      public Delay connectionDelay()

    • connectionDelay

      public Configuration connectionDelay(Delay connectionDelay)

    • alwaysCloseSocketConnections

      public Boolean alwaysCloseSocketConnections()

    • alwaysCloseSocketConnections

      public Configuration alwaysCloseSocketConnections(Boolean alwaysCloseSocketConnections)

      If true socket connections will always be closed after a response is returned, if false connection is only closed if request header indicate connection should be closed.

      Default is false

      Parameters:
      alwaysCloseSocketConnections - true socket connections will always be closed after a response is returned

    • localBoundIP

      public String localBoundIP()

    • localBoundIP

      public Configuration localBoundIP(String localBoundIP)
      The local IP address to bind to for accepting new socket connections

      Default is 0.0.0.0

      Parameters:
      localBoundIP - local IP address to bind to for accepting new socket connections

    • maxInitialLineLength

      public Integer maxInitialLineLength()

    • maxInitialLineLength

      public Configuration maxInitialLineLength(Integer maxInitialLineLength)
      Maximum size of the first line of an HTTP request

      The default is Integer.MAX_VALUE

      Parameters:
      maxInitialLineLength - maximum size of the first line of an HTTP request

    • maxHeaderSize

      public Integer maxHeaderSize()

    • maxHeaderSize

      public Configuration maxHeaderSize(Integer maxHeaderSize)
      Maximum size of HTTP request headers

      The default is Integer.MAX_VALUE

      Parameters:
      maxHeaderSize - maximum size of HTTP request headers

    • maxChunkSize

      public Integer maxChunkSize()

    • maxChunkSize

      public Configuration maxChunkSize(Integer maxChunkSize)
      Maximum size of HTTP chunks in request or responses

      The default is Integer.MAX_VALUE

      Parameters:
      maxChunkSize - maximum size of HTTP chunks in request or responses

    • maxRequestBodySize

      public Integer maxRequestBodySize()

    • maxRequestBodySize

      public Configuration maxRequestBodySize(Integer maxRequestBodySize)
      Maximum aggregated body size (in bytes) accepted on inbound HTTP/1.1 and HTTP/2 requests.

      The default is 10,485,760 bytes (10 MiB).

      Parameters:
      maxRequestBodySize - maximum inbound request body size in bytes

    • maxResponseBodySize

      public Integer maxResponseBodySize()

    • maxResponseBodySize

      public Configuration maxResponseBodySize(Integer maxResponseBodySize)
      Maximum aggregated body size (in bytes) accepted on responses received from upstream servers when MockServer is acting as a proxy or forwarder.

      The default is 52,428,800 bytes (50 MiB).

      Parameters:
      maxResponseBodySize - maximum upstream response body size in bytes

    • maxLlmConversationBodySize

      public Integer maxLlmConversationBodySize()

    • maxLlmConversationBodySize

      public Configuration maxLlmConversationBodySize(Integer maxLlmConversationBodySize)
      Maximum body size (in bytes) for LLM conversation request bodies.

      The default is 1,048,576 bytes (1 MiB). Valid range is [16384, 67108864].

      Parameters:
      maxLlmConversationBodySize - maximum LLM conversation body size in bytes

    • driftSemanticAnalysisEnabled

      public Boolean driftSemanticAnalysisEnabled()

    • driftSemanticAnalysisEnabled

      public Configuration driftSemanticAnalysisEnabled(Boolean driftSemanticAnalysisEnabled)
      Whether to enable LLM-powered semantic drift analysis. When enabled and a runtime LLM backend is available, each structural drift record is enriched with a severity classification (BREAKING/WARNING/INFORMATIONAL) and an explanation. Default false (opt-in).
      Parameters:
      driftSemanticAnalysisEnabled - true to enable semantic drift analysis

    • driftResponseTimeThresholdMs

      public Long driftResponseTimeThresholdMs()

    • driftResponseTimeThresholdMs

      public Configuration driftResponseTimeThresholdMs(Long driftResponseTimeThresholdMs)
      p95 response time threshold (in milliseconds) for performance drift detection. When positive, a PERFORMANCE drift record is emitted whenever the p95 response time for an expectation exceeds this threshold. Default 0 (disabled).
      Parameters:
      driftResponseTimeThresholdMs - threshold in milliseconds, 0 to disable

    • useSemicolonAsQueryParameterSeparator

      public Boolean useSemicolonAsQueryParameterSeparator()

    • useSemicolonAsQueryParameterSeparator

      public Configuration useSemicolonAsQueryParameterSeparator(Boolean useSemicolonAsQueryParameterSeparator)
      If true semicolons are treated as a separator for a query parameter string, if false the semicolon is treated as a normal character that is part of a query parameter value.

      The default is true

      Parameters:
      useSemicolonAsQueryParameterSeparator - if true semicolons are treated as a separator for a query parameter string

    • assumeAllRequestsAreHttp

      public Boolean assumeAllRequestsAreHttp()

    • assumeAllRequestsAreHttp

      public Configuration assumeAllRequestsAreHttp(Boolean assumeAllRequestsAreHttp)
      If false requests are assumed as binary if the method isn't one of "GET", "POST", "PUT", "HEAD", "OPTIONS", "PATCH", "DELETE", "TRACE" or "CONNECT"

      The default is false

      Parameters:
      assumeAllRequestsAreHttp - if false requests are assumed as binary if the method isn't one of "GET", "POST", "PUT", "HEAD", "OPTIONS", "PATCH", "DELETE", "TRACE" or "CONNECT"

    • http2Enabled

      public Boolean http2Enabled()

    • http2Enabled

      public Configuration http2Enabled(Boolean http2Enabled)
      If false HTTP/2 is disabled and ALPN no longer advertises h2, so HTTP/2 capable clients are forced to use HTTP/1.1 (and the HTTP/2 cleartext h2c upgrade is not detected)

      The default is true

      Parameters:
      http2Enabled - if false HTTP/2 is disabled and clients are forced to use HTTP/1.1

    • streamingResponsesEnabled

      public Boolean streamingResponsesEnabled()

    • streamingResponsesEnabled

      public Configuration streamingResponsesEnabled(Boolean streamingResponsesEnabled)
      If true (the default) streaming responses (Server-Sent Events with Content-Type: text/event-stream) received while proxying are relayed to the client incrementally as they arrive, instead of being fully buffered before being forwarded. This keeps streaming APIs (such as LLM APIs) responsive when proxied. Only SSE responses are detected as streaming; ordinary chunked responses are aggregated normally.

      Default is true

      Parameters:
      streamingResponsesEnabled - enable incremental relay of streaming responses while proxying

    • maxStreamingCaptureBytes

      public Integer maxStreamingCaptureBytes()

    • maxStreamingCaptureBytes

      public Configuration maxStreamingCaptureBytes(Integer maxStreamingCaptureBytes)
      The maximum number of bytes of a streaming response body captured into the event log while relaying it. The full stream is always relayed to the client; this only bounds how much is retained for the dashboard and retrieve API. Once exceeded the logged body is truncated and flagged.

      Default is 262144 (256 KB)

      Parameters:
      maxStreamingCaptureBytes - maximum number of streaming response body bytes captured into the event log

    • streamIdleTimeoutSeconds

      public Integer streamIdleTimeoutSeconds()

    • streamIdleTimeoutSeconds

      public Configuration streamIdleTimeoutSeconds(Integer streamIdleTimeoutSeconds)
      The maximum time in seconds a streaming response connection may be idle (no chunk received) before it is considered dead and closed. This replaces the fixed socket timeout for streaming responses, which would otherwise terminate long-lived streams.

      Default is 60 seconds

      Parameters:
      streamIdleTimeoutSeconds - maximum idle time in seconds between streaming response chunks

    • forwardBinaryRequestsWithoutWaitingForResponse

      public Boolean forwardBinaryRequestsWithoutWaitingForResponse()

    • forwardBinaryRequestsWithoutWaitingForResponse

      public Configuration forwardBinaryRequestsWithoutWaitingForResponse(Boolean forwardBinaryRequestsWithoutWaitingForResponse)
      If true the BinaryProxyListener is called before a response is received from the remote host. This enables the proxying of messages without a response.

      The default is false

      Parameters:
      forwardBinaryRequestsWithoutWaitingForResponse - target value

    • binaryProxyListener

      public BinaryProxyListener binaryProxyListener()

    • binaryProxyListener

      public Configuration binaryProxyListener(BinaryProxyListener binaryProxyListener)
      Set a org.mockserver.model.BinaryProxyListener called when binary content is proxied
      Parameters:
      binaryProxyListener - a BinaryProxyListener called when binary content is proxied

    • enableCORSForAPI

      public Boolean enableCORSForAPI()

    • enableCORSForAPI

      public Configuration enableCORSForAPI(Boolean enableCORSForAPI)
      Enable CORS for MockServer REST API so that the API can be used for javascript running in browsers, such as selenium

      The default is false

      Parameters:
      enableCORSForAPI - CORS for MockServer REST API

    • enableCORSForAllResponses

      public Boolean enableCORSForAllResponses()

    • enableCORSForAllResponses

      public Configuration enableCORSForAllResponses(Boolean enableCORSForAllResponses)
      Enable CORS for all responses from MockServer, including the REST API and expectation responses

      The default is false

      Parameters:
      enableCORSForAllResponses - CORS for all responses from MockServer

    • corsAllowOrigin

      public String corsAllowOrigin()

    • corsAllowOrigin

      public Configuration corsAllowOrigin(String corsAllowOrigin)

      the value used for CORS in the access-control-allow-origin header.

      The default is ""

      Parameters:
      corsAllowOrigin - the value used for CORS in the access-control-allow-methods header

    • corsAllowMethods

      public String corsAllowMethods()

    • corsAllowMethods

      public Configuration corsAllowMethods(String corsAllowMethods)

      the value used for CORS in the access-control-allow-methods header.

      The default is ""

      Parameters:
      corsAllowMethods - the value used for CORS in the access-control-allow-methods header

    • corsAllowHeaders

      public String corsAllowHeaders()

    • corsAllowHeaders

      public Configuration corsAllowHeaders(String corsAllowHeaders)

      the value used for CORS in the access-control-allow-headers and access-control-expose-headers headers.

      In addition to this default value any headers specified in the request header access-control-request-headers also get added to access-control-allow-headers and access-control-expose-headers headers in a CORS response.

      The default is ""

      Parameters:
      corsAllowHeaders - the value used for CORS in the access-control-allow-headers and access-control-expose-headers headers

    • corsAllowCredentials

      public Boolean corsAllowCredentials()

    • corsAllowCredentials

      public Configuration corsAllowCredentials(Boolean corsAllowCredentials)
      The value used for CORS in the access-control-allow-credentials header.

      The default is false

      Parameters:
      corsAllowCredentials - the value used for CORS in the access-control-allow-credentials header

    • corsMaxAgeInSeconds

      public Integer corsMaxAgeInSeconds()

    • corsMaxAgeInSeconds

      public Configuration corsMaxAgeInSeconds(Integer corsMaxAgeInSeconds)
      The value used for CORS in the access-control-max-age header.

      The default is 0

      Parameters:
      corsMaxAgeInSeconds - the value used for CORS in the access-control-max-age header.

    • javascriptDisallowedClasses

      public String javascriptDisallowedClasses()

    • javascriptDisallowedClasses

      public Configuration javascriptDisallowedClasses(String javascriptDisallowedClasses)
      Set comma separate list of classes not allowed to be used by javascript templates

      The default is all allowed

      Parameters:
      javascriptDisallowedClasses - comma separated list of classes not allowed to be used

    • javascriptDisallowedText

      public String javascriptDisallowedText()

    • javascriptDisallowedText

      public Configuration javascriptDisallowedText(String javascriptDisallowedText)
      Set comma separate list of text not allowed to be contained in javascript templates

      The default is all allowed

      Parameters:
      javascriptDisallowedText - comma separated list of text not allowed to be contained in javascript templates

    • velocityDisallowClassLoading

      public Boolean velocityDisallowClassLoading()

    • velocityDisallowClassLoading

      public Configuration velocityDisallowClassLoading(Boolean velocityDisallowClassLoading)
      If true class loading is not allowed in velocity templates

      The default is false

      Parameters:
      velocityDisallowClassLoading - class loading is not allowed in velocity templates

    • velocityDisallowedText

      public String velocityDisallowedText()

    • velocityDisallowedText

      public Configuration velocityDisallowedText(String velocityDisallowedText)
      Set comma separate list of text not allowed to be contained in velocity templates

      The default is all allowed

      Parameters:
      velocityDisallowedText - comma separated list of text not allowed to be contained in velocity templates

    • mustacheDisallowedText

      public String mustacheDisallowedText()

    • mustacheDisallowedText

      public Configuration mustacheDisallowedText(String mustacheDisallowedText)
      Set comma separate list of text not allowed to be contained in mustache templates

      The default is all allowed

      Parameters:
      mustacheDisallowedText - comma separated list of text not allowed to be contained in mustache templates

    • initializationClass

      public String initializationClass()

    • initializationClass

      public Configuration initializationClass(String initializationClass)
      The class (and package) used to initialize expectations in MockServer at startup, if set MockServer will load and call this class to initialize expectations when is starts.

      The default is null

      Parameters:
      initializationClass - class (and package) used to initialize expectations in MockServer at startup

    • initializationJsonPath

      public String initializationJsonPath()

    • initializationJsonPath

      public Configuration initializationJsonPath(String initializationJsonPath)

      The path to the json file used to initialize expectations in MockServer at startup, if set MockServer will load this file and initialise expectations for each item in the file when is starts.

      The expected format of the file is a JSON array of expectations, as per the REST API format

      To watch multiple files use a file globs as documented here: https://mock-server.com/mock_server/initializing_expectations.html#expectation_initializer_json_glob_patterns

      Parameters:
      initializationJsonPath - path to the json file used to initialize expectations in MockServer at startup

    • initializationOpenAPIPath

      public String initializationOpenAPIPath()

    • initializationOpenAPIPath

      public Configuration initializationOpenAPIPath(String initializationOpenAPIPath)

      The path to the OpenAPI spec file used to initialize expectations in MockServer at startup, if set MockServer will load this file and create expectations for each operation when it starts.

      The file can be a YAML (.yaml, .yml) or JSON (.json) OpenAPI v3 specification.

      To watch multiple files use file globs as documented here: https://mock-server.com/mock_server/initializing_expectations.html#expectation_initializer_json_glob_patterns

      Parameters:
      initializationOpenAPIPath - path to the OpenAPI spec file used to initialize expectations in MockServer at startup

    • openAPIContextPathPrefix

      public String openAPIContextPathPrefix()

    • openAPIContextPathPrefix

      public Configuration openAPIContextPathPrefix(String openAPIContextPathPrefix)

      A path prefix to add to all paths generated from OpenAPI specifications.

      For example, if set to "/api/v1" then a path "/pets" from the spec becomes "/api/v1/pets".

      Parameters:
      openAPIContextPathPrefix - the path prefix to add to OpenAPI paths

    • openAPIResponseValidation

      public Boolean openAPIResponseValidation()

    • openAPIResponseValidation

      public Configuration openAPIResponseValidation(Boolean openAPIResponseValidation)

      If enabled MockServer will validate that mock responses conform to the OpenAPI spec schema they were generated from.

      Validation is advisory only - responses are still returned to the client even if validation fails.

      The default is false

      Parameters:
      openAPIResponseValidation - if enabled mock responses will be validated against the OpenAPI spec schema

    • watchInitializationJson

      public Boolean watchInitializationJson()

    • watchInitializationJson

      public Configuration watchInitializationJson(Boolean watchInitializationJson)

      If enabled the initialization json file will be watched for changes, any changes found will result in expectations being created, remove or updated by matching against their key.

      If duplicate keys exist only the last duplicate key in the file will be processed and all duplicates except the last duplicate will be removed.

      The order of expectations in the file is the order in which they are created if they are new, however, re-ordering existing expectations does not change the order they are matched against incoming requests.

      The default is false

      Parameters:
      watchInitializationJson - if enabled the initialization json file will be watched for changes

    • persistExpectations

      public Boolean persistExpectations()

    • persistExpectations

      public Configuration persistExpectations(Boolean persistExpectations)
      Enable the persisting of expectations as json, which is updated whenever the expectation state is updated (i.e. add, clear, expires, etc.)

      The default is false

      Parameters:
      persistExpectations - the persisting of expectations as json

    • persistedExpectationsPath

      public String persistedExpectationsPath()

    • persistedExpectationsPath

      public Configuration persistedExpectationsPath(String persistedExpectationsPath)
      The file path used to save persisted expectations as json, which is updated whenever the expectation state is updated (i.e. add, clear, expires, etc.)

      The default is "persistedExpectations.json"

      Parameters:
      persistedExpectationsPath - file path used to save persisted expectations as json

    • persistRecordedExpectations

      public Boolean persistRecordedExpectations()

    • persistRecordedExpectations

      public Configuration persistRecordedExpectations(Boolean persistRecordedExpectations)
      Enable the persisting of recorded expectations (proxy traffic) as json, which is updated whenever a new request is forwarded

      The default is false

      Parameters:
      persistRecordedExpectations - the persisting of recorded expectations as json

    • persistedRecordedExpectationsPath

      public String persistedRecordedExpectationsPath()

    • persistedRecordedExpectationsPath

      public Configuration persistedRecordedExpectationsPath(String persistedRecordedExpectationsPath)
      The file path used to save persisted recorded expectations as json, which is updated whenever a new request is forwarded

      The default is "persistedRecordedExpectations.json"

      Parameters:
      persistedRecordedExpectationsPath - file path used to save persisted recorded expectations as json

    • stateBackend

      public String stateBackend()
      Returns the state backend type. Currently only "memory" is supported (default). Phase 2b will add "infinispan" for clustered state.

    • stateBackend

      public Configuration stateBackend(String stateBackend)
      Sets the state backend type. Currently only "memory" is supported.
      Parameters:
      stateBackend - the backend type (e.g. "memory")

    • blobStoreType

      public String blobStoreType()
      Returns the blob store type. "filesystem" (default) delegates to the existing file persistence paths so on-disk behaviour is unchanged; "memory" keeps blobs in-memory only (lost on process exit).

    • blobStoreType

      public Configuration blobStoreType(String blobStoreType)
      Sets the blob store type.
      Parameters:
      blobStoreType - the blob store type (e.g. "memory", "filesystem")

    • blobStoreBucket

      public String blobStoreBucket()
      Returns the cloud blob store bucket name (S3 bucket or GCS bucket).

    • blobStoreBucket

      public Configuration blobStoreBucket(String blobStoreBucket)

    • blobStoreRegion

      public String blobStoreRegion()
      Returns the cloud blob store region (e.g. "us-east-1" for S3).

    • blobStoreRegion

      public Configuration blobStoreRegion(String blobStoreRegion)

    • blobStoreEndpoint

      public String blobStoreEndpoint()
      Returns the cloud blob store endpoint override URL (e.g. MinIO endpoint for S3-compatible stores, or fake-gcs-server URL).

    • blobStoreEndpoint

      public Configuration blobStoreEndpoint(String blobStoreEndpoint)

    • blobStoreKeyPrefix

      public String blobStoreKeyPrefix()
      Returns the key prefix for cloud blob store objects. All blob keys are prefixed with this value (e.g. "mockserver/" to namespace objects within a shared bucket).

    • blobStoreKeyPrefix

      public Configuration blobStoreKeyPrefix(String blobStoreKeyPrefix)

    • blobStoreAccessKeyId

      public String blobStoreAccessKeyId()
      Returns the explicit access key ID for cloud blob store authentication (optional -- falls back to default credential chain).

    • blobStoreAccessKeyId

      public Configuration blobStoreAccessKeyId(String blobStoreAccessKeyId)

    • blobStoreSecretAccessKey

      public String blobStoreSecretAccessKey()
      Returns the explicit secret access key for cloud blob store authentication (optional -- falls back to default credential chain).

    • blobStoreSecretAccessKey

      public Configuration blobStoreSecretAccessKey(String blobStoreSecretAccessKey)

    • blobStoreContainer

      public String blobStoreContainer()
      Returns the Azure Blob Storage container name.

    • blobStoreContainer

      public Configuration blobStoreContainer(String blobStoreContainer)

    • blobStoreConnectionString

      public String blobStoreConnectionString()
      Returns the Azure Blob Storage connection string.

    • blobStoreConnectionString

      public Configuration blobStoreConnectionString(String blobStoreConnectionString)

    • blobStoreProjectId

      public String blobStoreProjectId()
      Returns the GCS project ID (optional -- falls back to default project from application default credentials).

    • blobStoreProjectId

      public Configuration blobStoreProjectId(String blobStoreProjectId)

    • clusterEnabled

      public boolean clusterEnabled()
      Returns whether clustering is enabled. When true and stateBackend=infinispan, the Infinispan backend starts a JGroups transport for multi-node state replication. Default is false (single-node LOCAL mode, identical to today).

    • clusterEnabled

      public Configuration clusterEnabled(boolean clusterEnabled)
      Enables or disables clustering.
      Parameters:
      clusterEnabled - true to enable JGroups transport

    • clusterName

      public String clusterName()
      Returns the cluster name used as the JGroups cluster identifier. All nodes with the same cluster name form a single cluster. Default is "mockserver-cluster".

    • clusterName

      public Configuration clusterName(String clusterName)
      Sets the JGroups cluster name.
      Parameters:
      clusterName - the cluster identifier

    • clusterTransportConfig

      public String clusterTransportConfig()
      Returns the optional path to a JGroups XML transport configuration file. When set, this overrides the default in-JVM loopback stack. When null, the Infinispan module uses its built-in embedded-friendly JGroups configuration.

    • clusterTransportConfig

      public Configuration clusterTransportConfig(String clusterTransportConfig)
      Sets the path to a custom JGroups XML transport configuration.
      Parameters:
      clusterTransportConfig - path to JGroups XML, or null for default

    • maximumNumberOfRequestToReturnInVerificationFailure

      public Integer maximumNumberOfRequestToReturnInVerificationFailure()

    • maximumNumberOfRequestToReturnInVerificationFailure

      public Configuration maximumNumberOfRequestToReturnInVerificationFailure(Integer maximumNumberOfRequestToReturnInVerificationFailure)
      The maximum number of requests to return in verification failure result, if more expectations are found the failure result does not list them separately
      Parameters:
      maximumNumberOfRequestToReturnInVerificationFailure - maximum number of expectations to return in verification failure result

    • detailedVerificationFailures

      public Boolean detailedVerificationFailures()

    • detailedVerificationFailures

      public Configuration detailedVerificationFailures(Boolean detailedVerificationFailures)
      If true (the default) verification failure messages include a detailed diff showing which fields did not match for the closest matching request.
      Parameters:
      detailedVerificationFailures - enabled detailed verification failure messages

    • attemptToProxyIfNoMatchingExpectation

      public Boolean attemptToProxyIfNoMatchingExpectation()

    • attemptToProxyIfNoMatchingExpectation

      public Configuration attemptToProxyIfNoMatchingExpectation(Boolean attemptToProxyIfNoMatchingExpectation)
      If true (the default) when no matching expectation is found, and the host header of the request does not match MockServer's host, then MockServer attempts to proxy the request if that fails then a 404 is returned. If false when no matching expectation is found, and MockServer is not being used as a proxy, then MockServer always returns a 404 immediately.
      Parameters:
      attemptToProxyIfNoMatchingExpectation - enables automatically attempted proxying of request that don't match an expectation and look like they should be proxied

    • forwardHttpProxy

      public InetSocketAddress forwardHttpProxy()

    • forwardHttpProxy

      public Configuration forwardHttpProxy(InetSocketAddress forwardHttpProxy)
      Use HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

      The default is null

      Parameters:
      forwardHttpProxy - host and port for HTTP proxy (i.e. via Host header) for all outbound / forwarded requests

    • forwardHttpsProxy

      public InetSocketAddress forwardHttpsProxy()

    • forwardHttpsProxy

      public Configuration forwardHttpsProxy(InetSocketAddress forwardHttpsProxy)
      Use HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests, supports TLS tunnelling of HTTPS requests

      The default is null

      Parameters:
      forwardHttpsProxy - host and port for HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

    • forwardSocksProxy

      public InetSocketAddress forwardSocksProxy()

    • forwardSocksProxy

      public Configuration forwardSocksProxy(InetSocketAddress forwardSocksProxy)
      Use SOCKS proxy for all outbound / forwarded requests, support TLS tunnelling of TCP connections

      The default is null

      Parameters:
      forwardSocksProxy - host and port for SOCKS proxy for all outbound / forwarded requests

    • forwardProxyAuthenticationUsername

      public String forwardProxyAuthenticationUsername()

    • forwardProxyAuthenticationUsername

      public Configuration forwardProxyAuthenticationUsername(String forwardProxyAuthenticationUsername)

      Username for proxy authentication when using HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

      Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

      The default is null

      Parameters:
      forwardProxyAuthenticationUsername - username for proxy authentication

    • forwardProxyAuthenticationPassword

      public String forwardProxyAuthenticationPassword()

    • forwardProxyAuthenticationPassword

      public Configuration forwardProxyAuthenticationPassword(String forwardProxyAuthenticationPassword)

      Password for proxy authentication when using HTTPS proxy (i.e. HTTP CONNECT) for all outbound / forwarded requests

      Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

      The default is null

      Parameters:
      forwardProxyAuthenticationPassword - password for proxy authentication

    • proxyAuthenticationRealm

      public String proxyAuthenticationRealm()

    • proxyAuthenticationRealm

      public Configuration proxyAuthenticationRealm(String proxyAuthenticationRealm)
      The authentication realm for proxy authentication to MockServer
      Parameters:
      proxyAuthenticationRealm - the authentication realm for proxy authentication

    • proxyAuthenticationUsername

      public String proxyAuthenticationUsername()

    • proxyAuthenticationUsername

      public Configuration proxyAuthenticationUsername(String proxyAuthenticationUsername)

      The required username for proxy authentication to MockServer

      Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

      The default is ""

      Parameters:
      proxyAuthenticationUsername - required username for proxy authentication to MockServer

    • proxyAuthenticationPassword

      public String proxyAuthenticationPassword()

    • proxyAuthenticationPassword

      public Configuration proxyAuthenticationPassword(String proxyAuthenticationPassword)

      The required password for proxy authentication to MockServer

      Note: 8u111 Update Release Notes state that the Basic authentication scheme has been deactivated when setting up an HTTPS tunnel. To resolve this clear or set to an empty string the following system properties: jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes.

      The default is ""

      Parameters:
      proxyAuthenticationPassword - required password for proxy authentication to MockServer

    • noProxyHosts

      public String noProxyHosts()

    • noProxyHosts

      public Configuration noProxyHosts(String noProxyHosts)

      The list of hostnames to not use the configured proxy. Several values may be present, seperated by comma (,)

      The default is ""
      Parameters:
      noProxyHosts - Comma-seperated list of hosts to not be proxied.

    • proxyRemoteHost

      public String proxyRemoteHost()

    • proxyRemoteHost

      public Configuration proxyRemoteHost(String proxyRemoteHost)
      The hostname of the remote server to proxy all requests to. When set, unmatched requests are forwarded to this host.
      Parameters:
      proxyRemoteHost - the hostname to forward requests to

    • proxyRemotePort

      public Integer proxyRemotePort()

    • proxyRemotePort

      public Configuration proxyRemotePort(Integer proxyRemotePort)
      The port of the remote server to proxy all requests to. Must be specified together with proxyRemoteHost.
      Parameters:
      proxyRemotePort - the port to forward requests to

    • forwardAdjustHostHeader

      public Boolean forwardAdjustHostHeader()

    • forwardAdjustHostHeader

      public Configuration forwardAdjustHostHeader(Boolean forwardAdjustHostHeader)
      If true (the default) the Host header will be automatically adjusted to match the target server when forwarding requests. This prevents HTTP 421 Misdirected Request errors when the target server validates Host headers. If false the original Host header is preserved.
      Parameters:
      forwardAdjustHostHeader - enables automatic Host header adjustment for forwarded requests

    • forwardDefaultHostHeader

      public String forwardDefaultHostHeader()

    • forwardDefaultHostHeader

      public Configuration forwardDefaultHostHeader(String forwardDefaultHostHeader)
      Set a default Host header value to use when forwarding requests. When set, the Host header will be overridden with this value for all forwarded requests, regardless of the target server's address. This is useful when the target server routes requests based on the Host header.
      Parameters:
      forwardDefaultHostHeader - the Host header value to set on forwarded requests

    • proxyPassMappings

      public List<ProxyPassMapping> proxyPassMappings()

    • proxyPassMappings

      public Configuration proxyPassMappings(List<ProxyPassMapping> proxyPassMappings)
      Configure ProxyPass mappings that map incoming path prefixes to upstream servers with automatic path rewriting.
      Parameters:
      proxyPassMappings - list of ProxyPassMapping objects

    • globalResponseDelayMillis

      public Long globalResponseDelayMillis()

    • globalResponseDelayMillis

      public Configuration globalResponseDelayMillis(Long globalResponseDelayMillis)

    • livenessHttpGetPath

      public String livenessHttpGetPath()

    • livenessHttpGetPath

      public Configuration livenessHttpGetPath(String livenessHttpGetPath)
      Path to support HTTP GET requests for status response (also available on PUT /mockserver/status).

      If this value is not modified then only PUT /mockserver/status but is a none blank value is provided for this value then GET requests to this path will return the 200 Ok status response showing the MockServer version and bound ports.

      A GET request to this path will be matched before any expectation matching or proxying of requests.

      The default is ""

      Parameters:
      livenessHttpGetPath - path to support HTTP GET requests for status response

    • controlPlaneTLSMutualAuthenticationRequired

      public Boolean controlPlaneTLSMutualAuthenticationRequired()

    • controlPlaneTLSMutualAuthenticationRequired

      public Configuration controlPlaneTLSMutualAuthenticationRequired(Boolean controlPlaneTLSMutualAuthenticationRequired)
      Require mTLS (also called client authentication and two-way TLS) for all control plane requests
      Parameters:
      controlPlaneTLSMutualAuthenticationRequired - TLS mutual authentication for all control plane requests

    • controlPlaneTLSMutualAuthenticationCAChain

      public String controlPlaneTLSMutualAuthenticationCAChain()

    • controlPlaneTLSMutualAuthenticationCAChain

      public Configuration controlPlaneTLSMutualAuthenticationCAChain(String controlPlaneTLSMutualAuthenticationCAChain)
      File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for control plane mTLS authentication

      The X.509 Certificate Chain is for trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

      This certificate chain will be used for to performs mTLS (client authentication) for inbound TLS connections if controlPlaneTLSMutualAuthenticationRequired is enabled

      Parameters:
      controlPlaneTLSMutualAuthenticationCAChain - File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates

    • controlPlanePrivateKeyPath

      public String controlPlanePrivateKeyPath()

    • controlPlanePrivateKeyPath

      public Configuration controlPlanePrivateKeyPath(String controlPlanePrivateKeyPath)
      File system path or classpath location of a fixed custom private key for control plane connections using mTLS for authentication.

      The private key must be a PKCS#8 or PKCS#1 PEM file and must be the private key corresponding to the controlPlaneX509CertificatePath X509 (public key) configuration. The controlPlaneTLSMutualAuthenticationCAChain configuration must be the Certificate Authority for the corresponding X509 certificate (i.e. able to valid its signature).

      To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

      This configuration will be ignored unless x509CertificatePath is also set.

      Parameters:
      controlPlanePrivateKeyPath - location of the PKCS#8 PEM file containing the private key

    • controlPlaneX509CertificatePath

      public String controlPlaneX509CertificatePath()

    • controlPlaneX509CertificatePath

      public Configuration controlPlaneX509CertificatePath(String controlPlaneX509CertificatePath)
      File system path or classpath location of a fixed custom X.509 Certificate for control plane connections using mTLS for authentication.

      The certificate must be a X509 PEM file and must be the public key corresponding to the controlPlanePrivateKeyPath private key configuration. The controlPlaneTLSMutualAuthenticationCAChain configuration must be the Certificate Authority for this certificate (i.e. able to valid its signature).

      This configuration will be ignored unless privateKeyPath is also set.

      Parameters:
      controlPlaneX509CertificatePath - location of the PEM file containing the X509 certificate

    • controlPlaneJWTAuthenticationRequired

      public Boolean controlPlaneJWTAuthenticationRequired()

    • controlPlaneJWTAuthenticationRequired

      public Configuration controlPlaneJWTAuthenticationRequired(Boolean controlPlaneJWTAuthenticationRequired)

      Require JWT authentication for all control plane requests

      Parameters:
      controlPlaneJWTAuthenticationRequired - TLS mutual authentication for all control plane requests

    • controlPlaneJWTAuthenticationJWKSource

      public String controlPlaneJWTAuthenticationJWKSource()

    • controlPlaneJWTAuthenticationJWKSource

      public Configuration controlPlaneJWTAuthenticationJWKSource(String controlPlaneJWTAuthenticationJWKSource)

      JWK source used when JWT authentication is enabled for control plane requests

      JWK source can be a file system path, classpath location or a URL

      See: https://openid.net/specs/draft-jones-json-web-key-03.html

      Parameters:
      controlPlaneJWTAuthenticationJWKSource - file system path, classpath location or a URL of JWK source

    • controlPlaneJWTAuthenticationExpectedAudience

      public String controlPlaneJWTAuthenticationExpectedAudience()

    • controlPlaneJWTAuthenticationExpectedAudience

      public Configuration controlPlaneJWTAuthenticationExpectedAudience(String controlPlaneJWTAuthenticationExpectedAudience)

      Audience claim (i.e. aud) required when JWT authentication is enabled for control plane requests

      Parameters:
      controlPlaneJWTAuthenticationExpectedAudience - required value for audience claim (i.e. aud)

    • controlPlaneJWTAuthenticationMatchingClaims

      public Map<String,String> controlPlaneJWTAuthenticationMatchingClaims()

    • controlPlaneJWTAuthenticationMatchingClaims

      public Configuration controlPlaneJWTAuthenticationMatchingClaims(Map<String,String> controlPlaneJWTAuthenticationMatchingClaims)

      Matching claims expected when JWT authentication is enabled for control plane requests

      Value should be string with comma separated key=value items, for example: scope=internal public,sub=some_subject

      Parameters:
      controlPlaneJWTAuthenticationMatchingClaims - required values for claims

    • controlPlaneJWTAuthenticationRequiredClaims

      public Set<String> controlPlaneJWTAuthenticationRequiredClaims()

    • controlPlaneJWTAuthenticationRequiredClaims

      public Configuration controlPlaneJWTAuthenticationRequiredClaims(Set<String> controlPlaneJWTAuthenticationRequiredClaims)

      Required claims that should exist (i.e. with any value) when JWT authentication is enabled for control plane requests

      Value should be string with comma separated values, for example: scope,sub

      Parameters:
      controlPlaneJWTAuthenticationRequiredClaims - required claims

    • proactivelyInitialiseTLS

      public Boolean proactivelyInitialiseTLS()

    • proactivelyInitialiseTLS

      public Configuration proactivelyInitialiseTLS(Boolean proactivelyInitialiseTLS)

      Proactively initialise TLS during start to ensure that if dynamicallyCreateCertificateAuthorityCertificate is enabled the Certificate Authority X.509 Certificate and Private Key will be created during start up and not when the first TLS connection is received.

      This setting will also ensure any configured private key and X.509 will be loaded during start up and not when the first TLS connection is received to give immediate feedback on any related TLS configuration errors.

      Parameters:
      proactivelyInitialiseTLS - proactively initialise TLS at startup

    • rebuildTLSContext

      public boolean rebuildTLSContext()

    • rebuildTLSContext

      public Configuration rebuildTLSContext(boolean rebuildTLSContext)

    • rebuildServerTLSContext

      public boolean rebuildServerTLSContext()

    • rebuildServerTLSContext

      public Configuration rebuildServerTLSContext(boolean rebuildServerTLSContext)

    • tlsProtocols

      public String tlsProtocols()

    • tlsProtocols

      public Configuration tlsProtocols(String tlsProtocols)
      Comma seperated list of TLS protocols, by default TLSv1,TLSv1.1,TLSv1.2
      Parameters:
      tlsProtocols - comma seperated list of TLS protocols

    • tlsAllowInsecureProtocols

      public Boolean tlsAllowInsecureProtocols()

    • tlsAllowInsecureProtocols

      public Configuration tlsAllowInsecureProtocols(Boolean tlsAllowInsecureProtocols)
      Whether to allow TLSv1 and TLSv1.1 in the effective TLS protocols list. Both are deprecated by RFC 8996 and vulnerable to BEAST and POODLE. The default is true for backwards compatibility; set to false to opt into a hardened profile that filters TLSv1 and TLSv1.1 out of tlsProtocols.
      Parameters:
      tlsAllowInsecureProtocols - if true, TLSv1 and TLSv1.1 are honoured; if false, they are stripped

    • dynamicallyCreateCertificateAuthorityCertificate

      public Boolean dynamicallyCreateCertificateAuthorityCertificate()

    • dynamicallyCreateCertificateAuthorityCertificate

      public Configuration dynamicallyCreateCertificateAuthorityCertificate(Boolean dynamicallyCreateCertificateAuthorityCertificate)
      Enable dynamic creation of Certificate Authority X509 certificate and private key.

      Enable this property to increase the security of trusting the MockServer Certificate Authority X509 by ensuring a local dynamic value is used instead of the public value in the MockServer git repo.

      These PEM files will be created and saved in the directory specified with configuration property directoryToSaveDynamicSSLCertificate.

      Parameters:
      dynamicallyCreateCertificateAuthorityCertificate - dynamic creation of Certificate Authority X509 certificate and private key.

    • directoryToSaveDynamicSSLCertificate

      public String directoryToSaveDynamicSSLCertificate()

    • directoryToSaveDynamicSSLCertificate

      public Configuration directoryToSaveDynamicSSLCertificate(String directoryToSaveDynamicSSLCertificate)
      Directory used to save the dynamically generated Certificate Authority X.509 Certificate and Private Key.
      Parameters:
      directoryToSaveDynamicSSLCertificate - directory to save Certificate Authority X.509 Certificate and Private Key

    • preventCertificateDynamicUpdate

      public Boolean preventCertificateDynamicUpdate()

    • preventCertificateDynamicUpdate

      public Configuration preventCertificateDynamicUpdate(Boolean preventCertificateDynamicUpdate)
      Prevent certificates from dynamically updating when domain list changes
      Parameters:
      preventCertificateDynamicUpdate - prevent certificates from dynamically updating when domain list changes

    • sslCertificateDomainName

      public String sslCertificateDomainName()

    • sslCertificateDomainName

      public Configuration sslCertificateDomainName(String sslCertificateDomainName)
      The domain name for auto-generate TLS certificates

      The default is "localhost"

      Parameters:
      sslCertificateDomainName - domain name for auto-generate TLS certificates

    • sslSubjectAlternativeNameDomains

      public Set<String> sslSubjectAlternativeNameDomains()

    • sslSubjectAlternativeNameDomains

      public Configuration sslSubjectAlternativeNameDomains(String... sslSubjectAlternativeNameDomains)
      The Subject Alternative Name (SAN) domain names for auto-generate TLS certificates

      The default is "localhost"

      Parameters:
      sslSubjectAlternativeNameDomains - Subject Alternative Name (SAN) domain names for auto-generate TLS certificates

    • sslSubjectAlternativeNameDomains

      public Configuration sslSubjectAlternativeNameDomains(Set<String> sslSubjectAlternativeNameDomains)
      The Subject Alternative Name (SAN) domain names for auto-generate TLS certificates

      The default is "localhost"

      Parameters:
      sslSubjectAlternativeNameDomains - Subject Alternative Name (SAN) domain names for auto-generate TLS certificates

    • sslSubjectAlternativeNameIps

      public Set<String> sslSubjectAlternativeNameIps()

    • sslSubjectAlternativeNameIps

      public Configuration sslSubjectAlternativeNameIps(String... sslSubjectAlternativeNameIps)

      The Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates

      The default is 127.0.0.1, 0.0.0.0

      Parameters:
      sslSubjectAlternativeNameIps - Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates

    • sslSubjectAlternativeNameIps

      public Configuration sslSubjectAlternativeNameIps(Set<String> sslSubjectAlternativeNameIps)

      The Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates

      The default is 127.0.0.1, 0.0.0.0

      Parameters:
      sslSubjectAlternativeNameIps - Subject Alternative Name (SAN) IP addresses for auto-generate TLS certificates

    • certificateAuthorityPrivateKey

      public String certificateAuthorityPrivateKey()

    • certificateAuthorityPrivateKey

      public Configuration certificateAuthorityPrivateKey(String certificateAuthorityPrivateKey)
      File system path or classpath location of custom Private Key for Certificate Authority for TLS, the private key must be a PKCS#8 or PKCS#1 PEM file and must match the certificateAuthorityCertificate To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

      The path is not file-existence-checked here because dynamic CA generation (dynamicallyCreateCertificateAuthorityCertificate) sets this to the destination path before the file is written. Typos in user-supplied paths are surfaced by CertificateConfigurationValidator at TLS-init time.

      Parameters:
      certificateAuthorityPrivateKey - location of the PEM file containing the certificate authority private key

    • certificateAuthorityCertificate

      public String certificateAuthorityCertificate()

    • certificateAuthorityCertificate

      public Configuration certificateAuthorityCertificate(String certificateAuthorityCertificate)
      File system path or classpath location of custom X.509 Certificate for Certificate Authority for TLS, the certificate must be a X509 PEM file and must match the certificateAuthorityPrivateKey

      The path is not file-existence-checked here because dynamic CA generation (dynamicallyCreateCertificateAuthorityCertificate) sets this to the destination path before the file is written. Typos in user-supplied paths are surfaced by CertificateConfigurationValidator at TLS-init time.

      Parameters:
      certificateAuthorityCertificate - location of the PEM file containing the certificate authority X509 certificate

    • privateKeyPath

      public String privateKeyPath()

    • privateKeyPath

      public Configuration privateKeyPath(String privateKeyPath)
      File system path or classpath location of a fixed custom private key for TLS connections into MockServer.

      The private key must be a PKCS#8 or PKCS#1 PEM file and must be the private key corresponding to the x509CertificatePath X509 (public key) configuration. The certificateAuthorityCertificate configuration must be the Certificate Authority for the corresponding X509 certificate (i.e. able to valid its signature), see: x509CertificatePath.

      To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

      This configuration will be ignored unless x509CertificatePath is also set.

      The path is not file-existence-checked here because dynamic SSL certificate generation sets this to the destination path before the file is written. Typos in user-supplied paths are surfaced by CertificateConfigurationValidator at TLS-init time.

      Parameters:
      privateKeyPath - location of the PKCS#8 PEM file containing the private key

    • x509CertificatePath

      public String x509CertificatePath()

    • x509CertificatePath

      public Configuration x509CertificatePath(String x509CertificatePath)
      File system path or classpath location of a fixed custom X.509 Certificate for TLS connections into MockServer.

      The certificate must be a X509 PEM file and must be the public key corresponding to the privateKeyPath private key configuration. The certificateAuthorityCertificate configuration must be the Certificate Authority for this certificate (i.e. able to valid its signature).

      This configuration will be ignored unless privateKeyPath is also set.

      The path is not file-existence-checked here because dynamic SSL certificate generation sets this to the destination path before the file is written. Typos in user-supplied paths are surfaced by CertificateConfigurationValidator at TLS-init time.

      Parameters:
      x509CertificatePath - location of the PEM file containing the X509 certificate

    • tlsMutualAuthenticationRequired

      public Boolean tlsMutualAuthenticationRequired()

    • tlsMutualAuthenticationRequired

      public Configuration tlsMutualAuthenticationRequired(Boolean tlsMutualAuthenticationRequired)
      Require mTLS (also called client authentication and two-way TLS) for all TLS connections / HTTPS requests to MockServer
      Parameters:
      tlsMutualAuthenticationRequired - TLS mutual authentication

    • tlsMutualAuthenticationCertificateChain

      public String tlsMutualAuthenticationCertificateChain()

    • tlsMutualAuthenticationCertificateChain

      public Configuration tlsMutualAuthenticationCertificateChain(String tlsMutualAuthenticationCertificateChain)
      File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

      This certificate chain will be used if MockServer performs mTLS (client authentication) for inbound TLS connections because tlsMutualAuthenticationRequired is enabled

      Parameters:
      tlsMutualAuthenticationCertificateChain - File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates

    • forwardProxyTLSX509CertificatesTrustManagerType

      public ForwardProxyTLSX509CertificatesTrustManager forwardProxyTLSX509CertificatesTrustManagerType()

    • forwardProxyTLSX509CertificatesTrustManagerType

      public Configuration forwardProxyTLSX509CertificatesTrustManagerType(ForwardProxyTLSX509CertificatesTrustManager forwardProxyTLSX509CertificatesTrustManagerType)
      Configure trusted set of certificates for forwarded or proxied requests.

      MockServer will only be able to establish a TLS connection to endpoints that have a trusted X509 certificate according to the trust manager type, as follows:

      ALL - Insecure will trust all X509 certificates and not perform host name verification. JVM - Will trust all X509 certificates trust by the JVM. CUSTOM - Will trust all X509 certificates specified in forwardProxyTLSCustomTrustX509Certificates configuration value.

      Parameters:
      forwardProxyTLSX509CertificatesTrustManagerType - trusted set of certificates for forwarded or proxied requests, allowed values: ALL, JVM, CUSTOM.

    • forwardProxyBlockPrivateNetworks

      public Boolean forwardProxyBlockPrivateNetworks()

    • forwardProxyBlockPrivateNetworks

      public Configuration forwardProxyBlockPrivateNetworks(Boolean forwardProxyBlockPrivateNetworks)
      When set to true, MockServer rejects forward and proxy targets that resolve to loopback, link-local, RFC 1918 private, or cloud metadata addresses (such as 169.254.169.254), blocking server-side request forgery (SSRF) via malicious expectations.

      The default is false so that the common case of forwarding to localhost / Docker bridge / Kubernetes service IPs continues to work. Enable this in hardened or multi-tenant deployments where untrusted callers can register expectations.

      Parameters:
      forwardProxyBlockPrivateNetworks - if true, block forwarding to private or metadata addresses

    • forwardProxyTLSCustomTrustX509Certificates

      public String forwardProxyTLSCustomTrustX509Certificates()

    • forwardProxyTLSCustomTrustX509Certificates

      public Configuration forwardProxyTLSCustomTrustX509Certificates(String forwardProxyTLSCustomTrustX509Certificates)
      File system path or classpath location of custom file for trusted X509 Certificate Authority roots for forwarded or proxied requests, the certificate chain must be a X509 PEM file.

      MockServer will only be able to establish a TLS connection to endpoints that have an X509 certificate chain that is signed by one of the provided custom certificates, i.e. where a path can be established from the endpoints X509 certificate to one or more of the custom X509 certificates provided.

      Parameters:
      forwardProxyTLSCustomTrustX509Certificates - custom set of trusted X509 certificate authority roots for forwarded or proxied requests in PEM format.

    • forwardProxyPrivateKey

      public String forwardProxyPrivateKey()

    • forwardProxyPrivateKey

      public Configuration forwardProxyPrivateKey(String forwardProxyPrivateKey)
      File system path or classpath location of custom Private Key for proxied TLS connections out of MockServer, the private key must be a PKCS#8 or PKCS#1 PEM file

      To convert a PKCS#1 (i.e. default for Bouncy Castle) to a PKCS#8 the following command can be used: openssl pkcs8 -topk8 -inform PEM -in private_key_PKCS_1.pem -out private_key_PKCS_8.pem -nocrypt

      This private key will be used if MockServer needs to perform mTLS (client authentication) for outbound TLS connections.

      Parameters:
      forwardProxyPrivateKey - location of the PEM file containing the private key

    • forwardProxyCertificateChain

      public String forwardProxyCertificateChain()

    • forwardProxyCertificateChain

      public Configuration forwardProxyCertificateChain(String forwardProxyCertificateChain)
      File system path or classpath location of custom mTLS (TLS client authentication) X.509 Certificate Chain for Trusting (i.e. signature verification of) Client X.509 Certificates, the certificate chain must be a X509 PEM file.

      This certificate chain will be used if MockServer needs to perform mTLS (client authentication) for outbound TLS connections.

      Parameters:
      forwardProxyCertificateChain - location of the PEM file containing the certificate chain

    • transparentProxyEnabled

      public Boolean transparentProxyEnabled()

    • transparentProxyEnabled

      public Configuration transparentProxyEnabled(Boolean transparentProxyEnabled)
      Enable transparent HTTP proxy mode where all connections are treated as proxy requests using the Host header as the forwarding target. This enables iptables REDIRECT-based interception without CONNECT.

      The default is false

      Parameters:
      transparentProxyEnabled - enable transparent proxy mode

    • transparentProxyTproxy

      public Boolean transparentProxyTproxy()

    • transparentProxyTproxy

      public Configuration transparentProxyTproxy(Boolean transparentProxyTproxy)
      Enable TPROXY (IP_TRANSPARENT) mode for transparent proxy original destination resolution. When enabled, the listener socket is bound with IP_TRANSPARENT and the original destination is read from the socket's local address. Requires Linux + epoll + CAP_NET_ADMIN + TPROXY iptables rules.
      Parameters:
      transparentProxyTproxy - enable TPROXY mode

    • transparentProxyEbpf

      public Boolean transparentProxyEbpf()

    • transparentProxyEbpf

      public Configuration transparentProxyEbpf(Boolean transparentProxyEbpf)
      Enable eBPF-based original destination resolution for transparent proxy mode. When enabled, the resolver reads from a pinned BPF hash map (populated by an external cgroup/connect4 BPF program) keyed by socket cookie. Requires Linux, CAP_BPF (or root), a BTF-enabled kernel, and an external BPF program that populates the map. Default: false.
      Parameters:
      transparentProxyEbpf - enable eBPF original destination resolution

    • transparentProxyEbpfMapPath

      public String transparentProxyEbpfMapPath()

    • transparentProxyEbpfMapPath

      public Configuration transparentProxyEbpfMapPath(String transparentProxyEbpfMapPath)
      Path to the pinned BPF map used by the eBPF original destination resolver. The map must be a BPF hash map keyed by u64 (socket cookie) with a 6-byte value (4-byte IPv4 address + 2-byte port, both in network byte order). Default: /sys/fs/bpf/mockserver_orig_dst.
      Parameters:
      transparentProxyEbpfMapPath - path to the pinned BPF map

    • asyncKafkaBootstrapServers

      public String asyncKafkaBootstrapServers()

    • asyncKafkaBootstrapServers

      public Configuration asyncKafkaBootstrapServers(String asyncKafkaBootstrapServers)
      Default Kafka bootstrap servers for async messaging. Used when a PUT /mockserver/asyncapi request omits brokerConfig.kafkaBootstrapServers.
      Parameters:
      asyncKafkaBootstrapServers - the default Kafka bootstrap servers

    • asyncMqttBrokerUrl

      public String asyncMqttBrokerUrl()

    • asyncMqttBrokerUrl

      public Configuration asyncMqttBrokerUrl(String asyncMqttBrokerUrl)
      Default MQTT broker URL for async messaging. Used when a PUT /mockserver/asyncapi request omits brokerConfig.mqttBrokerUrl.
      Parameters:
      asyncMqttBrokerUrl - the default MQTT broker URL

    • asyncRecordedMessageMaxEntries

      public Integer asyncRecordedMessageMaxEntries()

    • asyncRecordedMessageMaxEntries

      public Configuration asyncRecordedMessageMaxEntries(Integer asyncRecordedMessageMaxEntries)
      Maximum number of recorded messages retained per channel in async messaging subscribers. Default is 1000.
      Parameters:
      asyncRecordedMessageMaxEntries - the maximum entries per channel

    • addSubjectAlternativeName

      public void addSubjectAlternativeName(String host)

    • addSslSubjectAlternativeNameIps

      public void addSslSubjectAlternativeNameIps(String... additionalSubjectAlternativeNameIps)

    • clearSslSubjectAlternativeNameIps

      public void clearSslSubjectAlternativeNameIps()

    • addSslSubjectAlternativeNameDomains

      public void addSslSubjectAlternativeNameDomains(String... additionalSubjectAlternativeNameDomains)

    • clearSslSubjectAlternativeNameDomains

      public void clearSslSubjectAlternativeNameDomains()

    • ringBufferSize

      public int ringBufferSize()