Skip to content
Branch: master
Find file History
Type Name Latest commit message Commit time
Failed to load latest commit information.
src NoHttpExtension uses ConfigurableFileTree Jun 17, 2019
README.adoc Clarify implications of whitelist.lines location Jun 19, 2019
build.gradle Publish to the Gradle Plugin Portal Jun 5, 2019




You can find a working sample at nohttp-gradle-sample.


In it’s simplest form, you just need to add the Plugin to the root project of your build. You can optionally configure it using nohttp.

For example in Groovy:


plugins {
	id "io.spring.nohttp" version "0.0.2.RELEASE"

nohttp {

Or in Kotlin:


plugins {
	id("io.spring.nohttp") version "0.0.2.RELEASE"

nohttp {


Configures Gradle’s Checkstyle task to integrate with nohttp-checkstyle to verify there are no restricted usages of http://.

The plugin only needs to be added to the root project as all subdirectories are checked.


The NoHttpCheckstylePlugin adds the following tasks to the project:


Depends on: classes

Runs Checkstyle to verify no restricted uses of http://.

Dependencies added to other tasks

The NoHttpCheckstylePlugin adds the following dependencies to tasks.


Depends on: checkstyleNohttp.

Project layout

By default, the NoHttpCheckstylePlugin expects configuration files to be placed in the root project, but this can be changed.

└── config
    └── nohttp                 // (1)
        └── checkstyle.xml     // (2)
        └── suppressions.xml   // (3)
        └── whitelist.lines    // (4)
  1. Nohttp configuration files go here

  2. A custom checkstyle.xml file to use for checkstyleNohttp. The default can be found in the nohttp-checkstyle documentation

  3. A suppressions file to use for checkstyleNohttp. The default is no suppressions

  4. Custom whitelist to use

Dependency management

The nohttp plugin adds the following dependency configurations:

Table 1. nohttp plugin - dependency configurations
Name Meaning


The nohttp libraries to use. The default is the same version of nohttp as the Nohttp Gradle Plugin.


The NohttpExtension is used to customize the configuration. An example configuration is:

nohttp {
    whitelistFile = project.file('src/nohttp/whitelist.lines') (1)
    source.exclude "**/test-output/**"                         (2)
    toolVersion = '0.0.1.BUILD-SNAPSHOT'                       (3)
  1. whitelistFile (File) - instructs nohttp to use src/nohttp/whitelist.lines to provide Custom Rules for whitelisting URLs. Modifying the whitelistFile also modifies the default Project layout to look for the other configuration in the parent directory of whitelistFile (i.e. src/nohttp) as apposed to config/nohttp. This means if you have a file named checkstyle.xml in the same folder as whitelistFile you either need to include NoHttpCheck in the file or you need to explicitly configure nohttpCheckstyle task with a different checkstyle file.

  2. source (FileTree) - instructs nohttp what files to include / exclude. In this example, we exclude anything in the folder test-output.

  3. toolVersion - Updates the version of nohttp to use. The default is the same version as the nohttp Gradle Plugin version being used.

Configuring nohttpCheckstyle

You can also configure nohttpCheckstyle Checkstyle task directly.

Built-in variables

The NoHttpCheckstylePlugin defines:

  • config_loc property that can be used in Checkstyle configuration files to define paths to other configuration files like suppressions.xml.

  • nohttp.checkstyle.whitelistFileName property that can be used in Checkstyle configuration files to define paths to other configuration files like suppressions.xml.


Adds a JavaExec task that allows running nohttp-cli.


The Application plugin adds the following tasks to the project.


Runs nohttp-cli against the project.

nohttp samples

Run with the defaults. It finds all restricted usages of http:// and reports them.

./gradlew nohttp

Outputs the help

./gradlew nohttp --args='--help'

Advanced sample

./gradlew nohttp --args='-D=build -D=.git -F=spring.schemas -w config/nohttp/whitelist.lines'
  • Exclude the folders 'build', `.git'

  • Exclude the files 'spring.schemas`

  • Use additional whitelistFile to provide Custom Rules of config/nohttpwhitelist.lines

You can’t perform that action at this time.