Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 21:12:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-2230: Polish Headers JavaConfig

Browse Source
This commit is contained in:
Rob Winch 2013-08-15 16:31:43 -05:00
parent e9bb9e766e
commit a469f26b10
1 changed files with 53 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
View File

@ -29,6 +29,8 @@ import org.springframework.security.web.header.writers.XXssProtectionHeaderWrite
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter; import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import com.sun.xml.internal.ws.api.ha.StickyFeature;
/** /**
* @author Rob Winch * @author Rob Winch
* @since 3.2 * @since 3.2
@ -55,6 +57,52 @@ public final class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends A
return this; return this;
} }
/**
* Adds {@link XContentTypeOptionsHeaderWriter}
*
* @return the {@link HeadersConfigurer} for additional customizations
*/
public HeadersConfigurer<H> contentTypeOptions() {
return addHeaderWriter(new XContentTypeOptionsHeaderWriter());
}
/**
* Adds {@link XXssProtectionHeaderWriter}. Note this is not comprehensive
* XSS protection!
*
* @return the {@link HeadersConfigurer} for additional customizations
*/
public HeadersConfigurer<H> xssProtection() {
return addHeaderWriter(new XContentTypeOptionsHeaderWriter());
}
/**
* Adds {@link CacheControlHeadersWriter}.
*
* @return the {@link HeadersConfigurer} for additional customizations
*/
public HeadersConfigurer<H> cacheControl() {
return addHeaderWriter(new CacheControlHeadersWriter());
}
/**
* Adds {@link HstsHeaderWriter}.
*
* @return the {@link HeadersConfigurer} for additional customizations
*/
public HeadersConfigurer<H> httpStrictTransportSecurity() {
return addHeaderWriter(new HstsHeaderWriter());
}
/**
* Adds {@link XFrameOptionsHeaderWriter} with all the default settings.
*
* @return the {@link HeadersConfigurer} for additional customizations
*/
public HeadersConfigurer<H> frameOptions() {
return addHeaderWriter(new XFrameOptionsHeaderWriter());
}
@Override @Override
public void configure(H http) throws Exception { public void configure(H http) throws Exception {
HeaderWriterFilter headersFilter = createHeaderWriterFilter(); HeaderWriterFilter headersFilter = createHeaderWriterFilter();
@ -89,10 +137,10 @@ public final class HeadersConfigurer<H extends HttpSecurityBuilder<H>> extends A
* *
*/ */
private void addDefaultHeaderWriters() { private void addDefaultHeaderWriters() {
headerWriters.add(new XContentTypeOptionsHeaderWriter()); contentTypeOptions();
headerWriters.add(new XXssProtectionHeaderWriter()); xssProtection();
headerWriters.add(new CacheControlHeadersWriter()); cacheControl();
headerWriters.add(new HstsHeaderWriter()); httpStrictTransportSecurity();
headerWriters.add(new XFrameOptionsHeaderWriter()); frameOptions();
} }
} }