Examples of org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher

• org.springframework.security.web.header.writers.HstsHeaderWriter
  .ietf.org/html/rfc6797">HTTP Strict Transport Security (HSTS).

  By default the expiration is one year and subdomains will be included. This can be customized using {@link #setMaxAgeInSeconds(long)} and{@link #setIncludeSubDomains(boolean)} respectively.

  Since section 7.2 states that HSTS Host MUST NOT include the STS header in HTTP responses, the default behavior is that the "Strict-Transport-Security" will only be added when {@link HttpServletRequest#isSecure()} returns {@code true}. At times this may need to be customized. For example, in some situations where SSL termination is used, something else may be used to determine if SSL was used. For these circumstances, {@link #setRequestMatcher(RequestMatcher)}can be invoked with a custom {@link RequestMatcher}.

  @author Rob Winch @since 3.2

     * </p>
     *
     * @return the {@link HeadersConfigurer} for additional customizations
     */
    public HeadersConfigurer<H> httpStrictTransportSecurity() {
        return addHeaderWriter(new HstsHeaderWriter());
    }

    public void setup() {
        request = new MockHttpServletRequest();
        request.setSecure(true);
        response = new MockHttpServletResponse();

        writer = new HstsHeaderWriter();
    }

    }

    @Test
    public void allArgsCustomConstructorWriteHeaders() {
        request.setSecure(false);
        writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false);

        writer.writeHeaders(request, response);

        assertThat(response.getHeaderNames().size()).isEqualTo(1);
        assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000");

    }

    @Test
    public void maxAgeAndIncludeSubdomainsCustomConstructorWriteHeaders() {
        request.setSecure(false);
        writer = new HstsHeaderWriter(AnyRequestMatcher.INSTANCE, 15768000, false);

        writer.writeHeaders(request, response);

        assertThat(response.getHeaderNames().size()).isEqualTo(1);
        assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000");

        assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000");
    }

    @Test
    public void maxAgeCustomConstructorWriteHeaders() {
        writer = new HstsHeaderWriter(15768000);

        writer.writeHeaders(request, response);

        assertThat(response.getHeaderNames().size()).isEqualTo(1);
        assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000 ; includeSubDomains");

        assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=15768000 ; includeSubDomains");
    }

    @Test
    public void includeSubDomainsCustomConstructorWriteHeaders() {
        writer = new HstsHeaderWriter(false);

        writer.writeHeaders(request, response);

        assertThat(response.getHeaderNames().size()).isEqualTo(1);
        assertThat(response.getHeader("Strict-Transport-Security")).isEqualTo("max-age=31536000");

            return new InMemoryUsersConnectionRepository(registry);
        }
    }

    private static void configureHeaders(HeadersConfigurer<?> headers) throws Exception {
        HstsHeaderWriter writer = new HstsHeaderWriter(false);
        writer.setRequestMatcher(AnyRequestMatcher.INSTANCE);
        headers.contentTypeOptions().xssProtection().cacheControl().addHeaderWriter(writer).frameOptions();
    }

  public static void configureHeaders(HeadersConfigurer<?> configurer,
      SecurityProperties.Headers headers) throws Exception {
    if (headers.getHsts() != Headers.HSTS.NONE) {
      boolean includeSubdomains = headers.getHsts() == Headers.HSTS.ALL;
      HstsHeaderWriter writer = new HstsHeaderWriter(includeSubdomains);
      writer.setRequestMatcher(AnyRequestMatcher.INSTANCE);
      configurer.addHeaderWriter(writer);
    }
    if (headers.isContentType()) {
      configurer.contentTypeOptions();
    }