Package org.springframework.security.web.header.writers.frameoptions

Examples of org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter


     * {@link XFrameOptionsHeaderWriter} directly.
     *
     * @return the {@link HeadersConfigurer} for additional customizations
     */
    public HeadersConfigurer<H> frameOptions() {
        return addHeaderWriter(new XFrameOptionsHeaderWriter());
    }
View Full Code Here


        response = new MockHttpServletResponse();
    }

    @Test(expected = IllegalArgumentException.class)
    public void constructorNullMode() {
        new XFrameOptionsHeaderWriter((XFrameOptionsMode)null);
    }
View Full Code Here

        new XFrameOptionsHeaderWriter((XFrameOptionsMode)null);
    }

    @Test(expected = IllegalArgumentException.class)
    public void constructorAllowFromNoAllowFromStrategy() {
        new XFrameOptionsHeaderWriter(XFrameOptionsMode.ALLOW_FROM);
    }
View Full Code Here

        new XFrameOptionsHeaderWriter(XFrameOptionsMode.ALLOW_FROM);
    }

    @Test(expected = IllegalArgumentException.class)
    public void constructorNullAllowFromStrategy() {
        new XFrameOptionsHeaderWriter((AllowFromStrategy)null);
    }
View Full Code Here

        new XFrameOptionsHeaderWriter((AllowFromStrategy)null);
    }

    @Test
    public void writeHeadersAllowFromReturnsNull() {
        writer = new XFrameOptionsHeaderWriter(strategy);

        writer.writeHeaders(request, response);

        assertThat(response.getHeaderNames().isEmpty()).isTrue();
    }
View Full Code Here

    @Test
    public void writeHeadersAllowFrom() {
        String allowFromValue = "https://example.com/";
        when(strategy.getAllowFromValue(request)).thenReturn(allowFromValue);
        writer = new XFrameOptionsHeaderWriter(strategy);

        writer.writeHeaders(request, response);

        assertThat(response.getHeaderNames().size()).isEqualTo(1);
        assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("ALLOW-FROM " + allowFromValue);
View Full Code Here

        assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("ALLOW-FROM " + allowFromValue);
    }

    @Test
    public void writeHeadersDeny() {
        writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);

        writer.writeHeaders(request, response);

        assertThat(response.getHeaderNames().size()).isEqualTo(1);
        assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");
View Full Code Here

    }


    @Test
    public void writeHeadersSameOrigin() {
        writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);

        writer.writeHeaders(request, response);

        assertThat(response.getHeaderNames().size()).isEqualTo(1);
        assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("SAMEORIGIN");
View Full Code Here

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .headers() // TODO: (REWRITE) This enables opening javamelody in an iframe, see https://jira.spring.io/browse/SEC-2501 and https://jira.spring.io/browse/SPR-11496
                .addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
                .and()
            .requiresChannel()
                .anyRequest().requiresSecure()
                .and()
            .authorizeRequests()
View Full Code Here

TOP

Related Classes of org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.