Examples of XFrameOptionsHeaderWriter

org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
{@code HeaderWriter} implementation for the X-Frame-Options headers. When using the ALLOW-FROM directive the actualvalue is determined by a {@code AllowFromStrategy}. @author Marten Deinum @author Rob Winch @since 3.2 @see AllowFromStrategy

Examples of org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

     * {@link XFrameOptionsHeaderWriter} directly.
     *
     * @return the {@link HeadersConfigurer} for additional customizations
     */
    public HeadersConfigurer<H> frameOptions() {
        return addHeaderWriter(new XFrameOptionsHeaderWriter());
    }

View Full Code Here

Examples of org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

        response = new MockHttpServletResponse();
    }


    @Test(expected = IllegalArgumentException.class)
    public void constructorNullMode() {
        new XFrameOptionsHeaderWriter((XFrameOptionsMode)null);
    }

View Full Code Here

Examples of org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

        new XFrameOptionsHeaderWriter((XFrameOptionsMode)null);
    }


    @Test(expected = IllegalArgumentException.class)
    public void constructorAllowFromNoAllowFromStrategy() {
        new XFrameOptionsHeaderWriter(XFrameOptionsMode.ALLOW_FROM);
    }

View Full Code Here

Examples of org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

        new XFrameOptionsHeaderWriter(XFrameOptionsMode.ALLOW_FROM);
    }


    @Test(expected = IllegalArgumentException.class)
    public void constructorNullAllowFromStrategy() {
        new XFrameOptionsHeaderWriter((AllowFromStrategy)null);
    }

View Full Code Here

Examples of org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

        new XFrameOptionsHeaderWriter((AllowFromStrategy)null);
    }


    @Test
    public void writeHeadersAllowFromReturnsNull() {
        writer = new XFrameOptionsHeaderWriter(strategy);


        writer.writeHeaders(request, response);


        assertThat(response.getHeaderNames().isEmpty()).isTrue();
    }

View Full Code Here

Examples of org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter


    @Test
    public void writeHeadersAllowFrom() {
        String allowFromValue = "https://example.com/";
        when(strategy.getAllowFromValue(request)).thenReturn(allowFromValue);
        writer = new XFrameOptionsHeaderWriter(strategy);


        writer.writeHeaders(request, response);


        assertThat(response.getHeaderNames().size()).isEqualTo(1);
        assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("ALLOW-FROM " + allowFromValue);

View Full Code Here

Examples of org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

        assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("ALLOW-FROM " + allowFromValue);
    }


    @Test
    public void writeHeadersDeny() {
        writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);


        writer.writeHeaders(request, response);


        assertThat(response.getHeaderNames().size()).isEqualTo(1);
        assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("DENY");

View Full Code Here

Examples of org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter

    }




    @Test
    public void writeHeadersSameOrigin() {
        writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);


        writer.writeHeaders(request, response);


        assertThat(response.getHeaderNames().size()).isEqualTo(1);
        assertThat(response.getHeader(XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER)).isEqualTo("SAMEORIGIN");

View Full Code Here

Examples of org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .headers() // TODO: (REWRITE) This enables opening javamelody in an iframe, see https://jira.spring.io/browse/SEC-2501 and https://jira.spring.io/browse/SPR-11496
                .addHeaderWriter(new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
                .and()
            .requiresChannel()
                .anyRequest().requiresSecure()
                .and()
            .authorizeRequests()

View Full Code Here

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.