Example usage for org.springframework.security.web.header.writers.frameoptions XFrameOptionsHeaderWriter XFrameOptionsHeaderWriter

List of usage examples for org.springframework.security.web.header.writers.frameoptions XFrameOptionsHeaderWriter XFrameOptionsHeaderWriter

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.web.header.writers.frameoptions.*
  5. XFrameOptionsHeaderWriter
  6. XFrameOptionsHeaderWriter

Introduction

In this page you can find the example usage for org.springframework.security.web.header.writers.frameoptions XFrameOptionsHeaderWriter XFrameOptionsHeaderWriter.

Prototype

public XFrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy)

Source Link

Document

Creates a new instance with XFrameOptionsMode#ALLOW_FROM .

Usage

From source file:com.crec.controller.config.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable() // Refactor login form

            // See https://jira.springsource.org/browse/SPR-11496
            .headers()//from   ww w . ja v a  2 s. c o  m
            .addHeaderWriter(
                    new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
            .and()

            .formLogin().defaultSuccessUrl("/index.html").loginPage("/login.html")
            .failureUrl("/login.html?error").permitAll().and().logout().logoutSuccessUrl("/login.html?logout")
            .logoutUrl("/logout.html").permitAll().and().authorizeRequests().antMatchers("/assets/**")
            .permitAll().anyRequest().authenticated().and();
}

From source file:com.jfillo.spring.samples.chatroom.config.ChatWebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().headers()//from w  w  w.jav  a2s.  c  o m
            .addHeaderWriter(
                    new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
            .and().authorizeRequests().antMatchers("/resources/**").permitAll().anyRequest().authenticated()
            .and().formLogin().defaultSuccessUrl("/index.html").loginPage("/login.html")
            .failureUrl("/login.html?error").permitAll().and().logout().logoutSuccessUrl("/login.html?logout")
            .logoutUrl("/logout.html").permitAll();

}

From source file:ch.rasc.s4ws.portfolio.config.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http.csrf().disable()/* w w  w.j  a  v  a 2 s  .c om*/
            // See https://jira.springsource.org/browse/SPR-11496
            .headers()
            .addHeaderWriter(
                    new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
            .and()

            .formLogin().defaultSuccessUrl("/portfolio/index.html").loginPage("/portfolio/login.html")
            .failureUrl("/portfolio/login.html?error").permitAll().and().logout()
            .logoutSuccessUrl("/portfolio/login.html?logout").logoutUrl("/portfolio/logout.html").permitAll()
            .and().authorizeRequests().antMatchers("/portfolio/login.css").permitAll()
            .antMatchers("/portfolio/**").authenticated().and();

    // @formatter:on
}

From source file:cn.designthougths.sample.axon.sfav.webui.UIApplication.java

@Override
public void configure(HttpSecurity http) throws Exception {
    http.logout().and().headers()/*from w  w w. jav a  2  s .  c om*/
            .addHeaderWriter(
                    new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN))
            .and().antMatcher("/**").authorizeRequests()
            .antMatchers("/index.html", "/location.html", "/templates/*", "/partials/*", "/", "/login")
            .permitAll().anyRequest().authenticated().and().csrf().csrfTokenRepository(csrfTokenRepository())
            .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}

From source file:com.xiovr.unibot.config.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    //      http.authorizeRequests().antMatchers("/css/**", "/images/**, /js/**")
    //            .permitAll().anyRequest().authenticated();
    ////w  ww . j  a v a 2  s . c  o m
    //      http.formLogin().failureUrl("/login").loginPage("/login")
    //            .loginProcessingUrl("/login/submit")
    //            .usernameParameter("username").passwordParameter("password")
    //            .defaultSuccessUrl("/", false).permitAll();
    //      http.logout().logoutUrl("/logout").invalidateHttpSession(true)
    //            .permitAll();

    http.headers().addHeaderWriter(
            new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN));
    http.headers().xssProtection();
    http.headers().cacheControl();
    http.headers().contentTypeOptions();
    HstsHeaderWriter writer = new HstsHeaderWriter(false);
    writer.setRequestMatcher(AnyRequestMatcher.INSTANCE);
    http.headers().addHeaderWriter(writer);
    http.csrf().disable();
    http.authorizeRequests().antMatchers("/css/**", "/images/**").permitAll().anyRequest().authenticated();
    http.formLogin().usernameParameter("username").passwordParameter("password").loginPage("/login")
            .loginProcessingUrl("/login/submit").defaultSuccessUrl("/", false).permitAll().and()
            .exceptionHandling().accessDeniedPage("/error").and().logout().permitAll();
}