Example usage for org.springframework.security.web.header.writers HstsHeaderWriter setRequestMatcher

Introduction

In this page you can find the example usage for org.springframework.security.web.header.writers HstsHeaderWriter setRequestMatcher.

Prototype

public void setRequestMatcher(RequestMatcher requestMatcher) 

Source Link

Document

Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added.

Usage

From source file:com.xiovr.unibot.config.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    //      http.authorizeRequests().antMatchers("/css/**", "/images/**, /js/**")
    //            .permitAll().anyRequest().authenticated();
    ///*w w  w.j  a v  a  2s . c o m*/
    //      http.formLogin().failureUrl("/login").loginPage("/login")
    //            .loginProcessingUrl("/login/submit")
    //            .usernameParameter("username").passwordParameter("password")
    //            .defaultSuccessUrl("/", false).permitAll();
    //      http.logout().logoutUrl("/logout").invalidateHttpSession(true)
    //            .permitAll();

    http.headers().addHeaderWriter(
            new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN));
    http.headers().xssProtection();
    http.headers().cacheControl();
    http.headers().contentTypeOptions();
    HstsHeaderWriter writer = new HstsHeaderWriter(false);
    writer.setRequestMatcher(AnyRequestMatcher.INSTANCE);
    http.headers().addHeaderWriter(writer);
    http.csrf().disable();
    http.authorizeRequests().antMatchers("/css/**", "/images/**").permitAll().anyRequest().authenticated();
    http.formLogin().usernameParameter("username").passwordParameter("password").loginPage("/login")
            .loginProcessingUrl("/login/submit").defaultSuccessUrl("/", false).permitAll().and()
            .exceptionHandling().accessDeniedPage("/error").and().logout().permitAll();
}

---