List of usage examples for org.springframework.security.web.header.writers StaticHeadersWriter StaticHeadersWriter
public StaticHeadersWriter(String headerName, String... headerValues)
From source file:edu.chalmers.dat076.moviefinder.config.SecurityConfig.java
@Override protected void configure(final HttpSecurity http) throws Exception { http.headers().cacheControl().contentTypeOptions().frameOptions().xssProtection() .addHeaderWriter(new StaticHeadersWriter("X-Content-Security-Policy", "script-src 'self'")) .addHeaderWriter(new StaticHeadersWriter("Content-Security-Policy", "script-src 'self'")); }
From source file:business.security.HttpSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()).and() .userDetailsService(userDetailsService()).formLogin().permitAll() .failureHandler(authenticationFailureHandler).and().logout().permitAll() .logoutSuccessUrl("/#/login").and().authorizeRequests().antMatchers("/admin/**") .access("hasRole('palga')").and().authorizeRequests() .antMatchers("/", "/robots.txt", "/public/labs/**", "/password/request-new", "/password/reset", "/index.html", "/bower_components/**", "/app/**", "/js/**", "/messages/**", "/css/**", "/*.ico", "/images/**") .permitAll().antMatchers(HttpMethod.POST, "/register/users").permitAll() .antMatchers(HttpMethod.POST, "/register/users/**").permitAll() .antMatchers(HttpMethod.GET, "/register/users/activate/**").permitAll() .antMatchers(HttpMethod.GET, "/status").permitAll().antMatchers(HttpMethod.GET, "/ping").permitAll() .anyRequest().authenticated().and().addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class).csrf() .csrfTokenRepository(csrfTokenRepository()).and().headers() .addHeaderWriter(new StaticHeadersWriter("Content-Security-Policy-Report-Only", "default-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:")); }
From source file:com.isalnikov.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterBefore(authorizationFilter(), UserAuthorizationFilter.class); http.authorizeRequests()//from w w w .jav a 2 s.c om //http://www.webremeslo.ru/html/glava10.html .antMatchers("/page**").permitAll() .antMatchers("/login").permitAll().antMatchers("/user").hasRole("USER").antMatchers("/csrf") .hasRole("USER").anyRequest().authenticated().and().formLogin() // default login jsp //.failureUrl("/login") //.failureHandler((new SimpleUrlAuthenticationFailureHandler()) .permitAll().and().logout() //default logout jsp .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) // .deleteCookies("JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE") .permitAll(); http.sessionManagement().maximumSessions(1).and().invalidSessionUrl("/login"); // http // .headers() // .frameOptions().sameOrigin() // .httpStrictTransportSecurity().disable(); //http.exceptionHandling().authenticationEntryPoint(null); http.headers().addHeaderWriter(new StaticHeadersWriter("X-Content-Security-Policy", "default-src 'self'")) .addHeaderWriter(new StaticHeadersWriter("X-WebKit-CSP", "default-src 'self'")); }
From source file:de.dominikschadow.duke.encounters.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.authorizeRequests().antMatchers("/", "/register", "/encounters", "/search", "/error").permitAll() .antMatchers("/admin/**").hasRole("ADMIN").anyRequest().authenticated().and().formLogin() .loginPage("/login").defaultSuccessUrl("/account").permitAll().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).and().logout() .logoutSuccessUrl("/").permitAll().and().rememberMe().and().securityContext() .securityContextRepository(securityContextRepository).and().headers() .addHeaderWriter(new StaticHeadersWriter("Content-Security-Policy", "default-src 'self'")).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }