Examples with HttpHeadersRequestProperties - org.apereo.cas.configuration.model.core.web.security.HttpHeadersRequestProperties

Example 1 with HttpHeadersRequestProperties

use of org.apereo.cas.configuration.model.core.web.security.HttpHeadersRequestProperties in project cas by apereo.

the class CasFiltersConfiguration method responseHeadersSecurityFilter.

@RefreshScope
@Bean
public FilterRegistrationBean responseHeadersSecurityFilter() {
    final HttpHeadersRequestProperties header = casProperties.getHttpWebRequest().getHeader();
    final Map<String, String> initParams = new HashMap<>();
    initParams.put("enableCacheControl", BooleanUtils.toStringTrueFalse(header.isCache()));
    initParams.put("enableXContentTypeOptions", BooleanUtils.toStringTrueFalse(header.isXcontent()));
    initParams.put("enableStrictTransportSecurity", BooleanUtils.toStringTrueFalse(header.isHsts()));
    initParams.put("enableXFrameOptions", BooleanUtils.toStringTrueFalse(header.isXframe()));
    if (header.isXframe()) {
        initParams.put("XFrameOptions", header.getXframeOptions());
    }
    initParams.put("enableXSSProtection", BooleanUtils.toStringTrueFalse(header.isXss()));
    if (header.isXss()) {
        initParams.put("XSSProtection", header.getXssOptions());
    }
    if (StringUtils.isNotBlank(header.getContentSecurityPolicy())) {
        initParams.put("contentSecurityPolicy", header.getContentSecurityPolicy());
    }
    final FilterRegistrationBean bean = new FilterRegistrationBean();
    bean.setFilter(new RegisteredServiceResponseHeadersEnforcementFilter(servicesManager, argumentExtractor));
    bean.setUrlPatterns(CollectionUtils.wrap("/*"));
    bean.setInitParameters(initParams);
    bean.setName("responseHeadersSecurityFilter");
    bean.setAsyncSupported(true);
    return bean;
}

Also used : RegisteredServiceResponseHeadersEnforcementFilter(org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter) HashMap(java.util.HashMap) HttpHeadersRequestProperties(org.apereo.cas.configuration.model.core.web.security.HttpHeadersRequestProperties) FilterRegistrationBean(org.springframework.boot.web.servlet.FilterRegistrationBean) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) FilterRegistrationBean(org.springframework.boot.web.servlet.FilterRegistrationBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

HashMap (java.util.HashMap)1 HttpHeadersRequestProperties (org.apereo.cas.configuration.model.core.web.security.HttpHeadersRequestProperties)1 RegisteredServiceResponseHeadersEnforcementFilter (org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter)1 FilterRegistrationBean (org.springframework.boot.web.servlet.FilterRegistrationBean)1 RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)1 Bean (org.springframework.context.annotation.Bean)1