use of org.apereo.cas.security.ResponseHeadersEnforcementFilter in project cas by apereo.
the class CasFiltersConfiguration method responseHeadersSecurityFilter.
@RefreshScope
@Bean
public FilterRegistrationBean responseHeadersSecurityFilter() {
final HttpWebRequestProperties.Header header = casProperties.getHttpWebRequest().getHeader();
final Map<String, String> initParams = new HashMap<>();
initParams.put("enableCacheControl", BooleanUtils.toStringTrueFalse(header.isCache()));
initParams.put("enableXContentTypeOptions", BooleanUtils.toStringTrueFalse(header.isXcontent()));
initParams.put("enableStrictTransportSecurity", BooleanUtils.toStringTrueFalse(header.isHsts()));
initParams.put("enableXFrameOptions", BooleanUtils.toStringTrueFalse(header.isXframe()));
initParams.put("enableXSSProtection", BooleanUtils.toStringTrueFalse(header.isXss()));
final FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter(new ResponseHeadersEnforcementFilter());
bean.setUrlPatterns(Collections.singleton("/*"));
bean.setInitParameters(initParams);
bean.setName("responseHeadersSecurityFilter");
bean.setAsyncSupported(true);
return bean;
}
Aggregations