Search in sources :

Example 1 with ResponseHeadersEnforcementFilter

use of org.apereo.cas.security.ResponseHeadersEnforcementFilter in project cas by apereo.

the class CasFiltersConfiguration method responseHeadersSecurityFilter.

@RefreshScope
@Bean
public FilterRegistrationBean responseHeadersSecurityFilter() {
    final HttpWebRequestProperties.Header header = casProperties.getHttpWebRequest().getHeader();
    final Map<String, String> initParams = new HashMap<>();
    initParams.put("enableCacheControl", BooleanUtils.toStringTrueFalse(header.isCache()));
    initParams.put("enableXContentTypeOptions", BooleanUtils.toStringTrueFalse(header.isXcontent()));
    initParams.put("enableStrictTransportSecurity", BooleanUtils.toStringTrueFalse(header.isHsts()));
    initParams.put("enableXFrameOptions", BooleanUtils.toStringTrueFalse(header.isXframe()));
    initParams.put("enableXSSProtection", BooleanUtils.toStringTrueFalse(header.isXss()));
    final FilterRegistrationBean bean = new FilterRegistrationBean();
    bean.setFilter(new ResponseHeadersEnforcementFilter());
    bean.setUrlPatterns(Collections.singleton("/*"));
    bean.setInitParameters(initParams);
    bean.setName("responseHeadersSecurityFilter");
    bean.setAsyncSupported(true);
    return bean;
}
Also used : HashMap(java.util.HashMap) HttpWebRequestProperties(org.apereo.cas.configuration.model.core.web.security.HttpWebRequestProperties) ResponseHeadersEnforcementFilter(org.apereo.cas.security.ResponseHeadersEnforcementFilter) FilterRegistrationBean(org.springframework.boot.web.servlet.FilterRegistrationBean) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) FilterRegistrationBean(org.springframework.boot.web.servlet.FilterRegistrationBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

HashMap (java.util.HashMap)1 HttpWebRequestProperties (org.apereo.cas.configuration.model.core.web.security.HttpWebRequestProperties)1 ResponseHeadersEnforcementFilter (org.apereo.cas.security.ResponseHeadersEnforcementFilter)1 FilterRegistrationBean (org.springframework.boot.web.servlet.FilterRegistrationBean)1 RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)1 Bean (org.springframework.context.annotation.Bean)1