Examples with RegisteredServiceResponseHeadersEnforcementFilter org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter used on opensource projects

Search in sources :

Example 1 with RegisteredServiceResponseHeadersEnforcementFilter

use of org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter in project cas by apereo.

the class CasFiltersConfiguration method responseHeadersSecurityFilter.

@RefreshScope
@Bean
public FilterRegistrationBean responseHeadersSecurityFilter() {
    final HttpHeadersRequestProperties header = casProperties.getHttpWebRequest().getHeader();
    final Map<String, String> initParams = new HashMap<>();
    initParams.put("enableCacheControl", BooleanUtils.toStringTrueFalse(header.isCache()));
    initParams.put("enableXContentTypeOptions", BooleanUtils.toStringTrueFalse(header.isXcontent()));
    initParams.put("enableStrictTransportSecurity", BooleanUtils.toStringTrueFalse(header.isHsts()));
    initParams.put("enableXFrameOptions", BooleanUtils.toStringTrueFalse(header.isXframe()));
    if (header.isXframe()) {
        initParams.put("XFrameOptions", header.getXframeOptions());
    }
    initParams.put("enableXSSProtection", BooleanUtils.toStringTrueFalse(header.isXss()));
    if (header.isXss()) {
        initParams.put("XSSProtection", header.getXssOptions());
    }
    if (StringUtils.isNotBlank(header.getContentSecurityPolicy())) {
        initParams.put("contentSecurityPolicy", header.getContentSecurityPolicy());
    }
    final FilterRegistrationBean bean = new FilterRegistrationBean();
    bean.setFilter(new RegisteredServiceResponseHeadersEnforcementFilter(servicesManager, argumentExtractor));
    bean.setUrlPatterns(CollectionUtils.wrap("/*"));
    bean.setInitParameters(initParams);
    bean.setName("responseHeadersSecurityFilter");
    bean.setAsyncSupported(true);
    return bean;
}
Also used : RegisteredServiceResponseHeadersEnforcementFilter(org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter) HashMap(java.util.HashMap) HttpHeadersRequestProperties(org.apereo.cas.configuration.model.core.web.security.HttpHeadersRequestProperties) FilterRegistrationBean(org.springframework.boot.web.servlet.FilterRegistrationBean) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) FilterRegistrationBean(org.springframework.boot.web.servlet.FilterRegistrationBean) Bean(org.springframework.context.annotation.Bean)

Example 2 with RegisteredServiceResponseHeadersEnforcementFilter

use of org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter in project cas by apereo.

the class RegisteredServiceResponseHeadersEnforcementFilterTests method getFilterForProperty.

private static RegisteredServiceResponseHeadersEnforcementFilter getFilterForProperty(final Pair<RegisteredServiceProperties, String>... properties) {
    val appCtx = new StaticApplicationContext();
    appCtx.refresh();
    val context = ServicesManagerConfigurationContext.builder().serviceRegistry(new InMemoryServiceRegistry(appCtx)).applicationContext(appCtx).environments(new HashSet<>(0)).servicesCache(Caffeine.newBuilder().build()).registeredServiceLocators(List.of(new DefaultServicesManagerRegisteredServiceLocator())).build();
    val servicesManager = new DefaultServicesManager(context);
    val argumentExtractor = new DefaultArgumentExtractor(new WebApplicationServiceFactory());
    val service = RegisteredServiceTestUtils.getRegisteredService("service-0");
    val props1 = new LinkedHashMap<String, RegisteredServiceProperty>();
    for (val p : properties) {
        val prop1 = new DefaultRegisteredServiceProperty();
        prop1.addValue(p.getValue());
        props1.put(p.getKey().getPropertyName(), prop1);
    }
    service.setProperties(props1);
    servicesManager.save(service);
    return new RegisteredServiceResponseHeadersEnforcementFilter(servicesManager, argumentExtractor, new DefaultAuthenticationServiceSelectionPlan(new DefaultAuthenticationServiceSelectionStrategy()), new RegisteredServiceAccessStrategyAuditableEnforcer(new CasConfigurationProperties()));
}
Also used : lombok.val(lombok.val) RegisteredServiceAccessStrategyAuditableEnforcer(org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer) DefaultAuthenticationServiceSelectionStrategy(org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy) RegisteredServiceResponseHeadersEnforcementFilter(org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter) DefaultServicesManagerRegisteredServiceLocator(org.apereo.cas.services.DefaultServicesManagerRegisteredServiceLocator) StaticApplicationContext(org.springframework.context.support.StaticApplicationContext) DefaultAuthenticationServiceSelectionPlan(org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan) InMemoryServiceRegistry(org.apereo.cas.services.InMemoryServiceRegistry) LinkedHashMap(java.util.LinkedHashMap) DefaultRegisteredServiceProperty(org.apereo.cas.services.DefaultRegisteredServiceProperty) DefaultArgumentExtractor(org.apereo.cas.web.support.DefaultArgumentExtractor) WebApplicationServiceFactory(org.apereo.cas.authentication.principal.WebApplicationServiceFactory) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) DefaultServicesManager(org.apereo.cas.services.DefaultServicesManager) HashSet(java.util.HashSet)

Aggregations

RegisteredServiceResponseHeadersEnforcementFilter (org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter)2 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 LinkedHashMap (java.util.LinkedHashMap)1 lombok.val (lombok.val)1 DefaultAuthenticationServiceSelectionPlan (org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan)1 DefaultAuthenticationServiceSelectionStrategy (org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy)1 WebApplicationServiceFactory (org.apereo.cas.authentication.principal.WebApplicationServiceFactory)1 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)1 HttpHeadersRequestProperties (org.apereo.cas.configuration.model.core.web.security.HttpHeadersRequestProperties)1 DefaultRegisteredServiceProperty (org.apereo.cas.services.DefaultRegisteredServiceProperty)1 DefaultServicesManager (org.apereo.cas.services.DefaultServicesManager)1 DefaultServicesManagerRegisteredServiceLocator (org.apereo.cas.services.DefaultServicesManagerRegisteredServiceLocator)1 InMemoryServiceRegistry (org.apereo.cas.services.InMemoryServiceRegistry)1 RegisteredServiceAccessStrategyAuditableEnforcer (org.apereo.cas.services.RegisteredServiceAccessStrategyAuditableEnforcer)1 DefaultArgumentExtractor (org.apereo.cas.web.support.DefaultArgumentExtractor)1 FilterRegistrationBean (org.springframework.boot.web.servlet.FilterRegistrationBean)1 RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)1 Bean (org.springframework.context.annotation.Bean)1 StaticApplicationContext (org.springframework.context.support.StaticApplicationContext)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial