WhiteListedAllowFromStrategy (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.web.header.writers.frameoptions
Class WhiteListedAllowFromStrategy

java.lang.Object
  org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy

All Implemented Interfaces:: AllowFromStrategy

public final class WhiteListedAllowFromStrategy
extends Object
extends Object

Implementation which checks the supplied origin against a list of allowed origins.

Since:: 3.2

Field Summary
`protected org.apache.commons.logging.Log`	`log` Logger for use by subclasses

Constructor Summary
`WhiteListedAllowFromStrategy(Collection<String> allowed)` Creates a new instance

Method Summary
`protected boolean`	`allowed(String allowFromOrigin)` Method to be implemented by base classes, used to determine if the supplied origin is allowed.
`String`	`getAllowFromValue(javax.servlet.http.HttpServletRequest request)` Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
`void`	`setAllowFromParameterName(String allowFromParameterName)` Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

log

protected final org.apache.commons.logging.Log log

Logger for use by subclasses

Constructor Detail

WhiteListedAllowFromStrategy

public WhiteListedAllowFromStrategy(Collection<String> allowed)

Creates a new instance

Parameters:: allowed - the origins that are allowed.

Method Detail

allowed

protected boolean allowed(String allowFromOrigin)

Method to be implemented by base classes, used to determine if the supplied origin is allowed.

Parameters:: allowFromOrigin - the supplied origin
Returns:: true if the supplied origin is allowed.

getAllowFromValue

public String getAllowFromValue(javax.servlet.http.HttpServletRequest request)

Description copied from interface: AllowFromStrategy

Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".

Specified by:: getAllowFromValue in interface AllowFromStrategy

Parameters:: request - the HttpServletRequest
Returns:: the value for ALLOW-FROM or null if no header should be added for this request.

setAllowFromParameterName

public void setAllowFromParameterName(String allowFromParameterName)

Sets the HTTP parameter used to retrieve the value for the origin that is allowed from. The value of the parameter should be a valid URL. The default parameter name is "x-frames-allow-from".

Parameters:: allowFromParameterName - the name of the HTTP parameter to