Class RegExpAllowFromStrategy
- java.lang.Object
-
- org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
-
- All Implemented Interfaces:
AllowFromStrategy
public final class RegExpAllowFromStrategy extends java.lang.Object
Implementation which uses a regular expression to validate the supplied origin. If the value of the HTTP parameter matches the pattern, then the result will be ALLOW-FROM <paramter-value>.- Since:
- 3.2
-
-
Field Summary
Fields Modifier and Type Field Description protected org.apache.commons.logging.Log
log
Logger for use by subclasses
-
Constructor Summary
Constructors Constructor Description RegExpAllowFromStrategy(java.lang.String pattern)
Creates a new instance
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
allowed(java.lang.String allowFromOrigin)
Method to be implemented by base classes, used to determine if the supplied origin is allowed.java.lang.String
getAllowFromValue(javax.servlet.http.HttpServletRequest request)
Gets the value for ALLOW-FROM excluding the ALLOW-FROM.void
setAllowFromParameterName(java.lang.String allowFromParameterName)
Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.
-
-
-
Method Detail
-
allowed
protected boolean allowed(java.lang.String allowFromOrigin)
Method to be implemented by base classes, used to determine if the supplied origin is allowed.- Parameters:
allowFromOrigin
- the supplied origin- Returns:
true
if the supplied origin is allowed.
-
getAllowFromValue
public java.lang.String getAllowFromValue(javax.servlet.http.HttpServletRequest request)
Description copied from interface:AllowFromStrategy
Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".- Specified by:
getAllowFromValue
in interfaceAllowFromStrategy
- Parameters:
request
- theHttpServletRequest
- Returns:
- the value for ALLOW-FROM or null if no header should be added for this request.
-
setAllowFromParameterName
public void setAllowFromParameterName(java.lang.String allowFromParameterName)
Sets the HTTP parameter used to retrieve the value for the origin that is allowed from. The value of the parameter should be a valid URL. The default parameter name is "x-frames-allow-from".- Parameters:
allowFromParameterName
- the name of the HTTP parameter to
-
-