Package org.springframework.security.web.header.writers.frameoptions

Class WhiteListedAllowFromStrategy

  • All Implemented Interfaces:
    AllowFromStrategy
    public final class WhiteListedAllowFromStrategy
extends java.lang.Object
    Implementation which checks the supplied origin against a list of allowed origins.
    Since:
    3.2

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected org.apache.commons.logging.Log log
      Logger for use by subclasses

    • Constructor Summary

      Constructors 
      Constructor Description
      WhiteListedAllowFromStrategy​(java.util.Collection<java.lang.String> allowed)
      Creates a new instance

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected boolean allowed​(java.lang.String allowFromOrigin)
      Method to be implemented by base classes, used to determine if the supplied origin is allowed.
      java.lang.String getAllowFromValue​(javax.servlet.http.HttpServletRequest request)
      Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
      void setAllowFromParameterName​(java.lang.String allowFromParameterName)
      Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • log

        protected final org.apache.commons.logging.Log log
        Logger for use by subclasses

    • Constructor Detail

      • WhiteListedAllowFromStrategy

        public WhiteListedAllowFromStrategy​(java.util.Collection<java.lang.String> allowed)
        Creates a new instance
        Parameters:
        allowed - the origins that are allowed.

    • Method Detail

      • allowed

        protected boolean allowed​(java.lang.String allowFromOrigin)
        Method to be implemented by base classes, used to determine if the supplied origin is allowed.
        Parameters:
        allowFromOrigin - the supplied origin
        Returns:
        true if the supplied origin is allowed.

      • getAllowFromValue

        public java.lang.String getAllowFromValue​(javax.servlet.http.HttpServletRequest request)
        Description copied from interface: AllowFromStrategy
        Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".
        Specified by:
        getAllowFromValue in interface AllowFromStrategy
        Parameters:
        request - the HttpServletRequest
        Returns:
        the value for ALLOW-FROM or null if no header should be added for this request.

      • setAllowFromParameterName

        public void setAllowFromParameterName​(java.lang.String allowFromParameterName)
        Sets the HTTP parameter used to retrieve the value for the origin that is allowed from. The value of the parameter should be a valid URL. The default parameter name is "x-frames-allow-from".
        Parameters:
        allowFromParameterName - the name of the HTTP parameter to