AbstractRequestParameterAllowFromStrategy (spring-security-docs-manual 5.4.10 API)

java.lang.Object
- org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy

All Implemented Interfaces:

AllowFromStrategy

Direct Known Subclasses:

RegExpAllowFromStrategy, WhiteListedAllowFromStrategy

Deprecated.
ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
```
@Deprecated
public abstract class AbstractRequestParameterAllowFromStrategy
extends java.lang.Object
implements AllowFromStrategy
```
Base class for AllowFromStrategy implementations which use a request parameter to retrieve the origin. By default the parameter named x-frames-allow-from is read from the request.

Since:

3.2

Field Summary

Fields
Modifier and Type Field and Description

protected org.apache.commons.logging.Log log
Deprecated.

Logger for use by subclasses

Fields
Modifier and Type	Field and Description
`protected org.apache.commons.logging.Log`	`log` Deprecated. Logger for use by subclasses

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`protected abstract boolean`	`allowed(java.lang.String allowFromOrigin)` Deprecated. Method to be implemented by base classes, used to determine if the supplied origin is allowed.
`java.lang.String`	`getAllowFromValue(javax.servlet.http.HttpServletRequest request)` Deprecated. Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
`void`	`setAllowFromParameterName(java.lang.String allowFromParameterName)` Deprecated. Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - log
```
protected final org.apache.commons.logging.Log log
```
    Deprecated.
    
    Logger for use by subclasses
- Method Detail
  - getAllowFromValue
```
public java.lang.String getAllowFromValue(javax.servlet.http.HttpServletRequest request)
```
    Deprecated.
    
    Description copied from interface: AllowFromStrategy
    
    Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".
    
    Specified by:
    
    getAllowFromValue in interface AllowFromStrategy
    
    Parameters:
    
    request - the HttpServletRequest
    
    Returns:
    
    the value for ALLOW-FROM or null if no header should be added for this request.
  - setAllowFromParameterName
```
public void setAllowFromParameterName(java.lang.String allowFromParameterName)
```
    Deprecated.
    
    Sets the HTTP parameter used to retrieve the value for the origin that is allowed from. The value of the parameter should be a valid URL. The default parameter name is "x-frames-allow-from".
    
    Parameters:
    
    allowFromParameterName - the name of the HTTP parameter to
  - allowed
```
protected abstract boolean allowed(java.lang.String allowFromOrigin)
```
    Deprecated.
    
    Method to be implemented by base classes, used to determine if the supplied origin is allowed.
    
    Parameters:
    
    allowFromOrigin - the supplied origin
    
    Returns:
    
    true if the supplied origin is allowed.

Class AbstractRequestParameterAllowFromStrategy

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

log

Method Detail

getAllowFromValue

setAllowFromParameterName

allowed