Class HeadersConfigurer.HpkpConfig
- java.lang.Object
-
- org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig
-
- Enclosing class:
- HeadersConfigurer<H extends HttpSecurityBuilder<H>>
public final class HeadersConfigurer.HpkpConfig extends java.lang.Object
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description HeadersConfigurer.HpkpConfig
addSha256Pins(java.lang.String... pins)
Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.HeadersConfigurer<H>
and()
Allows completing configuration of Public Key Pinning and continuing configuration of headers.HeadersConfigurer<H>
disable()
Prevents the header from being added to the response.HeadersConfigurer.HpkpConfig
includeSubDomains(boolean includeSubDomains)
If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name.HeadersConfigurer.HpkpConfig
maxAgeInSeconds(long maxAgeInSeconds)
Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header.HeadersConfigurer.HpkpConfig
reportOnly(boolean reportOnly)
If true, the browser should not terminate the connection with the server.HeadersConfigurer.HpkpConfig
reportUri(java.lang.String reportUri)
Sets the URI to which the browser should report pin validation failures.HeadersConfigurer.HpkpConfig
reportUri(java.net.URI reportUri)
Sets the URI to which the browser should report pin validation failures.HeadersConfigurer.HpkpConfig
withPins(java.util.Map<java.lang.String,java.lang.String> pins)
Sets the value for the pin- directive of the Public-Key-Pins header.
-
-
-
Method Detail
-
withPins
public HeadersConfigurer.HpkpConfig withPins(java.util.Map<java.lang.String,java.lang.String> pins)
Sets the value for the pin- directive of the Public-Key-Pins header.
The pin directive specifies a way for web host operators to indicate a cryptographic identity that should be bound to a given web host. See Section 2.1.1 for additional details.
- Parameters:
pins
- the map of base64-encoded SPKI fingerprint & cryptographic hash algorithm pairs.- Throws:
java.lang.IllegalArgumentException
- if pins is null
-
addSha256Pins
public HeadersConfigurer.HpkpConfig addSha256Pins(java.lang.String... pins)
Adds a list of SHA256 hashed pins for the pin- directive of the Public-Key-Pins header.
The pin directive specifies a way for web host operators to indicate a cryptographic identity that should be bound to a given web host. See Section 2.1.1 for additional details.
- Parameters:
pins
- a list of base64-encoded SPKI fingerprints.- Throws:
java.lang.IllegalArgumentException
- if a pin is null
-
maxAgeInSeconds
public HeadersConfigurer.HpkpConfig maxAgeInSeconds(long maxAgeInSeconds)
Sets the value (in seconds) for the max-age directive of the Public-Key-Pins header. The default is 60 days.
This instructs browsers how long they should regard the host (from whom the message was received) as a known pinned host. See Section 2.1.2 for additional details.
- Parameters:
maxAgeInSeconds
- the maximum amount of time (in seconds) to regard the host as a known pinned host.- Throws:
java.lang.IllegalArgumentException
- if maxAgeInSeconds is negative
-
includeSubDomains
public HeadersConfigurer.HpkpConfig includeSubDomains(boolean includeSubDomains)
If true, the pinning policy applies to this pinned host as well as any subdomains of the host's domain name. The default is false.
See Section 2.1.3 for additional details.
- Parameters:
includeSubDomains
- true to include subdomains, else false
-
reportOnly
public HeadersConfigurer.HpkpConfig reportOnly(boolean reportOnly)
If true, the browser should not terminate the connection with the server. The default is true.
See Section 2.1 for additional details.
- Parameters:
reportOnly
- true to report only, else false
-
reportUri
public HeadersConfigurer.HpkpConfig reportUri(java.net.URI reportUri)
Sets the URI to which the browser should report pin validation failures.
See Section 2.1.4 for additional details.
- Parameters:
reportUri
- the URI where the browser should send the report to.
-
reportUri
public HeadersConfigurer.HpkpConfig reportUri(java.lang.String reportUri)
Sets the URI to which the browser should report pin validation failures.
See Section 2.1.4 for additional details.
- Parameters:
reportUri
- the URI where the browser should send the report to.- Throws:
java.lang.IllegalArgumentException
- if the reportUri is not a valid URI
-
disable
public HeadersConfigurer<H> disable()
Prevents the header from being added to the response.- Returns:
- the
HeadersConfigurer
for additional configuration.
-
and
public HeadersConfigurer<H> and()
Allows completing configuration of Public Key Pinning and continuing configuration of headers.- Returns:
- the
HeadersConfigurer
for additional configuration
-
-