Package org.springframework.security.web.header.writers

Class HstsHeaderWriter

    • Constructor Summary

      Constructors 
      Constructor Description
      HstsHeaderWriter()
      Creates a new instance
      HstsHeaderWriter​(boolean includeSubDomains)
      Creates a new instance
      HstsHeaderWriter​(long maxAgeInSeconds)
      Creates a new instance
      HstsHeaderWriter​(long maxAgeInSeconds, boolean includeSubDomains)
      Creates a new instance
      HstsHeaderWriter​(long maxAgeInSeconds, boolean includeSubDomains, boolean preload)
      Creates a new instance
      HstsHeaderWriter​(RequestMatcher requestMatcher, long maxAgeInSeconds, boolean includeSubDomains)
      Creates a new instance
      HstsHeaderWriter​(RequestMatcher requestMatcher, long maxAgeInSeconds, boolean includeSubDomains, boolean preload)
      Creates a new instance

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void setIncludeSubDomains​(boolean includeSubDomains)
      If true, subdomains should be considered HSTS Hosts too.
      void setMaxAgeInSeconds​(long maxAgeInSeconds)
      Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.
      void setPreload​(boolean preload)
      If true, preload will be included in HSTS Header.
      void setRequestMatcher​(RequestMatcher requestMatcher)
      Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added.
      void writeHeaders​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Create a Header instance.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • writeHeaders

        public void writeHeaders​(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response)
        Description copied from interface: HeaderWriter
        Create a Header instance.
        Specified by:
        writeHeaders in interface HeaderWriter
        Parameters:
        request - the request
        response - the response

      • setRequestMatcher

        public void setRequestMatcher​(RequestMatcher requestMatcher)
        Sets the RequestMatcher used to determine if the "Strict-Transport-Security" should be added. If true the header is added, else the header is not added. By default the header is added when ServletRequest.isSecure() returns true.
        Parameters:
        requestMatcher - the RequestMatcher to use.
        Throws:
        java.lang.IllegalArgumentException - if RequestMatcher is null

      • setMaxAgeInSeconds

        public void setMaxAgeInSeconds​(long maxAgeInSeconds)

        Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header. The default is one year.

        This instructs browsers how long to remember to keep this domain as a known HSTS Host. See Section 6.1.1 for additional details.

        Parameters:
        maxAgeInSeconds - the maximum amount of time (in seconds) to consider this domain as a known HSTS Host.
        Throws:
        java.lang.IllegalArgumentException - if maxAgeInSeconds is negative

      • setIncludeSubDomains

        public void setIncludeSubDomains​(boolean includeSubDomains)

        If true, subdomains should be considered HSTS Hosts too. The default is true.

        See Section 6.1.2 for additional details.

        Parameters:
        includeSubDomains - true to include subdomains, else false

      • setPreload

        public void setPreload​(boolean preload)

        If true, preload will be included in HSTS Header. The default is false.

        See Section 6.1.2 for additional details.

        Parameters:
        preload - true to include preload, else false
        Since:
        5.2.0