Class HeadersConfigurer.HstsConfig
- java.lang.Object
-
- org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig
-
- Enclosing class:
- HeadersConfigurer<H extends HttpSecurityBuilder<H>>
public final class HeadersConfigurer.HstsConfig extends java.lang.Object
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description HeadersConfigurer<H>
and()
Allows completing configuration of Strict Transport Security and continuing configuration of headers.HeadersConfigurer<H>
disable()
Disables Strict Transport SecurityHeadersConfigurer.HstsConfig
includeSubDomains(boolean includeSubDomains)
If true, subdomains should be considered HSTS Hosts too.HeadersConfigurer.HstsConfig
maxAgeInSeconds(long maxAgeInSeconds)
Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header.HeadersConfigurer.HstsConfig
preload(boolean preload)
If true, preload will be included in HSTS Header.HeadersConfigurer.HstsConfig
requestMatcher(RequestMatcher requestMatcher)
Sets theRequestMatcher
used to determine if the "Strict-Transport-Security" should be added.
-
-
-
Method Detail
-
maxAgeInSeconds
public HeadersConfigurer.HstsConfig maxAgeInSeconds(long maxAgeInSeconds)
Sets the value (in seconds) for the max-age directive of the Strict-Transport-Security header. The default is one year.
This instructs browsers how long to remember to keep this domain as a known HSTS Host. See Section 6.1.1 for additional details.
- Parameters:
maxAgeInSeconds
- the maximum amount of time (in seconds) to consider this domain as a known HSTS Host.- Throws:
java.lang.IllegalArgumentException
- if maxAgeInSeconds is negative
-
requestMatcher
public HeadersConfigurer.HstsConfig requestMatcher(RequestMatcher requestMatcher)
Sets theRequestMatcher
used to determine if the "Strict-Transport-Security" should be added. If true the header is added, else the header is not added. By default the header is added whenServletRequest.isSecure()
returns true.- Parameters:
requestMatcher
- theRequestMatcher
to use.- Throws:
java.lang.IllegalArgumentException
- ifRequestMatcher
is null
-
includeSubDomains
public HeadersConfigurer.HstsConfig includeSubDomains(boolean includeSubDomains)
If true, subdomains should be considered HSTS Hosts too. The default is true.
See Section 6.1.2 for additional details.
- Parameters:
includeSubDomains
- true to include subdomains, else false
-
preload
public HeadersConfigurer.HstsConfig preload(boolean preload)
If true, preload will be included in HSTS Header. The default is false.
See Website hstspreload.org for additional details.
- Parameters:
preload
- true to include preload, else false- Since:
- 5.2.0
-
disable
public HeadersConfigurer<H> disable()
Disables Strict Transport Security- Returns:
- the
HeadersConfigurer
for additional configuration
-
and
public HeadersConfigurer<H> and()
Allows completing configuration of Strict Transport Security and continuing configuration of headers.- Returns:
- the
HeadersConfigurer
for additional configuration
-
-