RegExpAllowFromStrategy (Spring Security 3.2.0.RC1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.springframework.security.web.header.writers.frameoptions
Class RegExpAllowFromStrategy

java.lang.Object
  org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy

All Implemented Interfaces:: AllowFromStrategy

public final class RegExpAllowFromStrategy
extends Object
extends Object

Implementation which uses a regular expression to validate the supplied origin. If the value of the HTTP parameter matches the pattern, then the the result will be ALLOW-FROM .

Since:: 3.2

Field Summary
`protected org.apache.commons.logging.Log`	`log` Logger for use by subclasses

Constructor Summary
`RegExpAllowFromStrategy(String pattern)` Creates a new instance

Method Summary
`protected boolean`	`allowed(String allowFromOrigin)` Method to be implemented by base classes, used to determine if the supplied origin is allowed.
`String`	`getAllowFromValue(javax.servlet.http.HttpServletRequest request)` Gets the value for ALLOW-FROM excluding the ALLOW-FROM.
`void`	`setAllowFromParameterName(String allowFromParameterName)` Sets the HTTP parameter used to retrieve the value for the origin that is allowed from.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

log

protected final org.apache.commons.logging.Log log

Logger for use by subclasses

Constructor Detail

RegExpAllowFromStrategy

public RegExpAllowFromStrategy(String pattern)

Creates a new instance

Parameters:: pattern - the Pattern to compare against the HTTP parameter value. If the pattern matches, the domain will be allowed, else denied.

Method Detail

allowed

protected boolean allowed(String allowFromOrigin)

Method to be implemented by base classes, used to determine if the supplied origin is allowed.

Parameters:: allowFromOrigin - the supplied origin
Returns:: true if the supplied origin is allowed.

getAllowFromValue

public String getAllowFromValue(javax.servlet.http.HttpServletRequest request)

Description copied from interface: AllowFromStrategy

Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the result might be "https://example.com/".

Specified by:: getAllowFromValue in interface AllowFromStrategy

Parameters:: request - the HttpServletRequest
Returns:: the value for ALLOW-FROM or null if no header should be added for this request.

setAllowFromParameterName

public void setAllowFromParameterName(String allowFromParameterName)

Sets the HTTP parameter used to retrieve the value for the origin that is allowed from. The value of the parameter should be a valid URL. The default parameter name is "x-frames-allow-from".

Parameters:: allowFromParameterName - the name of the HTTP parameter to