org.springframework.security.web.header.writers.frameoptions
Class RegExpAllowFromStrategy
java.lang.Object
org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy
- All Implemented Interfaces:
- AllowFromStrategy
public final class RegExpAllowFromStrategy
- extends Object
Implementation which uses a regular expression to validate the supplied
origin. If the value of the HTTP parameter matches the pattern, then the the
result will be ALLOW-FROM .
- Since:
- 3.2
Field Summary |
protected org.apache.commons.logging.Log |
log
Logger for use by subclasses |
Method Summary |
protected boolean |
allowed(String allowFromOrigin)
Method to be implemented by base classes, used to determine if the supplied origin is allowed. |
String |
getAllowFromValue(javax.servlet.http.HttpServletRequest request)
Gets the value for ALLOW-FROM excluding the ALLOW-FROM. |
void |
setAllowFromParameterName(String allowFromParameterName)
Sets the HTTP parameter used to retrieve the value for the origin that is
allowed from. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
log
protected final org.apache.commons.logging.Log log
- Logger for use by subclasses
RegExpAllowFromStrategy
public RegExpAllowFromStrategy(String pattern)
- Creates a new instance
- Parameters:
pattern
- the Pattern to compare against the HTTP parameter value. If
the pattern matches, the domain will be allowed, else denied.
allowed
protected boolean allowed(String allowFromOrigin)
- Method to be implemented by base classes, used to determine if the supplied origin is allowed.
- Parameters:
allowFromOrigin
- the supplied origin
- Returns:
true
if the supplied origin is allowed.
getAllowFromValue
public String getAllowFromValue(javax.servlet.http.HttpServletRequest request)
- Description copied from interface:
AllowFromStrategy
- Gets the value for ALLOW-FROM excluding the ALLOW-FROM. For example, the
result might be "https://example.com/".
- Specified by:
getAllowFromValue
in interface AllowFromStrategy
- Parameters:
request
- the HttpServletRequest
- Returns:
- the value for ALLOW-FROM or null if no header should be added for this request.
setAllowFromParameterName
public void setAllowFromParameterName(String allowFromParameterName)
- Sets the HTTP parameter used to retrieve the value for the origin that is
allowed from. The value of the parameter should be a valid URL. The
default parameter name is "x-frames-allow-from".
- Parameters:
allowFromParameterName
- the name of the HTTP parameter to