Package com.broadleafcommerce.auth.user.autoconfigure

Class ContentSecurityPolicyConfigurer

java.lang.Object

com.broadleafcommerce.auth.user.autoconfigure.ContentSecurityPolicyConfigurer

public class ContentSecurityPolicyConfigurer
extends Object

Responsible for configuring Content Security Policy (CSP) for AuthorizationServerWebSecurityConfiguration.

Constructor Summary

Constructors

Constructor	Description
ContentSecurityPolicyConfigurer(AuthorizationServerProperties authorizationServerProperties)

Method Summary

Modifier and Type	Method	Description
void	configure(org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig config)	If isContentSecurityPolicyEnabled(), this method will be invoked to configure the content security policy.
protected AuthorizationServerProperties	getAuthorizationServerProperties()
protected String	getBaseUriDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)
protected String	getCombinedDirectivesValue()
protected String	getDefaultSrcDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)
boolean	isContentSecurityPolicyEnabled()	Whether or not content security policy behavior should be enabled.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ContentSecurityPolicyConfigurer

public ContentSecurityPolicyConfigurer(AuthorizationServerProperties authorizationServerProperties)

Method Detail

isContentSecurityPolicyEnabled

public boolean isContentSecurityPolicyEnabled()

Whether or not content security policy behavior should be enabled.

Returns:

true if the behavior should be enabled, false otherwise

configure

public void configure(org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig config)

If isContentSecurityPolicyEnabled(), this method will be invoked to configure the content security policy. This is typically invoked via HeadersConfigurer.contentSecurityPolicy(Customizer).

Parameters:

config - the content security policy configuration to customize

getCombinedDirectivesValue

@Nullable
protected String getCombinedDirectivesValue()

getDefaultSrcDirective

@Nullable
protected String getDefaultSrcDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)

getBaseUriDirective

@Nullable
protected String getBaseUriDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)

getAuthorizationServerProperties

protected AuthorizationServerProperties getAuthorizationServerProperties()