Package com.broadleafcommerce.auth.user.autoconfigure

Class ContentSecurityPolicyConfigurer

java.lang.Object

com.broadleafcommerce.auth.user.autoconfigure.ContentSecurityPolicyConfigurer

public class ContentSecurityPolicyConfigurer
extends Object

Responsible for configuring Content Security Policy (CSP) for SecurityAutoConfiguration.

Field Summary

Fields

Modifier and Type	Field	Description
protected static final String	BASE_URI_DIRECTIVE_FMT
protected static final String	DEFAULT_SRC_DIRECTIVE_FMT
protected static final String	FORM_ACTION_DIRECTIVE_FMT
protected static final String	FRAME_ANCESTORS_DIRECTIVE_FMT

Constructor Summary

Constructors

Constructor	Description
ContentSecurityPolicyConfigurer(AuthorizationServerProperties authorizationServerProperties)

Method Summary

Modifier and Type	Method	Description
void	configure(org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig config)	If isContentSecurityPolicyEnabled(), this method will be invoked to configure the content security policy.
protected AuthorizationServerProperties	getAuthorizationServerProperties()
protected String	getBaseUriDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)
protected String	getCombinedDirectivesValue()
protected String	getDefaultSrcDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)
protected String	getFormActionDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)
protected String	getFrameAncestorsDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)
boolean	isContentSecurityPolicyEnabled()	Whether or not content security policy behavior should be enabled.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DEFAULT_SRC_DIRECTIVE_FMT

protected static final String DEFAULT_SRC_DIRECTIVE_FMT

See Also:

• Constant Field Values

BASE_URI_DIRECTIVE_FMT

protected static final String BASE_URI_DIRECTIVE_FMT

See Also:

• Constant Field Values

FRAME_ANCESTORS_DIRECTIVE_FMT

protected static final String FRAME_ANCESTORS_DIRECTIVE_FMT

See Also:

• Constant Field Values

FORM_ACTION_DIRECTIVE_FMT

protected static final String FORM_ACTION_DIRECTIVE_FMT

See Also:

• Constant Field Values

Constructor Details

ContentSecurityPolicyConfigurer

public ContentSecurityPolicyConfigurer(AuthorizationServerProperties authorizationServerProperties)

Method Details

isContentSecurityPolicyEnabled

public boolean isContentSecurityPolicyEnabled()

Whether or not content security policy behavior should be enabled.

Returns:

true if the behavior should be enabled, false otherwise

configure

public void configure(org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig config)

If isContentSecurityPolicyEnabled(), this method will be invoked to configure the content security policy. This is typically invoked via HeadersConfigurer.contentSecurityPolicy(Customizer).

Parameters:

config - the content security policy configuration to customize

getCombinedDirectivesValue

@Nullable
protected String getCombinedDirectivesValue()

getDefaultSrcDirective

@Nullable
protected String getDefaultSrcDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)

getBaseUriDirective

@Nullable
protected String getBaseUriDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)

getFrameAncestorsDirective

@Nullable
protected String getFrameAncestorsDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)

getFormActionDirective

@Nullable
protected String getFormActionDirective(AuthorizationServerProperties.ContentSecurityPolicyProperties properties)

getAuthorizationServerProperties

protected AuthorizationServerProperties getAuthorizationServerProperties()