@Bean(HTTPSECURITY_BEAN_NAME) @Scope("prototype") public ServerHttpSecurity httpSecurity() { ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity(); return http .authenticationManager(authenticationManager()) .headers().and() .logout().and(); }
this.headers.configure(this);
@Test public void headersWhenContentSecurityPolicyEnabledThenFeaturePolicyWritten() { String policyDirectives = "default-src 'self'"; this.expectedHeaders.add(ContentSecurityPolicyServerHttpHeadersWriter.CONTENT_SECURITY_POLICY, policyDirectives); this.headers.contentSecurityPolicy(policyDirectives); assertHeaders(); }
this.headers.configure(this);
this.headers = new HeaderSpec();
@Bean(HTTPSECURITY_BEAN_NAME) @Scope("prototype") public ServerHttpSecurity httpSecurity() { ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity(); return http .authenticationManager(authenticationManager()) .headers().and() .logout().and(); }
this.headers.configure(this);
this.headers = new HeaderSpec();
@Bean(HTTPSECURITY_BEAN_NAME) @Scope("prototype") public ServerHttpSecurity httpSecurity() { ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity(); return http .authenticationManager(authenticationManager()) .headers().and() .logout().and(); }
this.headers = new HeaderSpec();
private WebTestClient buildClient() { return WebTestClientBuilder.bindToWebFilters(this.headers.and().build()).build(); } }
@Test public void headersWhenDisableAndInvokedExplicitlyThenDefautsUsed() { this.headers.disable() .headers(); assertHeaders(); }
@Test public void headersWhenCacheDisableThenCacheNotWritten() { expectHeaderNamesNotPresent(HttpHeaders.CACHE_CONTROL, HttpHeaders.PRAGMA, HttpHeaders.EXPIRES); this.headers.cache().disable(); assertHeaders(); }
@Test public void headersWhenDisableThenNoSecurityHeaders() { new HashSet<>(this.expectedHeaders.keySet()).forEach(this::expectHeaderNamesNotPresent); this.headers.disable(); assertHeaders(); }
@Test public void headersWhenContentOptionsDisableThenContentTypeOptionsNotWritten() { expectHeaderNamesNotPresent(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS); this.headers.contentTypeOptions().disable(); assertHeaders(); }