Package org.apereo.cas.services.web.support

Class RegisteredServiceResponseHeadersEnforcementFilter

java.lang.Object

org.apereo.cas.web.support.filters.AbstractSecurityFilter

org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter

org.apereo.cas.services.web.support.RegisteredServiceResponseHeadersEnforcementFilter

All Implemented Interfaces:

javax.servlet.Filter

public class RegisteredServiceResponseHeadersEnforcementFilter
extends ResponseHeadersEnforcementFilter

This is RegisteredServiceResponseHeadersEnforcementFilter. A filter extension that looks at the properties of a registered service to determine if headers should be injected into the response.

Since:

5.3.0

Field Summary

Fields inherited from class org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter

INIT_PARAM_CACHE_CONTROL_STATIC_RESOURCES, INIT_PARAM_CONTENT_SECURITY_POLICY, INIT_PARAM_ENABLE_CACHE_CONTROL, INIT_PARAM_ENABLE_STRICT_TRANSPORT_SECURITY, INIT_PARAM_ENABLE_STRICT_XFRAME_OPTIONS, INIT_PARAM_ENABLE_XCONTENT_OPTIONS, INIT_PARAM_ENABLE_XSS_PROTECTION, INIT_PARAM_STRICT_XFRAME_OPTIONS, INIT_PARAM_XSS_PROTECTION

Fields inherited from class org.apereo.cas.web.support.filters.AbstractSecurityFilter

THROW_ON_ERROR

Constructor Summary

Constructors

Constructor	Description
RegisteredServiceResponseHeadersEnforcementFilter()

Method Summary

Modifier and Type	Method	Description
protected void	decideInsertCacheControlHeader(javax.servlet.http.HttpServletResponse httpServletResponse, javax.servlet.http.HttpServletRequest httpServletRequest, java.util.Optional<java.lang.Object> result)	Decide insert cache control header.
protected void	decideInsertContentSecurityPolicyHeader(javax.servlet.http.HttpServletResponse httpServletResponse, javax.servlet.http.HttpServletRequest httpServletRequest, java.util.Optional<java.lang.Object> result)	Decide insert content security policy header.
protected void	decideInsertStrictTransportSecurityHeader(javax.servlet.http.HttpServletResponse httpServletResponse, javax.servlet.http.HttpServletRequest httpServletRequest, java.util.Optional<java.lang.Object> result)	Decide insert strict transport security header.
protected void	decideInsertXContentTypeOptionsHeader(javax.servlet.http.HttpServletResponse httpServletResponse, javax.servlet.http.HttpServletRequest httpServletRequest, java.util.Optional<java.lang.Object> result)	Decide insert x content type options header.
protected void	decideInsertXFrameOptionsHeader(javax.servlet.http.HttpServletResponse httpServletResponse, javax.servlet.http.HttpServletRequest httpServletRequest, java.util.Optional<java.lang.Object> result)	Decide insert x frame options header.
protected void	decideInsertXSSProtectionHeader(javax.servlet.http.HttpServletResponse httpServletResponse, javax.servlet.http.HttpServletRequest httpServletRequest, java.util.Optional<java.lang.Object> result)	Decide insert xss protection header.
protected java.util.Optional<java.lang.Object>	prepareFilterBeforeExecution(javax.servlet.http.HttpServletResponse httpServletResponse, javax.servlet.http.HttpServletRequest httpServletRequest)	Prepare filter before execution and provide optional.

Methods inherited from class org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter

destroy, doFilter, init, insertCacheControlHeader, insertCacheControlHeader, insertContentSecurityPolicyHeader, insertContentSecurityPolicyHeader, insertStrictTransportSecurityHeader, insertStrictTransportSecurityHeader, insertXContentTypeOptionsHeader, insertXContentTypeOptionsHeader, insertXFrameOptionsHeader, insertXFrameOptionsHeader, insertXSSProtectionHeader, insertXSSProtectionHeader

Methods inherited from class org.apereo.cas.web.support.filters.AbstractSecurityFilter

isThrowOnErrors, logException, setThrowOnErrors

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RegisteredServiceResponseHeadersEnforcementFilter

public RegisteredServiceResponseHeadersEnforcementFilter()

Method Detail

prepareFilterBeforeExecution

protected java.util.Optional<java.lang.Object> prepareFilterBeforeExecution(javax.servlet.http.HttpServletResponse httpServletResponse,
                                                                            javax.servlet.http.HttpServletRequest httpServletRequest)

Description copied from class: ResponseHeadersEnforcementFilter

Prepare filter before execution and provide optional.

Overrides:

prepareFilterBeforeExecution in class ResponseHeadersEnforcementFilter

Parameters:

httpServletResponse - the http servlet response

httpServletRequest - the http servlet request

Returns:

the optional

decideInsertContentSecurityPolicyHeader

protected void decideInsertContentSecurityPolicyHeader(javax.servlet.http.HttpServletResponse httpServletResponse,
                                                       javax.servlet.http.HttpServletRequest httpServletRequest,
                                                       java.util.Optional<java.lang.Object> result)

Description copied from class: ResponseHeadersEnforcementFilter

Decide insert content security policy header.

Overrides:

decideInsertContentSecurityPolicyHeader in class ResponseHeadersEnforcementFilter

Parameters:

httpServletResponse - the http servlet response

httpServletRequest - the http servlet request

result - the result

decideInsertXSSProtectionHeader

protected void decideInsertXSSProtectionHeader(javax.servlet.http.HttpServletResponse httpServletResponse,
                                               javax.servlet.http.HttpServletRequest httpServletRequest,
                                               java.util.Optional<java.lang.Object> result)

Description copied from class: ResponseHeadersEnforcementFilter

Decide insert xss protection header.

Overrides:

decideInsertXSSProtectionHeader in class ResponseHeadersEnforcementFilter

Parameters:

httpServletResponse - the http servlet response

httpServletRequest - the http servlet request

result - the result

decideInsertXFrameOptionsHeader

protected void decideInsertXFrameOptionsHeader(javax.servlet.http.HttpServletResponse httpServletResponse,
                                               javax.servlet.http.HttpServletRequest httpServletRequest,
                                               java.util.Optional<java.lang.Object> result)

Description copied from class: ResponseHeadersEnforcementFilter

Decide insert x frame options header.

Overrides:

decideInsertXFrameOptionsHeader in class ResponseHeadersEnforcementFilter

Parameters:

httpServletResponse - the http servlet response

httpServletRequest - the http servlet request

result - the result

decideInsertXContentTypeOptionsHeader

protected void decideInsertXContentTypeOptionsHeader(javax.servlet.http.HttpServletResponse httpServletResponse,
                                                     javax.servlet.http.HttpServletRequest httpServletRequest,
                                                     java.util.Optional<java.lang.Object> result)

Description copied from class: ResponseHeadersEnforcementFilter

Decide insert x content type options header.

Overrides:

decideInsertXContentTypeOptionsHeader in class ResponseHeadersEnforcementFilter

Parameters:

httpServletResponse - the http servlet response

httpServletRequest - the http servlet request

result - the result

decideInsertCacheControlHeader

protected void decideInsertCacheControlHeader(javax.servlet.http.HttpServletResponse httpServletResponse,
                                              javax.servlet.http.HttpServletRequest httpServletRequest,
                                              java.util.Optional<java.lang.Object> result)

Description copied from class: ResponseHeadersEnforcementFilter

Decide insert cache control header.

Overrides:

decideInsertCacheControlHeader in class ResponseHeadersEnforcementFilter

Parameters:

httpServletResponse - the http servlet response

httpServletRequest - the http servlet request

result - the result

decideInsertStrictTransportSecurityHeader

protected void decideInsertStrictTransportSecurityHeader(javax.servlet.http.HttpServletResponse httpServletResponse,
                                                         javax.servlet.http.HttpServletRequest httpServletRequest,
                                                         java.util.Optional<java.lang.Object> result)

Description copied from class: ResponseHeadersEnforcementFilter

Decide insert strict transport security header.

Overrides:

decideInsertStrictTransportSecurityHeader in class ResponseHeadersEnforcementFilter

Parameters:

httpServletResponse - the http servlet response

httpServletRequest - the http servlet request

result - the result