diff --git a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java index e31cd6fb46..81c0899bd2 100644 --- a/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/http/HeadersBeanDefinitionParser.java @@ -18,7 +18,6 @@ package org.springframework.security.config.http; import java.net.URI; import java.net.URISyntaxException; import java.util.List; -import java.util.regex.PatternSyntaxException; import org.springframework.beans.BeanMetadataElement; import org.springframework.beans.factory.config.BeanDefinition; @@ -33,7 +32,6 @@ import org.springframework.security.web.header.writers.HstsHeaderWriter; import org.springframework.security.web.header.writers.StaticHeadersWriter; import org.springframework.security.web.header.writers.XContentTypeOptionsHeaderWriter; import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter; -import org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy; import org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy; import org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy; import org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy; @@ -200,20 +198,16 @@ public class HeadersBeanDefinitionParser implements BeanDefinitionParser { "'value' attribute doesn't represent a valid URI.", frameElt, e); } } else { - AbstractRequestParameterAllowFromStrategy allowFromStrategy = null; + BeanDefinitionBuilder allowFromStrategy; if ("whitelist".equals(strategy)) { - allowFromStrategy = new WhiteListedAllowFromStrategy( - StringUtils.commaDelimitedListToSet(value)); + allowFromStrategy = BeanDefinitionBuilder.rootBeanDefinition(WhiteListedAllowFromStrategy.class); + allowFromStrategy.addConstructorArgValue(StringUtils.commaDelimitedListToSet(value)); } else { - try { - allowFromStrategy = new RegExpAllowFromStrategy(value); - } catch (PatternSyntaxException e) { - parserContext.getReaderContext().error( - "'value' attribute doesn't represent a valid regular expression.", frameElt, e); - } + allowFromStrategy = BeanDefinitionBuilder.rootBeanDefinition(RegExpAllowFromStrategy.class); + allowFromStrategy.addConstructorArgValue(value); } String fromParameter = getAttribute(frameElt, ATT_FROM_PARAMETER, "from"); - allowFromStrategy.setAllowFromParameterName(fromParameter); + allowFromStrategy.addPropertyValue("allowFromParameterName", fromParameter); builder.addConstructorArgValue(allowFromStrategy); } } else { diff --git a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java index 35fe949f29..ef4699b21a 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/DelegatingRequestMatcherHeaderWriter.java @@ -29,7 +29,7 @@ import org.springframework.util.Assert; * @author Rob Winch * @since 3.2 */ -public class DelegatingRequestMatcherHeaderWriter implements HeaderWriter { +public final class DelegatingRequestMatcherHeaderWriter implements HeaderWriter { private final RequestMatcher requestMatcher; private final HeaderWriter delegateHeaderWriter; diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java index 07244f1b0b..06078792a2 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/AbstractRequestParameterAllowFromStrategy.java @@ -14,7 +14,7 @@ import javax.servlet.http.HttpServletRequest; * @author Marten Deinum * @since 3.2 */ -public abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStrategy { +abstract class AbstractRequestParameterAllowFromStrategy implements AllowFromStrategy { private static final String DEFAULT_ORIGIN_REQUEST_PARAMETER = "x-frames-allow-from"; diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java index 739de0e144..0dbeb83bf7 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java @@ -12,7 +12,7 @@ import java.util.regex.Pattern; * @author Marten Deinum * @since 3.2 */ -public class RegExpAllowFromStrategy extends AbstractRequestParameterAllowFromStrategy { +public final class RegExpAllowFromStrategy extends AbstractRequestParameterAllowFromStrategy { private final Pattern pattern; diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java index 1c9257b400..c5b2d4f302 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/StaticAllowFromStrategy.java @@ -6,12 +6,12 @@ import java.net.URI; /** * Simple implementation of the {@code AllowFromStrategy} */ -public class StaticAllowFromStrategy implements AllowFromStrategy { +public final class StaticAllowFromStrategy implements AllowFromStrategy { private final URI uri; public StaticAllowFromStrategy(URI uri) { - this.uri=uri; + this.uri = uri; } public String getAllowFromValue(HttpServletRequest request) { diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java index ae477f67ae..b031168904 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/WhiteListedAllowFromStrategy.java @@ -10,7 +10,7 @@ import org.springframework.util.Assert; * @author Marten Deinum * @since 3.2 */ -public class WhiteListedAllowFromStrategy extends AbstractRequestParameterAllowFromStrategy { +public final class WhiteListedAllowFromStrategy extends AbstractRequestParameterAllowFromStrategy { private final Collection allowed; diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java index 5fdc0db037..1be69816fe 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/XFrameOptionsHeaderWriter.java @@ -31,7 +31,7 @@ import javax.servlet.http.HttpServletResponse; * * @see AllowFromStrategy */ -public class XFrameOptionsHeaderWriter implements HeaderWriter { +public final class XFrameOptionsHeaderWriter implements HeaderWriter { public static final String XFRAME_OPTIONS_HEADER = "X-Frame-Options"; @@ -110,7 +110,7 @@ public class XFrameOptionsHeaderWriter implements HeaderWriter { * * @return the mode for the X-Frame-Options header value. */ - public String getMode() { + private String getMode() { return mode; } }