10 Temmuz 2019 Çarşamba

SpringSecurity HeadersConfigurer.HstsConfig Sınıfı - HTTP Strict Transport Security (HSTS)

includeSubDomains metodu
Şöyle yaparız.
@EnableWebSecurity
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .headers()
        .httpStrictTransportSecurity()
          .includeSubDomains(true)
          .maxAgeInSeconds(31536000);
    }
}
maxAgeInSeconds metodu
Şöyle yaparız.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter
{
  protected void configure(HttpSecurity http) throws Exception {
    // Other http configurations, e.g. authorizeRequests and CSRF
    // ...

    http.headers().httpStrictTransportSecurity()
      .maxAgeInSeconds(Duration.ofDays(365L).getSeconds())
      .includeSubDomains(true);
  }
}


Hiç yorum yok:

Yorum Gönder