• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
  • Mike London

How to enable content security policy to selective http patterns in spring security

Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is a code snippet from my spring-security.xml

<http pattern="/*/yyy/**" security="none" />
<http pattern="/*/zzz/**" security="none"/>

<http create-session="stateless" use-expressions="true">
<csrf disabled="true" />
<intercept-url method="GET" pattern="/*/api/products" access="xxxx" />
<http-basic entry-point-ref="customBasicAuthenticationEntryPoint" />
Now, for the http pattern with security="none" above, I want to enable Content Security Policy (CSP) for that. As long as I keep it security="none", I don't think I can apply CSP to it.

the header to enable CSP in spring security is like:

<header name="Content-Security-Policy" value="default-src 'self'"/>

Now, I want to apply this header only to the first two http patterns where I have security="none" right now and not to the rest of the URLS I have added in the next http block. I just could not find a way to do it. Is it possible? Can someone please suggest?

I dont need to define entry-point-ref to these first two patterns. But, removing security="none" kind of forces me to define one for it. Please note that all I want is to be able to enable CSP for those selected patterns and that is all. Please help!
Don't get me started about those stupid light bulbs.
    Bookmark Topic Watch Topic
  • New Topic