Enabling HTTP Strict Transport Security in response headers

bcgov · Aug 31, 2023 · d1fafa1 · d1fafa1
1 parent 7ac766e
commit d1fafa1
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/src/main/java/ca/bc/gov/iamp/bcparis/WebSecurityConfig.java b/src/main/java/ca/bc/gov/iamp/bcparis/WebSecurityConfig.java
@@ -0,0 +1,19 @@
+package ca.bc.gov.iamp.bcparis;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@EnableWebSecurity
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+  @Override
+  protected void configure(HttpSecurity http) throws Exception {
+	  http
+	  .headers()
+		.httpStrictTransportSecurity()
+			.includeSubdomains(true)
+			.maxAgeSeconds(31536000);
+  }
+}