HttpHeadersWriter->ServerHttpHeadersWriter

Issue gh-4615

config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java

@@ -48,14 +48,14 @@ import org.springframework.security.web.server.context.SecurityContextServerRepo
 import org.springframework.security.web.server.context.SecurityContextRepositoryWebFilter;
 import org.springframework.security.web.server.context.ServerWebExchangeAttributeSecurityContextServerRepository;
 import org.springframework.security.web.server.context.WebSessionSecurityContextServerRepository;
-import org.springframework.security.web.server.header.CacheControlHttpHeadersWriter;
-import org.springframework.security.web.server.header.CompositeHttpHeadersWriter;
-import org.springframework.security.web.server.header.ContentTypeOptionsHttpHeadersWriter;
+import org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter;
+import org.springframework.security.web.server.header.CompositeServerHttpHeadersWriter;
+import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter;
 import org.springframework.security.web.server.header.HttpHeaderWriterWebFilter;
-import org.springframework.security.web.server.header.HttpHeadersWriter;
-import org.springframework.security.web.server.header.StrictTransportSecurityHttpHeadersWriter;
-import org.springframework.security.web.server.header.XFrameOptionsHttpHeadersWriter;
-import org.springframework.security.web.server.header.XXssProtectionHttpHeadersWriter;
+import org.springframework.security.web.server.header.ServerHttpHeadersWriter;
+import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter;
+import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter;
+import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter;
 import org.springframework.security.web.server.ui.LoginPageGeneratingWebFilter;
 import org.springframework.security.web.server.util.matcher.MediaTypeServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
@@ -449,17 +449,17 @@ public class HttpSecurity {
 	 * @since 5.0
 	 */
 	public class HeaderBuilder {
-		private final List<HttpHeadersWriter> writers;
+		private final List<ServerHttpHeadersWriter> writers;
 
-		private CacheControlHttpHeadersWriter cacheControl = new CacheControlHttpHeadersWriter();
+		private CacheControlServerHttpHeadersWriter cacheControl = new CacheControlServerHttpHeadersWriter();
 
-		private ContentTypeOptionsHttpHeadersWriter contentTypeOptions = new ContentTypeOptionsHttpHeadersWriter();
+		private ContentTypeOptionsServerHttpHeadersWriter contentTypeOptions = new ContentTypeOptionsServerHttpHeadersWriter();
 
-		private StrictTransportSecurityHttpHeadersWriter hsts = new StrictTransportSecurityHttpHeadersWriter();
+		private StrictTransportSecurityServerHttpHeadersWriter hsts = new StrictTransportSecurityServerHttpHeadersWriter();
 
-		private XFrameOptionsHttpHeadersWriter frameOptions = new XFrameOptionsHttpHeadersWriter();
+		private XFrameOptionsServerHttpHeadersWriter frameOptions = new XFrameOptionsServerHttpHeadersWriter();
 
-		private XXssProtectionHttpHeadersWriter xss = new XXssProtectionHttpHeadersWriter();
+		private XXssProtectionServerHttpHeadersWriter xss = new XXssProtectionServerHttpHeadersWriter();
 
 		public HttpSecurity and() {
 			return HttpSecurity.this;
@@ -482,7 +482,7 @@ public class HttpSecurity {
 		}
 
 		protected void configure(HttpSecurity http) {
-			HttpHeadersWriter writer = new CompositeHttpHeadersWriter(this.writers);
+			ServerHttpHeadersWriter writer = new CompositeServerHttpHeadersWriter(this.writers);
 			HttpHeaderWriterWebFilter result = new HttpHeaderWriterWebFilter(writer);
 			http.addFilterAt(result, SecurityWebFiltersOrder.HTTP_HEADERS_WRITER);
 		}
@@ -508,7 +508,7 @@ public class HttpSecurity {
 		}
 
 		public class FrameOptionsSpec {
-			public void mode(XFrameOptionsHttpHeadersWriter.Mode mode) {
+			public void mode(XFrameOptionsServerHttpHeadersWriter.Mode mode) {
 				HeaderBuilder.this.frameOptions.setMode(mode);
 			}
 			public void disable() {

config/src/test/java/org/springframework/security/config/web/server/HeaderBuilderTests.java

@@ -20,10 +20,10 @@ import org.junit.Before;
 import org.junit.Test;
 import org.springframework.http.HttpHeaders;
 import org.springframework.security.test.web.reactive.server.WebTestClientBuilder;
-import org.springframework.security.web.server.header.ContentTypeOptionsHttpHeadersWriter;
-import org.springframework.security.web.server.header.StrictTransportSecurityHttpHeadersWriter;
-import org.springframework.security.web.server.header.XFrameOptionsHttpHeadersWriter;
-import org.springframework.security.web.server.header.XXssProtectionHttpHeadersWriter;
+import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter;
+import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter;
+import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter;
+import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter;
 import org.springframework.test.web.reactive.server.FluxExchangeResult;
 import org.springframework.test.web.reactive.server.WebTestClient;
 
@@ -49,15 +49,15 @@ public class HeaderBuilderTests {
 
 	@Before
 	public void setup() {
-		this.expectedHeaders.add(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains");
+		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=31536000 ; includeSubDomains");
 		this.expectedHeaders.add(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate");
 		this.expectedHeaders.add(HttpHeaders.PRAGMA, "no-cache");
 		this.expectedHeaders.add(HttpHeaders.EXPIRES, "0");
 		this.expectedHeaders
-			.add(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, "nosniff");
-		this.expectedHeaders.add(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS, "DENY");
+			.add(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, "nosniff");
+		this.expectedHeaders.add(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "DENY");
 		this.expectedHeaders
-			.add(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block");
+			.add(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block");
 	}
 
 	@Test
@@ -77,7 +77,7 @@ public class HeaderBuilderTests {
 
 	@Test
 	public void headersWhenContentOptionsDisableThenContentTypeOptionsNotWritten() {
-		this.expectedHeaders.remove(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS);
+		this.expectedHeaders.remove(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS);
 		this.headers.contentTypeOptions().disable();
 
 		assertHeaders();
@@ -85,7 +85,7 @@ public class HeaderBuilderTests {
 
 	@Test
 	public void headersWhenHstsDisableThenHstsNotWritten() {
-		this.expectedHeaders.remove(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
+		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
 		this.headers.hsts().disable();
 
 		assertHeaders();
@@ -93,8 +93,8 @@ public class HeaderBuilderTests {
 
 	@Test
 	public void headersWhenHstsCustomThenCustomHstsWritten() {
-		this.expectedHeaders.remove(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
-		this.expectedHeaders.add(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60");
+		this.expectedHeaders.remove(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY);
+		this.expectedHeaders.add(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY, "max-age=60");
 		this.headers.hsts().maxAge(Duration.ofSeconds(60));
 		this.headers.hsts().includeSubdomains(false);
 
@@ -103,7 +103,7 @@ public class HeaderBuilderTests {
 
 	@Test
 	public void headersWhenFrameOptionsDisableThenFrameOptionsNotWritten() {
-		this.expectedHeaders.remove(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS);
+		this.expectedHeaders.remove(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
 		this.headers.frameOptions().disable();
 
 		assertHeaders();
@@ -111,10 +111,10 @@ public class HeaderBuilderTests {
 
 	@Test
 	public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() {
-		this.expectedHeaders.remove(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS);
+		this.expectedHeaders.remove(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS);
 		this.expectedHeaders
-			.add(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
-		this.headers.frameOptions().mode(XFrameOptionsHttpHeadersWriter.Mode.SAMEORIGIN);
+			.add(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
+		this.headers.frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
 
 		assertHeaders();
 	}

samples/javaconfig/hellowebflux-method/src/integration-test/java/sample/HelloWebfluxMethodApplicationITests.java

@@ -19,15 +19,11 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
-import org.springframework.security.web.server.header.ContentTypeOptionsHttpHeadersWriter;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringRunner;
-import org.springframework.test.web.reactive.server.ExchangeResult;
 import org.springframework.test.web.reactive.server.WebTestClient;
-import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
 
 import java.nio.charset.Charset;
 import java.time.Duration;

webflux/src/main/java/org/springframework/security/web/server/header/CacheControlHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriter.java

@@ -25,7 +25,7 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class CacheControlHttpHeadersWriter implements HttpHeadersWriter {
+public class CacheControlServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 
 	/**
 	 * The value for expires value
@@ -45,10 +45,11 @@ public class CacheControlHttpHeadersWriter implements HttpHeadersWriter {
 	/**
 	 * The delegate to write all the cache control related headers
 	 */
-	private static final HttpHeadersWriter CACHE_HEADERS = StaticHttpHeadersWriter.builder()
-			.header(HttpHeaders.CACHE_CONTROL, CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
-			.header(HttpHeaders.PRAGMA,  CacheControlHttpHeadersWriter.PRAGMA_VALUE)
-			.header(HttpHeaders.EXPIRES,  CacheControlHttpHeadersWriter.EXPIRES_VALUE)
+	private static final ServerHttpHeadersWriter CACHE_HEADERS = StaticServerHttpHeadersWriter
+		.builder()
+			.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
+			.header(HttpHeaders.PRAGMA,  CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
+			.header(HttpHeaders.EXPIRES,  CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
 			.build();
 
 	@Override

webflux/src/main/java/org/springframework/security/web/server/header/CompositeHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriter.java

@@ -29,14 +29,14 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class CompositeHttpHeadersWriter implements HttpHeadersWriter {
-	private final List<HttpHeadersWriter> writers;
+public class CompositeServerHttpHeadersWriter implements ServerHttpHeadersWriter {
+	private final List<ServerHttpHeadersWriter> writers;
 
-	public CompositeHttpHeadersWriter(HttpHeadersWriter... writers) {
+	public CompositeServerHttpHeadersWriter(ServerHttpHeadersWriter... writers) {
 		this(Arrays.asList(writers));
 	}
 
-	public CompositeHttpHeadersWriter(List<HttpHeadersWriter> writers) {
+	public CompositeServerHttpHeadersWriter(List<ServerHttpHeadersWriter> writers) {
 		this.writers = writers;
 	}
 

webflux/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/ContentTypeOptionsServerHttpHeadersWriter.java

@@ -24,7 +24,8 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class ContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
+public class ContentTypeOptionsServerHttpHeadersWriter
+	implements ServerHttpHeadersWriter {
 
 	public static final String X_CONTENT_OPTIONS = "X-Content-Type-Options";
 
@@ -34,7 +35,8 @@ public class ContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
 	/**
 	 * The delegate to write all the cache control related headers
 	 */
-	private static final HttpHeadersWriter CONTENT_TYPE_HEADERS = StaticHttpHeadersWriter.builder()
+	private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter
+		.builder()
 			.header(X_CONTENT_OPTIONS, NOSNIFF)
 			.build();
 

webflux/src/main/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilter.java

@@ -23,16 +23,16 @@ import org.springframework.web.server.WebFilterChain;
 import reactor.core.publisher.Mono;
 
 /**
- * Invokes a {@link HttpHeadersWriter} on
+ * Invokes a {@link ServerHttpHeadersWriter} on
  * {@link ServerHttpResponse#beforeCommit(java.util.function.Supplier)}.
  *
  * @author Rob Winch
  * @since 5.0
  */
 public class HttpHeaderWriterWebFilter implements WebFilter {
-	private final HttpHeadersWriter writer;
+	private final ServerHttpHeadersWriter writer;
 
-	public HttpHeaderWriterWebFilter(HttpHeadersWriter writer) {
+	public HttpHeaderWriterWebFilter(ServerHttpHeadersWriter writer) {
 		super();
 		this.writer = writer;
 	}

webflux/src/main/java/org/springframework/security/web/server/header/HttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/ServerHttpHeadersWriter.java

@@ -28,7 +28,7 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public interface HttpHeadersWriter {
+public interface ServerHttpHeadersWriter {
 
 	/**
 	 * Write the headers to the response.

webflux/src/main/java/org/springframework/security/web/server/header/StaticHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriter.java

@@ -27,10 +27,10 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class StaticHttpHeadersWriter implements HttpHeadersWriter {
+public class StaticServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 	private final HttpHeaders headersToAdd;
 
-	public StaticHttpHeadersWriter(HttpHeaders headersToAdd) {
+	public StaticServerHttpHeadersWriter(HttpHeaders headersToAdd) {
 		this.headersToAdd = headersToAdd;
 	}
 
@@ -61,8 +61,8 @@ public class StaticHttpHeadersWriter implements HttpHeadersWriter {
 			return this;
 		}
 
-		public StaticHttpHeadersWriter build() {
-			return new StaticHttpHeadersWriter(headers);
+		public StaticServerHttpHeadersWriter build() {
+			return new StaticServerHttpHeadersWriter(headers);
 		}
 	}
 }

webflux/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriter.java

@@ -25,19 +25,20 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public final class StrictTransportSecurityHttpHeadersWriter implements HttpHeadersWriter {
+public final class StrictTransportSecurityServerHttpHeadersWriter
+	implements ServerHttpHeadersWriter {
 	public static final String STRICT_TRANSPORT_SECURITY = "Strict-Transport-Security";
 
 	private String maxAge;
 
 	private String subdomain;
 
-	private HttpHeadersWriter delegate;
+	private ServerHttpHeadersWriter delegate;
 
 	/**
 	 *
 	 */
-	public StrictTransportSecurityHttpHeadersWriter() {
+	public StrictTransportSecurityServerHttpHeadersWriter() {
 		setIncludeSubDomains(true);
 		setMaxAge(Duration.ofDays(365L));
 		updateDelegate();
@@ -62,7 +63,7 @@ public final class StrictTransportSecurityHttpHeadersWriter implements HttpHeade
 	}
 
 	private void updateDelegate() {
-		delegate = StaticHttpHeadersWriter.builder()
+		delegate = StaticServerHttpHeadersWriter.builder()
 				.header(STRICT_TRANSPORT_SECURITY, maxAge + subdomain)
 				.build();
 	}

webflux/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriter.java

@@ -25,7 +25,8 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class XContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
+public class XContentTypeOptionsServerHttpHeadersWriter
+	implements ServerHttpHeadersWriter {
 
 	public static final String X_CONTENT_OPTIONS = "X-Content-Options";
 
@@ -35,7 +36,8 @@ public class XContentTypeOptionsHttpHeadersWriter implements HttpHeadersWriter {
 	/**
 	 * The delegate to write all the cache control related headers
 	 */
-	private static final HttpHeadersWriter CONTENT_TYPE_HEADERS = StaticHttpHeadersWriter.builder()
+	private static final ServerHttpHeadersWriter CONTENT_TYPE_HEADERS = StaticServerHttpHeadersWriter
+		.builder()
 			.header(X_CONTENT_OPTIONS, NOSNIFF)
 			.build();
 

webflux/src/main/java/org/springframework/security/web/server/header/XFrameOptionsHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriter.java

@@ -23,10 +23,10 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class XFrameOptionsHttpHeadersWriter implements HttpHeadersWriter {
+public class XFrameOptionsServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 	public static final String X_FRAME_OPTIONS = "X-Frame-Options";
 
-	private HttpHeadersWriter delegate = createDelegate(Mode.DENY);
+	private ServerHttpHeadersWriter delegate = createDelegate(Mode.DENY);
 
 	/*
 	 * (non-Javadoc)
@@ -82,9 +82,9 @@ public class XFrameOptionsHttpHeadersWriter implements HttpHeadersWriter {
 		SAMEORIGIN;
 	}
 
-	private static HttpHeadersWriter createDelegate(Mode mode) {
+	private static ServerHttpHeadersWriter createDelegate(Mode mode) {
 		// @formatter:off
-		return StaticHttpHeadersWriter.builder().header(X_FRAME_OPTIONS, mode.name()).build();
+		return StaticServerHttpHeadersWriter.builder().header(X_FRAME_OPTIONS, mode.name()).build();
 		// @formatter:on
 
 	}

webflux/src/main/java/org/springframework/security/web/server/header/XXssProtectionHttpHeadersWriter.java → webflux/src/main/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriter.java

@@ -23,19 +23,19 @@ import reactor.core.publisher.Mono;
  * @author Rob Winch
  * @since 5.0
  */
-public class XXssProtectionHttpHeadersWriter implements HttpHeadersWriter {
+public class XXssProtectionServerHttpHeadersWriter implements ServerHttpHeadersWriter {
 	public static final String X_XSS_PROTECTION = "X-XSS-Protection";
 
 	private boolean enabled;
 
 	private boolean block;
 
-	private HttpHeadersWriter delegate;
+	private ServerHttpHeadersWriter delegate;
 
 	/**
 	 *
 	 */
-	public XXssProtectionHttpHeadersWriter() {
+	public XXssProtectionServerHttpHeadersWriter() {
 		this.enabled = true;
 		this.block = true;
 		updateDelegate();
@@ -97,7 +97,7 @@ public class XXssProtectionHttpHeadersWriter implements HttpHeadersWriter {
 
 	private void updateDelegate() {
 
-		this.delegate = StaticHttpHeadersWriter.builder()
+		this.delegate = StaticServerHttpHeadersWriter.builder()
 				.header(X_XSS_PROTECTION, createHeaderValue())
 				.build();
 	}

webflux/src/test/java/org/springframework/security/web/server/header/CacheControlHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/CacheControlServerHttpHeadersWriterTests.java

@@ -28,8 +28,8 @@ import org.springframework.web.server.ServerWebExchange;
  * @since 5.0
  *
  */
-public class CacheControlHttpHeadersWriterTests {
-	CacheControlHttpHeadersWriter writer = new CacheControlHttpHeadersWriter();
+public class CacheControlServerHttpHeadersWriterTests {
+	CacheControlServerHttpHeadersWriter writer = new CacheControlServerHttpHeadersWriter();
 
 	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
 
@@ -40,9 +40,12 @@ public class CacheControlHttpHeadersWriterTests {
 		writer.writeHttpHeaders(exchange);
 
 		assertThat(headers).hasSize(3);
-		assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
-		assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(CacheControlHttpHeadersWriter.EXPIRES_VALUE);
-		assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlHttpHeadersWriter.PRAGMA_VALUE);
+		assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(
+			CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
+		assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(
+			CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
+		assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(
+			CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
 	}
 
 	@Test

webflux/src/test/java/org/springframework/security/web/server/header/CompositeHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/CompositeServerHttpHeadersWriterTests.java

@@ -37,20 +37,18 @@ import reactor.test.StepVerifier;
  * @since 5.0
  */
 @RunWith(MockitoJUnitRunner.class)
-public class CompositeHttpHeadersWriterTests {
-	@Mock
-	HttpHeadersWriter writer1;
+public class CompositeServerHttpHeadersWriterTests {
+	@Mock ServerHttpHeadersWriter writer1;
 
-	@Mock
-	HttpHeadersWriter writer2;
+	@Mock ServerHttpHeadersWriter writer2;
 
-	CompositeHttpHeadersWriter writer;
+	CompositeServerHttpHeadersWriter writer;
 
 	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
 
 	@Before
 	public void setup() {
-		writer = new CompositeHttpHeadersWriter(Arrays.asList(writer1, writer2));
+		writer = new CompositeServerHttpHeadersWriter(Arrays.asList(writer1, writer2));
 	}
 
 	@Test

webflux/src/test/java/org/springframework/security/web/server/header/HttpHeaderWriterWebFilterTests.java

@@ -40,8 +40,7 @@ import reactor.core.publisher.Mono;
  */
 @RunWith(MockitoJUnitRunner.class)
 public class HttpHeaderWriterWebFilterTests {
-	@Mock
-	HttpHeadersWriter writer;
+	@Mock ServerHttpHeadersWriter writer;
 
 	HttpHeaderWriterWebFilter filter;
 

webflux/src/test/java/org/springframework/security/web/server/header/StaticHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/StaticServerHttpHeadersWriterTests.java

@@ -26,10 +26,10 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Rob Winch
  * @since 5.0
  */
-public class StaticHttpHeadersWriterTests {
+public class StaticServerHttpHeadersWriterTests {
 
-	StaticHttpHeadersWriter writer = StaticHttpHeadersWriter.builder()
-			.header(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, ContentTypeOptionsHttpHeadersWriter.NOSNIFF)
+	StaticServerHttpHeadersWriter writer = StaticServerHttpHeadersWriter.builder()
+			.header(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF)
 			.build();
 
 	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
@@ -40,32 +40,36 @@ public class StaticHttpHeadersWriterTests {
 	public void writeHeadersWhenSingleHeaderThenWritesHeader() {
 		writer.writeHttpHeaders(exchange);
 
-		assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(ContentTypeOptionsHttpHeadersWriter.NOSNIFF);
+		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(
+			ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
 	}
 
 	@Test
 	public void writeHeadersWhenSingleHeaderAndHeaderWrittenThenSuccess() {
 		String headerValue = "other";
-		headers.set(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
+		headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
 
 		writer.writeHttpHeaders(exchange);
 
-		assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
+		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
 	}
 
 	@Test
 	public void writeHeadersWhenMultiHeaderThenWritesAllHeaders() {
-		writer = StaticHttpHeadersWriter.builder()
-					.header(HttpHeaders.CACHE_CONTROL, CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
-					.header(HttpHeaders.PRAGMA,  CacheControlHttpHeadersWriter.PRAGMA_VALUE)
-					.header(HttpHeaders.EXPIRES,  CacheControlHttpHeadersWriter.EXPIRES_VALUE)
+		writer = StaticServerHttpHeadersWriter.builder()
+					.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
+					.header(HttpHeaders.PRAGMA,  CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
+					.header(HttpHeaders.EXPIRES,  CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
 					.build();
 
 		writer.writeHttpHeaders(exchange);
 
-		assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
-		assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(CacheControlHttpHeadersWriter.PRAGMA_VALUE);
-		assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(CacheControlHttpHeadersWriter.EXPIRES_VALUE);
+		assertThat(headers.get(HttpHeaders.CACHE_CONTROL)).containsOnly(
+			CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE);
+		assertThat(headers.get(HttpHeaders.PRAGMA)).containsOnly(
+			CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
+		assertThat(headers.get(HttpHeaders.EXPIRES)).containsOnly(
+			CacheControlServerHttpHeadersWriter.EXPIRES_VALUE);
 	}
 
 	@Test
@@ -73,10 +77,10 @@ public class StaticHttpHeadersWriterTests {
 		String headerValue = "other";
 		headers.set(HttpHeaders.CACHE_CONTROL, headerValue);
 
-		writer = StaticHttpHeadersWriter.builder()
-					.header(HttpHeaders.CACHE_CONTROL, CacheControlHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
-					.header(HttpHeaders.PRAGMA,  CacheControlHttpHeadersWriter.PRAGMA_VALUE)
-					.header(HttpHeaders.EXPIRES,  CacheControlHttpHeadersWriter.EXPIRES_VALUE)
+		writer = StaticServerHttpHeadersWriter.builder()
+					.header(HttpHeaders.CACHE_CONTROL, CacheControlServerHttpHeadersWriter.CACHE_CONTRTOL_VALUE)
+					.header(HttpHeaders.PRAGMA,  CacheControlServerHttpHeadersWriter.PRAGMA_VALUE)
+					.header(HttpHeaders.EXPIRES,  CacheControlServerHttpHeadersWriter.EXPIRES_VALUE)
 					.build();
 
 		writer.writeHttpHeaders(exchange);

webflux/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/StrictTransportSecurityServerHttpHeadersWriterTests.java

@@ -29,8 +29,8 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Rob Winch
  * @since 5.0
  */
-public class StrictTransportSecurityHttpHeadersWriterTests {
-	StrictTransportSecurityHttpHeadersWriter hsts = new StrictTransportSecurityHttpHeadersWriter();
+public class StrictTransportSecurityServerHttpHeadersWriterTests {
+	StrictTransportSecurityServerHttpHeadersWriter hsts = new StrictTransportSecurityServerHttpHeadersWriter();
 
 	ServerWebExchange exchange;
 
@@ -42,7 +42,7 @@ public class StrictTransportSecurityHttpHeadersWriterTests {
 
 		HttpHeaders headers = exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers).containsEntry(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
+		assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				Arrays.asList("max-age=31536000 ; includeSubDomains"));
 	}
 
@@ -56,7 +56,7 @@ public class StrictTransportSecurityHttpHeadersWriterTests {
 
 		HttpHeaders headers = exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers).containsEntry(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
+		assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				Arrays.asList("max-age=" + maxAge.getSeconds() + " ; includeSubDomains"));
 	}
 
@@ -69,7 +69,7 @@ public class StrictTransportSecurityHttpHeadersWriterTests {
 
 		HttpHeaders headers = exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers).containsEntry(StrictTransportSecurityHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
+		assertThat(headers).containsEntry(StrictTransportSecurityServerHttpHeadersWriter.STRICT_TRANSPORT_SECURITY,
 				Arrays.asList("max-age=31536000"));
 	}
 

webflux/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/XContentTypeOptionsServerHttpHeadersWriterTests.java

@@ -26,9 +26,9 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Rob Winch
  * @since 5.0
  */
-public class XContentTypeOptionsHttpHeadersWriterTests {
+public class XContentTypeOptionsServerHttpHeadersWriterTests {
 
-	ContentTypeOptionsHttpHeadersWriter writer = new ContentTypeOptionsHttpHeadersWriter();
+	ContentTypeOptionsServerHttpHeadersWriter writer = new ContentTypeOptionsServerHttpHeadersWriter();
 
 	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
 
@@ -39,17 +39,18 @@ public class XContentTypeOptionsHttpHeadersWriterTests {
 		writer.writeHttpHeaders(exchange);
 
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(ContentTypeOptionsHttpHeadersWriter.NOSNIFF);
+		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(
+			ContentTypeOptionsServerHttpHeadersWriter.NOSNIFF);
 	}
 
 	@Test
 	public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
 		String headerValue = "value";
-		headers.set(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
+		headers.set(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS, headerValue);
 
 		writer.writeHttpHeaders(exchange);
 
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(ContentTypeOptionsHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
+		assertThat(headers.get(ContentTypeOptionsServerHttpHeadersWriter.X_CONTENT_OPTIONS)).containsOnly(headerValue);
 	}
 }

webflux/src/test/java/org/springframework/security/web/server/header/XFrameOptionsHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/XFrameOptionsServerHttpHeadersWriterTests.java

@@ -27,15 +27,15 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Rob Winch
  * @since 5.0
  */
-public class XFrameOptionsHttpHeadersWriterTests {
+public class XFrameOptionsServerHttpHeadersWriterTests {
 
 	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
 
-	XFrameOptionsHttpHeadersWriter writer;
+	XFrameOptionsServerHttpHeadersWriter writer;
 
 	@Before
 	public void setup() {
-		writer = new XFrameOptionsHttpHeadersWriter();
+		writer = new XFrameOptionsServerHttpHeadersWriter();
 	}
 
 	@Test
@@ -44,41 +44,41 @@ public class XFrameOptionsHttpHeadersWriterTests {
 
 		HttpHeaders headers = exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
+		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
 	}
 
 	@Test
 	public void writeHeadersWhenUsingExplicitDenyThenWritesDeny() {
-		writer.setMode(XFrameOptionsHttpHeadersWriter.Mode.DENY);
+		writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.DENY);
 
 		writer.writeHttpHeaders(exchange);
 
 		HttpHeaders headers = exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
+		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("DENY");
 	}
 
 	@Test
 	public void writeHeadersWhenUsingSameOriginThenWritesSameOrigin() {
-		writer.setMode(XFrameOptionsHttpHeadersWriter.Mode.SAMEORIGIN);
+		writer.setMode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
 
 		writer.writeHttpHeaders(exchange);
 
 		HttpHeaders headers = exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("SAMEORIGIN");
+		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly("SAMEORIGIN");
 	}
 
 	@Test
 	public void writeHeadersWhenAlreadyWrittenThenWritesHeader() {
 		String headerValue = "other";
-		exchange.getResponse().getHeaders().set(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS, headerValue);
+		exchange.getResponse().getHeaders().set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, headerValue);
 
 		writer.writeHttpHeaders(exchange);
 
 		HttpHeaders headers = exchange.getResponse().getHeaders();
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XFrameOptionsHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue);
+		assertThat(headers.get(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS)).containsOnly(headerValue);
 	}
 
 }

webflux/src/test/java/org/springframework/security/web/server/header/XXssProtectionHttpHeadersWriterTests.java → webflux/src/test/java/org/springframework/security/web/server/header/XXssProtectionServerHttpHeadersWriterTests.java

@@ -26,19 +26,19 @@ import org.springframework.web.server.ServerWebExchange;
  * @author Rob Winch
  * @since 5.0
  */
-public class XXssProtectionHttpHeadersWriterTests {
+public class XXssProtectionServerHttpHeadersWriterTests {
 	ServerWebExchange exchange = MockServerHttpRequest.get("/").toExchange();
 
 	HttpHeaders headers = exchange.getResponse().getHeaders();
 
-	XXssProtectionHttpHeadersWriter writer = new XXssProtectionHttpHeadersWriter();
+	XXssProtectionServerHttpHeadersWriter writer = new XXssProtectionServerHttpHeadersWriter();
 
 	@Test
 	public void writeHeadersWhenNoHeadersThenWriteHeaders() {
 		writer.writeHttpHeaders(exchange);
 
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1 ; mode=block");
+		assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1 ; mode=block");
 	}
 
 	@Test
@@ -48,7 +48,7 @@ public class XXssProtectionHttpHeadersWriterTests {
 		writer.writeHttpHeaders(exchange);
 
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1");
+		assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("1");
 	}
 
 	@Test
@@ -58,18 +58,18 @@ public class XXssProtectionHttpHeadersWriterTests {
 		writer.writeHttpHeaders(exchange);
 
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
+		assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly("0");
 	}
 
 	@Test
 	public void writeHeadersWhenHeaderWrittenThenDoesNotOverrride() {
 		String headerValue = "value";
-		headers.set(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION, headerValue);
+		headers.set(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, headerValue);
 
 		writer.writeHttpHeaders(exchange);
 
 		assertThat(headers).hasSize(1);
-		assertThat(headers.get(XXssProtectionHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue);
+		assertThat(headers.get(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION)).containsOnly(headerValue);
 	}
 
 }