How to add X-Frame-Options to just some responses in Spring Security 3.2 -

i add x-frame-options header pages in spring application. spring security 3.2 offers nice capability add header responses via <headers> <frame-options /> </headers> configuration.

but possible exclude header paths? considered subclassing xframeoptionsheaderwriter , path regexp matching inside, seems bit ugly. maybe there more convenient way accomplish this?

i found out how xml configuration:

<http>     <headers>         <header ref="xframeoptionsheaderwriter" />     </headers> </http>   <beans:bean id="xframeoptionsheaderwriter" class="org.springframework.security.web.header.writers.delegatingrequestmatcherheaderwriter">     <!-- argument 1: requestmatcher. matcher match paths. -->     <beans:constructor-arg>          <beans:bean class="org.springframework.security.web.util.matcher.negatedrequestmatcher">             <beans:constructor-arg>                 <beans:bean class="org.springframework.security.web.util.matcher.orrequestmatcher">                     <beans:constructor-arg>                         <beans:list>                             <beans:bean class="org.springframework.security.web.util.matcher.antpathrequestmatcher" c:pattern="/**/some-path/**" />                             <beans:bean class="org.springframework.security.web.util.matcher.antpathrequestmatcher" c:pattern="/**/another-path/**" />                         </beans:list>                     </beans:constructor-arg>                 </beans:bean>             </beans:constructor-arg>         </beans:bean>     </beans:constructor-arg>      <!-- argument 2: headerwriter -->     <beans:constructor-arg>         <beans:bean  class="org.springframework.security.web.header.writers.frameoptions.xframeoptionsheaderwriter" c:frameoptionsmode="sameorigin" />     </beans:constructor-arg> </beans:bean>