List of usage examples for org.springframework.boot.actuate.autoconfigure.security.servlet EndpointRequest toAnyEndpoint
public static EndpointRequestMatcher toAnyEndpoint()
From source file:com.netflix.genie.security.saml.SAMLConfig.java
/** * Defines the web based security configuration. * * @param http It allows configuring web based security for specific http requests. * @throws Exception on any error/*from w w w .j a v a 2 s . c o m*/ */ @Override protected void configure(final HttpSecurity http) throws Exception { // @formatter:off http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.antMatcher("/**").authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll() .antMatchers("/api/**").permitAll().antMatchers("/error").permitAll().antMatchers("/saml/**") .permitAll().anyRequest().authenticated().and().x509() .authenticationUserDetailsService(this.x509UserDetailsService); http.logout().logoutSuccessUrl("/"); // @formatter:on }
From source file:org.flowable.rest.conf.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { HttpSecurity httpSecurity = http.authenticationProvider(authenticationProvider()).sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().csrf().disable(); // Swagger docs if (isSwaggerDocsEnabled()) { httpSecurity.authorizeRequests().antMatchers("/docs/**").permitAll(); } else {/*from ww w .jav a 2 s . c om*/ httpSecurity.authorizeRequests().antMatchers("/docs/**").denyAll(); } httpSecurity.authorizeRequests() .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated() .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(SecurityConstants.ACCESS_ADMIN); // Rest API access if (isVerifyRestApiPrivilege()) { httpSecurity.authorizeRequests().anyRequest().hasAuthority(SecurityConstants.PRIVILEGE_ACCESS_REST_API) .and().httpBasic(); } else { httpSecurity.authorizeRequests().anyRequest().authenticated().and().httpBasic(); } }