List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity addFilterAfter
public HttpSecurity addFilterAfter(Filter filter, Class<? extends Filter> afterFilter)
From source file:com.gopivotal.cla.security.SecurityConfiguration.java
private static HttpSecurity ssoHttpConfiguration(HttpSecurity http, OAuth2ClientContextFilter client) throws Exception { // @formatter:off http.addFilterAfter(client, ExceptionTranslationFilter.class).anonymous().disable().logout() .logoutUrl("/logout").logoutSuccessUrl("/"); // @formatter:on return http;// w ww.ja v a 2s .co m }
From source file:com.olegchir.wicket_spring_security_example.init.SpringSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new CsrfTokenFilter(), CsrfFilter.class).formLogin().loginPage("/login").permitAll() .and().logout().deleteCookies("remove").invalidateHttpSession(true).logoutUrl("/logout") .logoutSuccessUrl("/logout_success") //http://stackoverflow.com/questions/24108585/spring-security-java-config-not-generating-logout-url .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).and().authorizeRequests() .antMatchers("/favicon.ico").permitAll().antMatchers("/logout_success").permitAll() .antMatchers("/**").hasRole("USER"); }
From source file:het.springapp.security.SecurityAdapter.java
protected void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new CsrfTokenGeneratorFilter(), CsrfFilter.class).authorizeRequests() .antMatchers("/resources/js/**", "/resources/css/**", "/font/**", "/fonts/**").permitAll() .antMatchers("/logout").authenticated().and().formLogin().loginProcessingUrl("/coreapp6/login") .and().formLogin().failureUrl("/coreapp6/login?error").loginPage("/").permitAll() .isCustomLoginPage();/* w ww .j av a 2 s . c o m*/ }
From source file:org.openlmis.notification.ResourceServerSecurityConfiguration.java
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new OncePerRequestFilter() { @Override//from www . j a va 2 s. c o m protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // We don't want to allow access to a resource with no token so clear // the security context in case it is actually an OAuth2Authentication if (tokenExtractor.extract(request) == null) { SecurityContextHolder.clearContext(); } filterChain.doFilter(request, response); } }, AbstractPreAuthenticatedProcessingFilter.class); http.csrf().disable(); http.anonymous().and().authorizeRequests() .antMatchers("/notification", "/webjars/**", "/notification/webjars/**", "/notification/docs/**") .permitAll().antMatchers("/**").fullyAuthenticated(); }
From source file:org.openlmis.fulfillment.security.ResourceServerSecurityConfiguration.java
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new OncePerRequestFilter() { @Override/*from w w w . ja v a 2 s . c om*/ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // We don't want to allow access to a resource with no token so clear // the security context in case it is actually an OAuth2Authentication if (tokenExtractor.extract(request) == null) { SecurityContextHolder.clearContext(); } filterChain.doFilter(request, response); } }, AbstractPreAuthenticatedProcessingFilter.class); http.csrf().disable(); http.authorizeRequests() .antMatchers("/fulfillment", "/webjars/**", "/fulfillment/webjars/**", "/fulfillment/docs/**") .permitAll().antMatchers("/**").fullyAuthenticated(); }
From source file:jp.pigumer.security.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated(); http.addFilterAfter(exampleFilter(), BasicAuthenticationFilter.class); http.csrf().disable();// w ww .j a v a 2s . co m }
From source file:jp.pigumer.app.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated(); http.addFilterAfter(authenticationFilter(), BasicAuthenticationFilter.class); http.csrf().disable();/*from ww w .j a v a 2 s . co m*/ }
From source file:com.allanditzel.dashboard.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { CsrfTokenResponseHeaderBindingFilter csrfFilter = csrfTokenResponseHeaderBindingFilter(); http.addFilterAfter(csrfFilter, CsrfFilter.class).headers().cacheControl().xssProtection().and() .authorizeRequests().antMatchers("/static/bower_components/**").permitAll() .antMatchers("/static/login*.js").permitAll().antMatchers("/static/login*.css").permitAll() .antMatchers("/static/dashboard*.js").authenticated().antMatchers("/static/dashboard*.css") .authenticated().antMatchers("/static/DashboardApp/**").authenticated().anyRequest().authenticated() .and().formLogin().loginPage("/index.html").defaultSuccessUrl("/home.html", true) .successHandler(localUserPersistingAuthenticationSuccessHandler()) .failureHandler(new SimpleUrlAuthenticationFailureHandler()).permitAll().and().logout() .logoutUrl("/logout").logoutSuccessUrl("/index.html").invalidateHttpSession(true).and() .requiresChannel().anyRequest().requiresSecure(); }
From source file:de.pksoftware.springstrap.core.config.WebSecurityConfigBase.java
/** * Adds an authentication processing filter to the spring security filter chain. * @param http//from ww w .j a va 2 s. co m * @param filter */ protected void addAuthenticationProcessingFilter(HttpSecurity http, AbstractAuthenticationProcessingFilter filter) { http.addFilterAfter(filter, OAuth2ClientContextFilter.class); }
From source file:de.pksoftware.springstrap.core.config.WebSecurityConfigBase.java
protected void configureAuthenticationFilters(HttpSecurity http) { //Add a OAuth2ClientContextFilter to the filter chain. http.addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class); }