Example usage for org.springframework.security.config.annotation.web.builders HttpSecurity addFilterAfter

List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity addFilterAfter

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.config.annotation.web.builders.*
  5. HttpSecurity
  6. addFilterAfter

Introduction

In this page you can find the example usage for org.springframework.security.config.annotation.web.builders HttpSecurity addFilterAfter.

Prototype

public HttpSecurity addFilterAfter(Filter filter, Class<? extends Filter> afterFilter)

Source Link

Usage

From source file:com.gopivotal.cla.security.SecurityConfiguration.java

private static HttpSecurity ssoHttpConfiguration(HttpSecurity http, OAuth2ClientContextFilter client)
        throws Exception {
    // @formatter:off
    http.addFilterAfter(client, ExceptionTranslationFilter.class).anonymous().disable().logout()
            .logoutUrl("/logout").logoutSuccessUrl("/");
    // @formatter:on

    return http;// w  ww.ja v  a  2s .co  m
}

From source file:com.olegchir.wicket_spring_security_example.init.SpringSecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.addFilterAfter(new CsrfTokenFilter(), CsrfFilter.class).formLogin().loginPage("/login").permitAll()
            .and().logout().deleteCookies("remove").invalidateHttpSession(true).logoutUrl("/logout")
            .logoutSuccessUrl("/logout_success")
            //http://stackoverflow.com/questions/24108585/spring-security-java-config-not-generating-logout-url
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).and().authorizeRequests()
            .antMatchers("/favicon.ico").permitAll().antMatchers("/logout_success").permitAll()
            .antMatchers("/**").hasRole("USER");
}

From source file:het.springapp.security.SecurityAdapter.java

protected void configure(HttpSecurity http) throws Exception {

    http.addFilterAfter(new CsrfTokenGeneratorFilter(), CsrfFilter.class).authorizeRequests()
            .antMatchers("/resources/js/**", "/resources/css/**", "/font/**", "/fonts/**").permitAll()
            .antMatchers("/logout").authenticated().and().formLogin().loginProcessingUrl("/coreapp6/login")
            .and().formLogin().failureUrl("/coreapp6/login?error").loginPage("/").permitAll()
            .isCustomLoginPage();/*  w  ww .j  av  a 2 s  .  c o  m*/

}

From source file:org.openlmis.notification.ResourceServerSecurityConfiguration.java

@Override
public void configure(HttpSecurity http) throws Exception {
    http.addFilterAfter(new OncePerRequestFilter() {
        @Override//from  www  .  j  a  va  2  s. c  o  m
        protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
                FilterChain filterChain) throws ServletException, IOException {
            // We don't want to allow access to a resource with no token so clear
            // the security context in case it is actually an OAuth2Authentication
            if (tokenExtractor.extract(request) == null) {
                SecurityContextHolder.clearContext();
            }
            filterChain.doFilter(request, response);
        }
    }, AbstractPreAuthenticatedProcessingFilter.class);
    http.csrf().disable();

    http.anonymous().and().authorizeRequests()
            .antMatchers("/notification", "/webjars/**", "/notification/webjars/**", "/notification/docs/**")
            .permitAll().antMatchers("/**").fullyAuthenticated();
}

From source file:org.openlmis.fulfillment.security.ResourceServerSecurityConfiguration.java

@Override
public void configure(HttpSecurity http) throws Exception {
    http.addFilterAfter(new OncePerRequestFilter() {
        @Override/*from  w  w  w  . ja v  a  2  s . c  om*/
        protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
                FilterChain filterChain) throws ServletException, IOException {
            // We don't want to allow access to a resource with no token so clear
            // the security context in case it is actually an OAuth2Authentication
            if (tokenExtractor.extract(request) == null) {
                SecurityContextHolder.clearContext();
            }
            filterChain.doFilter(request, response);
        }
    }, AbstractPreAuthenticatedProcessingFilter.class);
    http.csrf().disable();

    http.authorizeRequests()
            .antMatchers("/fulfillment", "/webjars/**", "/fulfillment/webjars/**", "/fulfillment/docs/**")
            .permitAll().antMatchers("/**").fullyAuthenticated();
}

From source file:jp.pigumer.security.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated();
    http.addFilterAfter(exampleFilter(), BasicAuthenticationFilter.class);
    http.csrf().disable();//  w ww  .j a  v  a 2s . co  m
}

From source file:jp.pigumer.app.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated();
    http.addFilterAfter(authenticationFilter(), BasicAuthenticationFilter.class);
    http.csrf().disable();/*from   ww  w  .j a  v a  2 s . co  m*/
}

From source file:com.allanditzel.dashboard.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    CsrfTokenResponseHeaderBindingFilter csrfFilter = csrfTokenResponseHeaderBindingFilter();

    http.addFilterAfter(csrfFilter, CsrfFilter.class).headers().cacheControl().xssProtection().and()
            .authorizeRequests().antMatchers("/static/bower_components/**").permitAll()
            .antMatchers("/static/login*.js").permitAll().antMatchers("/static/login*.css").permitAll()
            .antMatchers("/static/dashboard*.js").authenticated().antMatchers("/static/dashboard*.css")
            .authenticated().antMatchers("/static/DashboardApp/**").authenticated().anyRequest().authenticated()
            .and().formLogin().loginPage("/index.html").defaultSuccessUrl("/home.html", true)
            .successHandler(localUserPersistingAuthenticationSuccessHandler())
            .failureHandler(new SimpleUrlAuthenticationFailureHandler()).permitAll().and().logout()
            .logoutUrl("/logout").logoutSuccessUrl("/index.html").invalidateHttpSession(true).and()
            .requiresChannel().anyRequest().requiresSecure();
}

From source file:de.pksoftware.springstrap.core.config.WebSecurityConfigBase.java

/**
 * Adds an authentication processing filter to the spring security filter chain.
 * @param http//from ww  w .j  a va 2 s. co m
 * @param filter
 */
protected void addAuthenticationProcessingFilter(HttpSecurity http,
        AbstractAuthenticationProcessingFilter filter) {
    http.addFilterAfter(filter, OAuth2ClientContextFilter.class);
}

From source file:de.pksoftware.springstrap.core.config.WebSecurityConfigBase.java

protected void configureAuthenticationFilters(HttpSecurity http) {
    //Add a OAuth2ClientContextFilter to the filter chain.
    http.addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class);
}