List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity addFilterBefore
public HttpSecurity addFilterBefore(Filter filter, Class<? extends Filter> beforeFilter)
From source file:sample.config.security.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class).csrf().disable().authorizeRequests() .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()//allow CORS option calls .anyRequest().authenticated().and().logout().permitAll().and().httpBasic(); }
From source file:de.msg.security.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterBefore(ssoFilter(), RequestHeaderAuthenticationFilter.class) .authenticationProvider(preAuthAuthProvider()).csrf().disable().authorizeRequests().anyRequest() .authenticated();//from www .j av a 2 s .c o m }
From source file:be.bittich.quote.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http //.addFilterBefore(new SimpleCORSFilter(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterBefore(new SimpleCORSFilter(), ChannelProcessingFilter.class) .addFilterBefore(authenticationProcessFilter, LogoutFilter.class).csrf().disable().httpBasic() .authenticationEntryPoint(unauthorizedEntryPoint).realmName("Protected API").and() .exceptionHandling().accessDeniedHandler(customAccessDeniedHandler).and().sessionManagement() .sessionCreationPolicy(STATELESS).and().authorizeRequests() //Authentication .antMatchers("/auth/login").anonymous().antMatchers("/auth/current").authenticated() //Quote .antMatchers("/quote/random", "/quote/list", "/quote/get/**", "/quote/count").permitAll() .antMatchers("/quote/create").hasAnyRole("ADMIN", "USER") //Author .antMatchers("/author/autocomplete", "/author/list", "/author/get/**").permitAll() .antMatchers("/author/create").hasAnyRole("ADMIN", "USER").anyRequest().authenticated(); }
From source file:com.cfitzarl.cfjwed.core.security.SecurityConfigurationContainer.java
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterBefore(authenticationProcessingFilter, ExceptionTranslationFilter.class) .addFilterAfter(csrfValidatingFilter, authenticationProcessingFilter.getClass()).exceptionHandling() .accessDeniedHandler(pointHandler).authenticationEntryPoint(pointHandler).and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.NEVER).and().securityContext() .securityContextRepository(securityContextRepository).and().csrf().disable().authorizeRequests() .antMatchers("/api/accounts/data").permitAll().antMatchers("/api/activations/**").permitAll() .antMatchers("/api/health").permitAll().antMatchers("/**").fullyAuthenticated(); }
From source file:com.boxedfolder.carrot.config.security.xauth.XAuthTokenConfigurer.java
@Override public void configure(HttpSecurity http) throws Exception { XAuthTokenFilter customFilter = new XAuthTokenFilter(detailsService); http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class); }
From source file:com.isalnikov.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterBefore(authorizationFilter(), UserAuthorizationFilter.class); http.authorizeRequests()/*from w w w .ja va 2 s. co m*/ //http://www.webremeslo.ru/html/glava10.html .antMatchers("/page**").permitAll() .antMatchers("/login").permitAll().antMatchers("/user").hasRole("USER").antMatchers("/csrf") .hasRole("USER").anyRequest().authenticated().and().formLogin() // default login jsp //.failureUrl("/login") //.failureHandler((new SimpleUrlAuthenticationFailureHandler()) .permitAll().and().logout() //default logout jsp .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) // .deleteCookies("JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE") .permitAll(); http.sessionManagement().maximumSessions(1).and().invalidSessionUrl("/login"); // http // .headers() // .frameOptions().sameOrigin() // .httpStrictTransportSecurity().disable(); //http.exceptionHandling().authenticationEntryPoint(null); http.headers().addHeaderWriter(new StaticHeadersWriter("X-Content-Security-Policy", "default-src 'self'")) .addHeaderWriter(new StaticHeadersWriter("X-WebKit-CSP", "default-src 'self'")); }
From source file:org.ng200.openolympus.WebSecurityConfig.java
@Override protected void configure(final HttpSecurity http) throws Exception { http.addFilterBefore(this.characterEncodingFilter(), ChannelProcessingFilter.class).csrf().disable() .headers().xssProtection().and().formLogin().loginPage("/login").failureUrl("/login-failure") .loginProcessingUrl("/login").usernameParameter("username").passwordParameter("password") .permitAll().and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/").permitAll().and().rememberMe().rememberMeServices(this.rememberMeServices()) .tokenRepository(this.persistentTokenRepository).key(this.persistentTokenKey).and() .authorizeRequests().antMatchers(WebSecurityConfig.permittedAny).permitAll().and() .authorizeRequests().antMatchers(HttpMethod.POST, WebSecurityConfig.authorisedPost).authenticated() .and().authorizeRequests().antMatchers(HttpMethod.GET, WebSecurityConfig.authorisedGet) .authenticated().and().authorizeRequests() .antMatchers(HttpMethod.GET, WebSecurityConfig.permittedGet).permitAll().and().authorizeRequests() .antMatchers(WebSecurityConfig.administrativeAny).hasAuthority(Role.SUPERUSER).and().httpBasic(); }
From source file:de.metas.ui.web.config.SecurityConfig.java
@Override protected void configure(final HttpSecurity http) throws Exception { //@formatter:off http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class) .csrf().disable() // FIXME: disabled for now... need to figure out how to configure with REST .authorizeRequests()/*from w w w.ja v a 2 s . c om*/ // // Swagger-UI .antMatchers("/swagger-ui.html", "/v2/api-docs", "/swagger-resources/**", "/webjars/springfox-swagger-ui/**", "/configuration/**") .permitAll() // // Login .antMatchers("/rest/api/login/auth").permitAll() // // Others .anyRequest().permitAll() // FIXME: until we really implement the spring security it's better to permit ALL // .authenticated() // // .and() // .httpBasic() ; //@formatter:on }
From source file:org.jimsey.projects.turbine.condenser.security.SecuritySetup.java
@Override protected void configure(HttpSecurity http) throws Exception { // // http://stackoverflow.com/questions/31724994/spring-data-rest-and-cors http.addFilterBefore(newCorsFilter(), ChannelProcessingFilter.class).httpBasic().and().authorizeRequests() // .antMatchers("/index.html", "/home.html", "/login.html", "/", "turbine/**", "/user") // .permitAll() .anyRequest().hasAnyRole("USER") // .authenticated() .and().csrf().csrfTokenRepository(newCsrfTokenRepository()).and() .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class); }
From source file:hu.petabyte.redflags.web.cfg.SecurityRoles.java
@Override protected void configure(HttpSecurity http) throws Exception { CharacterEncodingFilter filter = new CharacterEncodingFilter(); filter.setEncoding("UTF-8"); filter.setForceEncoding(true);/*from ww w . j av a2s .c o m*/ http.addFilterBefore(new LoginCaptchaFilter(security), CsrfFilter.class) // .authorizeRequests() // .antMatchers(// // resources "/css/**", // "/doc/**", // "/img/**", // "/js/**", // "/favicon.ico", // "/robots.txt", // // public pages "/", // "/activate/**", // "/change-password/**", // "/chart/**", // "/forgot", // "/login", // "/register", // "/send-filter-emails", // "/version"// "/send-test-email" ).permitAll() // .anyRequest().authenticated().and() // .formLogin().loginPage("/login").permitAll().and() // .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).deleteCookies("remember-me") .logoutSuccessUrl("/login").permitAll().and() // .rememberMe().tokenValiditySeconds(60 * 60 * 24 * 30).tokenRepository(persistentTokenRepository()); }