List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity addFilterBefore
public HttpSecurity addFilterBefore(Filter filter, Class<? extends Filter> beforeFilter)
From source file:jp.pigumer.sso.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable();/*from w ww . j a v a2 s. c o m*/ http.authorizeRequests().antMatchers("/", "/saml/**").permitAll().anyRequest().authenticated(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.logout().logoutSuccessUrl("/"); }
From source file:com.naveen.demo.config.Saml2SSOConfig.java
/** * Defines the web based security configuration. * /* w w w.java2s .c o m*/ * @param http It allows configuring web based security for specific http requests. * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/js/**", "/libs/**", "/login**").permitAll(); http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.antMatcher("/login/**").authorizeRequests().anyRequest().authenticated(); /* http .authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/error").permitAll() .antMatchers("/saml/**").permitAll() .anyRequest().authenticated();*/ http.logout().logoutSuccessUrl("/"); }
From source file:com.netflix.genie.web.security.saml.SAMLConfig.java
/** * Defines the web based security configuration. * * @param http It allows configuring web based security for specific http requests. * @throws Exception on any error/*from www . ja v a 2 s . co m*/ */ @Override protected void configure(final HttpSecurity http) throws Exception { // @formatter:off http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.antMatcher("/**").authorizeRequests().antMatchers("/actuator/**").permitAll().antMatchers("/api/**") .permitAll().antMatchers("/error").permitAll().antMatchers("/saml/**").permitAll().anyRequest() .authenticated().and().x509().authenticationUserDetailsService(this.x509UserDetailsService); http.logout().logoutSuccessUrl("/"); // @formatter:on }
From source file:com.netflix.genie.security.saml.SAMLConfig.java
/** * Defines the web based security configuration. * * @param http It allows configuring web based security for specific http requests. * @throws Exception on any error/*from w w w. j ava 2 s . com*/ */ @Override protected void configure(final HttpSecurity http) throws Exception { // @formatter:off http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.antMatcher("/**").authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll() .antMatchers("/api/**").permitAll().antMatchers("/error").permitAll().antMatchers("/saml/**") .permitAll().anyRequest().authenticated().and().x509() .authenticationUserDetailsService(this.x509UserDetailsService); http.logout().logoutSuccessUrl("/"); // @formatter:on }
From source file:org.createnet.raptor.auth.service.JWTWebSecurityConfigurationAdapter.java
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity// w w w . j a va2 s.c om // we don't need CSRF because our token is invulnerable .csrf().disable().exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() // don't create session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().cors().and() .authorizeRequests().antMatchers(authenticationPath).permitAll().antMatchers(authenticationRefresh) .permitAll().antMatchers("/v2/api-docs").permitAll() // keep this method private to allow sync beetween api and auth .antMatchers("/sync").hasIpAddress("127.0.0.1").anyRequest().authenticated(); // Custom JWT based security filter httpSecurity.addFilterBefore(authenticationTokenFilterBean(), JsonUsernamePasswordFilter.class); // disable page caching httpSecurity.headers().cacheControl(); }
From source file:ch.ge.ve.protopoc.config.WebSecurityConfigurer.java
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity//from ww w . j av a 2s. c o m // don't create session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() // restrict access for some URLs .authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll() .antMatchers("/api/accounts/*").denyAll().antMatchers("/auth/login").permitAll().antMatchers("/") .permitAll().anyRequest().fullyAuthenticated().and() // JWT tokens are immune to CSRF, // see http://stackoverflow.com/questions/21357182/csrf-token-necessary-when-using-stateless-sessionless-authentication .csrf().disable(); // Custom JWT based security filter httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class); // disable page caching httpSecurity.headers().cacheControl(); }
From source file:com.organization.projectname.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity/*from w w w .j a va2 s.c o m*/ // we don't need CSRF because our token is invulnerable .csrf().disable().exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() // don't create session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests() //.antMatchers(HttpMethod.OPTIONS, "/**").permitAll() // allow anonymous resource requests .antMatchers(HttpMethod.GET, "/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js") .permitAll().antMatchers("/api/v1/auth").permitAll().antMatchers("/api/v1/").permitAll() .antMatchers("/api/v1/admin").hasRole("ADMIN").anyRequest().authenticated(); // Custom JWT based security filter httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class); // disable page caching httpSecurity.headers().cacheControl(); }
From source file:it.infn.mw.iam.config.saml.SamlConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { String pattern = "/saml/**"; http.antMatcher(pattern);/* www . j a v a2s . c o m*/ http.csrf().ignoringAntMatchers(pattern); http.authorizeRequests().antMatchers(pattern).permitAll(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); }
From source file:org.drugis.addis.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { String[] whitelist = { "/", "/trialverse", "/trialverse/**", "/patavi", // allow POST mcda models anonymously "/favicon.ico", "/favicon.png", "/app/**", "/auth/**", "/signin", "/signup", "/**/modal/*.html", "/manual.html" }; // Disable CSFR protection on the following urls: List<AntPathRequestMatcher> requestMatchers = Arrays.asList(whitelist).stream() .map(AntPathRequestMatcher::new).collect(Collectors.toList()); CookieCsrfTokenRepository csrfTokenRepository = new CookieCsrfTokenRepository(); csrfTokenRepository.setCookieHttpOnly(false); http.formLogin().loginPage("/signin").loginProcessingUrl("/signin/authenticate") .failureUrl("/signin?param.error=bad_credentials").and().authorizeRequests().antMatchers(whitelist) .permitAll().antMatchers(HttpMethod.GET, "/**").permitAll().antMatchers(HttpMethod.POST, "/**") .authenticated().antMatchers(HttpMethod.PUT, "/**").authenticated() .antMatchers(HttpMethod.DELETE, "/**").authenticated().and().rememberMe().and().exceptionHandling() .authenticationEntryPoint(new Http403ForbiddenEntryPoint()).and() .apply(new SpringSocialConfigurer().alwaysUsePostLoginUrl(false)).and().csrf() .csrfTokenRepository(csrfTokenRepository) .requireCsrfProtectionMatcher( request -> !(requestMatchers.stream().anyMatch(matcher -> matcher.matches(request)) || Optional.fromNullable(request.getHeader("X-Auth-Application-Key")).isPresent() || HttpMethod.GET.toString().equals(request.getMethod()))) .and().setSharedObject(ApplicationContext.class, context); http.addFilterBefore(new AuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class); }