List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity anonymous
public AnonymousConfigurer<HttpSecurity> anonymous() throws Exception
From source file:io.curly.gathering.ResourceServerConfig.java
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/lists").authorizeRequests().antMatchers("/lists").authenticated(); }
From source file:io.curly.artifact.OAuth2ResourceConfig.java
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/artifacts/**").authorizeRequests() .antMatchers(HttpMethod.GET, "/artifacts/owned").authenticated() .antMatchers(HttpMethod.GET, "/artifacts/**").permitAll().anyRequest().authenticated(); }
From source file:io.curly.advisor.OAuth2ResourceConfig.java
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/reviews/**").authorizeRequests() .antMatchers(HttpMethod.GET, "/reviews/owned").authenticated() .antMatchers(HttpMethod.GET, "/reviews/owned/{review}").authenticated() .antMatchers(HttpMethod.GET, "/reviews/artifact/{artifact}").permitAll() .antMatchers(HttpMethod.GET, "/reviews/**").permitAll().anyRequest().authenticated(); }
From source file:org.oesf.eque.web.security.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .anonymous().authorities("ROLE_GUEST") // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .and().authorizeRequests().antMatchers(ROOT, "/home").permitAll().antMatchers("/static/**") .permitAll().antMatchers("/admin/**").hasRole("ADMIN").anyRequest().hasAnyRole("USER", "ADMIN") // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // .and().sessionManagement(). ... // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .and().formLogin().permitAll() // .loginPage("/login").permitAll() // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .and().httpBasic()/* w w w. j a va 2 s . com*/ // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .and().logout().logoutSuccessUrl(ROOT).permitAll() //.logoutUrl("/logout").permitAll() ; }
From source file:org.shaigor.rest.retro.client.config.ClientSecurityConfigurer.java
@Override protected void configure(HttpSecurity http) throws Exception { http.anonymous().disable().authorizeRequests().anyRequest().fullyAuthenticated().and().logout() .logoutSuccessUrl("/index.jsp").logoutUrl("/logout.do").invalidateHttpSession(true).and() .exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler()); }
From source file:org.devgateway.toolkit.forms.FormsSecurityConfig.java
@Override protected void configure(final HttpSecurity http) throws Exception { super.configure(http); // we do not allow anyonymous token. When // enabled this basically means any guest // user will have an annoymous default role http.anonymous().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER). //we let Wicket create and manage sessions, so we disable //session creation by spring and().csrf().disable(); // csrf protection interferes with some wicket stuff // we enable http rememberMe cookie for autologin // http.rememberMe().key(UNIQUE_SECRET_REMEMBER_ME_KEY); // resolved the error Refused to display * in a frame because it set // 'X-Frame-Options' to 'DENY'. http.headers().contentTypeOptions().and().xssProtection().and().cacheControl().and() .httpStrictTransportSecurity().and().frameOptions().sameOrigin(); }
From source file:org.apache.nifi.minifi.c2.security.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.rememberMe().disable().authorizeRequests().anyRequest().fullyAuthenticated().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.addFilterBefore(x509AuthenticationFilter, AnonymousAuthenticationFilter.class); http.anonymous().authenticationFilter(c2AnonymousAuthenticationFilter); }
From source file:org.italiangrid.storm.webdav.spring.web.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { final List<GrantedAuthority> anonymousAccessPermissions = new ArrayList<GrantedAuthority>(); for (StorageAreaInfo sa : saConfiguration.getStorageAreaInfo()) { if (sa.anonymousReadEnabled()) { anonymousAccessPermissions.add(SAPermission.canRead(sa.name())); }/*from w w w . j ava2 s . co m*/ } VOMSAuthenticationProvider prov = new VOMSAuthenticationProvider(); http.csrf().disable(); http.authenticationProvider(prov).addFilter(buildVOMSAuthenticationFilter(prov)); if (!anonymousAccessPermissions.isEmpty()) { http.anonymous().authorities(anonymousAccessPermissions); } if (serviceConfiguration.isAuthorizationDisabled()) { http.authorizeRequests().anyRequest().permitAll(); } else { http.authorizeRequests().accessDecisionManager(accessDecisionManager()); addAccessRules(http); } }
From source file:org.openlmis.notification.ResourceServerSecurityConfiguration.java
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new OncePerRequestFilter() { @Override/* w w w. j a v a 2s. c om*/ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // We don't want to allow access to a resource with no token so clear // the security context in case it is actually an OAuth2Authentication if (tokenExtractor.extract(request) == null) { SecurityContextHolder.clearContext(); } filterChain.doFilter(request, response); } }, AbstractPreAuthenticatedProcessingFilter.class); http.csrf().disable(); http.anonymous().and().authorizeRequests() .antMatchers("/notification", "/webjars/**", "/notification/webjars/**", "/notification/docs/**") .permitAll().antMatchers("/**").fullyAuthenticated(); }