List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity authorizeRequests
public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests() throws Exception
From source file:com.juliuskrah.multipart.security.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/u/**").authenticated().and().formLogin() .loginPage("/login").permitAll().and().rememberMe().userDetailsService(userDetailsService).and() .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll(); // @formatter:on }
From source file:de.dominikschadow.javasecurity.sessionhandling.spring.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.authorizeRequests().antMatchers("/*", "/javax.faces.resource/**").permitAll().antMatchers("/user/**") .hasAnyRole("USER", "ADMIN").antMatchers("/admin/**").hasRole("ADMIN").and().formLogin().and() .logout().logoutUrl("/logout").logoutSuccessUrl("/logout.xhtml"); // @formatter:on }
From source file:com.marklogic.samplestack.security.ApplicationSecurity.java
@Override /**/* ww w .j a v a2s. c o m*/ * Standard practice in Spring Security is to provide * this implementation method for building security. This method * configures the endpoints' security characteristics. * @param http Security object projided by the framework. */ protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers(HttpMethod.GET, "/session", "/questions/**", "/tags/**").permitAll() .and().authorizeRequests().antMatchers(HttpMethod.POST, "/search").permitAll().and() .authorizeRequests().antMatchers("/questions/**", "/contributors/**").authenticated().and() .authorizeRequests().anyRequest().denyAll(); http.formLogin().failureHandler(failureHandler).successHandler(successHandler).permitAll().and().logout() .logoutSuccessHandler(logoutSuccessHandler).permitAll(); http.csrf().disable(); http.exceptionHandling().authenticationEntryPoint(entryPoint) .accessDeniedHandler(samplestackAccessDeniedHandler); }
From source file:com.tamnd.app.config.security.SpringSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http // .httpBasic() // .authenticationEntryPoint(authorizeHandler) // .and() .authorizeRequests().antMatchers("/static/**", "/favicon.ico", "/app/**").permitAll() .antMatchers("/", "/test").permitAll().antMatchers(HttpMethod.POST, "/rest/accounts").permitAll() .anyRequest().authenticated().and().addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class) .formLogin().defaultSuccessUrl(Common.DEFAULT_URL).loginProcessingUrl("/login") .loginPage(Common.LOGIN_URL).successHandler(authSuccess).failureHandler(authFailure).permitAll() .and().httpBasic().and().logout().logoutSuccessHandler(logoutSuccess).deleteCookies("JSESSIONID") .invalidateHttpSession(true).permitAll().and() // .csrf().disable() .csrf().csrfTokenRepository(csrfTokenRepository()).and().exceptionHandling() .authenticationEntryPoint(unauthorizeHandler).and().sessionManagement() .invalidSessionUrl(Common.DEFAULT_URL).maximumSessions(1); //Enable HTTPS Channel // if ("true".equals(System.getProperty("httpsOnly"))) { // http.requiresChannel().anyRequest().requiresSecure(); // }// w w w . java 2 s . co m }
From source file:net.thewaffleshop.nimbus.security.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // force security on all URLs http.authorizeRequests().antMatchers("/authenticationFailure").permitAll().antMatchers("/register") .permitAll().antMatchers("/webjarslocator/**").permitAll().anyRequest().hasRole("USER"); // configure login http.formLogin().loginPage("/").failureHandler(forwardingAuthenticationHandler()) .successHandler(forwardingAuthenticationHandler()).loginProcessingUrl("/authenticate") .usernameParameter("userName").passwordParameter("password").permitAll(); }
From source file:org.shaigor.rest.retro.security.gateway.config.OAuth2SecurityConfigurer.java
@Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/login.jsp").permitAll().and().authorizeRequests() .expressionHandler(expressionHandler).anyRequest().hasRole("USER").and().authorizeRequests() .regexMatchers(HttpMethod.GET, "/word/list(\\?.*)?") .access("#oauth2.hasScope('words') and hasRole('ROLE_USER') " //+ "and hasAnyRole('"+ ROLE_WORDS_DEMO +"','" + ROLE_WORDS_PRODUCTION +"') " + "and #wordsServiceAuthorizer.accessAllowed()") .and().exceptionHandling().accessDeniedPage("/login.jsp?authorization_error=true").and() // TODO: put CSRF protection back into this endpoint .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable() .logout().logoutSuccessUrl("/index.jsp").logoutUrl("/logout.do").and().formLogin() .usernameParameter("j_username").passwordParameter("j_password") .failureUrl("/login.jsp?authentication_error=true").loginPage("/login.jsp") .loginProcessingUrl("/j_spring_security_check"); }
From source file:no.ntnu.okse.web.WebSecurityConfig.java
/** * Defines rules and access for http-requests * * @param http A HttpSecurity instance// w ww . j a v a 2s . c o m * @throws Exception general exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/", "/js/**", "/gfx/*", "/css/**", "/fonts/**").permitAll() .anyRequest().authenticated().and().formLogin().loginProcessingUrl("/auth/login").loginPage("/") .usernameParameter("username").passwordParameter("password").permitAll().and().logout() .logoutUrl("/auth/logout").permitAll().and().csrf(); }
From source file:br.com.joaops.smt.configuration.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/").authenticated().antMatchers("/login/*").permitAll() .antMatchers("/logout/*").permitAll().antMatchers("/system/user").hasRole("SYSTEM_USER_READ") .antMatchers("/system/user/add").hasRole("SYSTEM_USER_ADD").antMatchers("/system/user/save") .hasRole("SYSTEM_USER_ADD").antMatchers("/system/user/edit/*").hasRole("SYSTEM_USER_EDIT") .antMatchers("/system/user/update").hasRole("SYSTEM_USER_EDIT").antMatchers("/system/user/delete/*") .hasRole("SYSTEM_USER_DELETE").antMatchers("/system/module").hasRole("SYSTEM_MODULE_READ") .antMatchers("/system/module/add").hasRole("SYSTEM_MODULE_ADD").antMatchers("/system/module/save") .hasRole("SYSTEM_MODULE_ADD").antMatchers("/system/module/edit/*").hasRole("SYSTEM_MODULE_EDIT") .antMatchers("/system/module/update").hasRole("SYSTEM_MODULE_EDIT") .antMatchers("/system/module/delete/*").hasRole("SYSTEM_MODULE_DELETE") .antMatchers("/system/permission").hasRole("SYSTEM_PERMISSION_READ") .antMatchers("/system/permission/add").hasRole("SYSTEM_PERMISSION_ADD") .antMatchers("/system/permission/save").hasRole("SYSTEM_PERMISSION_ADD") .antMatchers("/system/permission/edit/*").hasRole("SYSTEM_PERMISSION_EDIT") .antMatchers("/system/permission/update").hasRole("SYSTEM_PERMISSION_EDIT") .antMatchers("/system/permission/delete/*").hasRole("SYSTEM_PERMISSION_DELETE").anyRequest() .authenticated();// ww w. j av a2 s .c om http.formLogin().loginPage("/login").loginProcessingUrl("/login/check").failureUrl("/login/error") .defaultSuccessUrl("/", true).usernameParameter("username").passwordParameter("password") .permitAll(); http.logout().logoutUrl("/logout").logoutSuccessUrl("/login").invalidateHttpSession(true) .deleteCookies("JSESSIONID"); http.sessionManagement().maximumSessions(1).and().sessionFixation().newSession(); }
From source file:io.getlime.security.powerauth.app.rest.api.spring.configuration.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().disable();//from w ww . j a v a2 s. co m http.csrf().disable(); http.authorizeRequests().antMatchers("/secured/**").fullyAuthenticated(); http.exceptionHandling().authenticationEntryPoint(apiAuthenticationEntryPoint); }
From source file:org.meruvian.yama.webapi.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/oauth/authorize").fullyAuthenticated() .and().formLogin().loginPage(LOGIN_PAGE_URL).loginProcessingUrl(LOGIN_PROCESSING_URL) .usernameParameter("username").passwordParameter("password").defaultSuccessUrl(LOGIN_SUCCESS_URL) .failureUrl(LOGIN_FAILURE_URL).and().logout().logoutUrl(LOGOUT_URL) .logoutSuccessUrl(LOGOUT_SUCCESS_URL).invalidateHttpSession(true).and().rememberMe() .userDetailsService(userDetailsService).and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and().csrf() .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable(); }