List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity authorizeRequests
public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests() throws Exception
From source file:app.igogo.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); //To change body of generated methods, choose Tools | Templates. http.authorizeRequests().antMatchers("/home").permitAll().antMatchers("/admin").hasRole("ADMIN") .anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout() .permitAll();//from w ww. j a va 2s . c om http.exceptionHandling().accessDeniedPage("/403"); }
From source file:shiver.me.timbers.spring.security.integration.JwtCustomPrincipleSecurityConfigurationApply.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.apply(jwt());// w w w .ja v a2s . c o m http.antMatcher("/custom/**"); http.csrf().disable(); http.authorizeRequests().anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/custom/signIn") .permitAll(); http.logout().logoutUrl("/custom/signOut") .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:io.getlime.security.powerauth.app.server.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { if (configuration.getRestrictAccess()) { http.authorizeRequests().antMatchers("/rest/**").authenticated().anyRequest().permitAll().and() .httpBasic().authenticationEntryPoint(authenticationEntryPoint()).and().csrf().disable(); } else {/* w ww.ja v a 2s .co m*/ http.httpBasic().disable().csrf().disable(); } }
From source file:ru.mystamps.web.support.spring.security.SecurityConfig.java
@Override @SuppressWarnings("PMD.SignatureDeclareThrowsException") protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().mvcMatchers(Url.ADD_CATEGORY_PAGE).hasAuthority(StringAuthority.CREATE_CATEGORY) .mvcMatchers(Url.ADD_COUNTRY_PAGE).hasAuthority(StringAuthority.CREATE_COUNTRY) .mvcMatchers(Url.ADD_SERIES_PAGE).hasAuthority(StringAuthority.CREATE_SERIES) .mvcMatchers(Url.SITE_EVENTS_PAGE).hasAuthority(StringAuthority.VIEW_SITE_EVENTS) .regexMatchers(HttpMethod.POST, "/series/[0-9]+") .hasAnyAuthority(StringAuthority.UPDATE_COLLECTION, StringAuthority.ADD_IMAGES_TO_SERIES) .regexMatchers(HttpMethod.POST, Url.ADD_SERIES_ASK_PAGE.replace("{id}", "[0-9]+")) .hasAuthority(StringAuthority.ADD_SERIES_SALES).anyRequest().permitAll().and().formLogin() .loginPage(Url.AUTHENTICATION_PAGE).usernameParameter("login").passwordParameter("password") .loginProcessingUrl(Url.LOGIN_PAGE).failureUrl(Url.AUTHENTICATION_PAGE + "?failed") .defaultSuccessUrl(Url.INDEX_PAGE, true).permitAll().and().logout().logoutUrl(Url.LOGOUT_PAGE) .logoutSuccessUrl(Url.INDEX_PAGE).invalidateHttpSession(true).permitAll().and().exceptionHandling() .accessDeniedHandler(getAccessDeniedHandler()) // This entry point handles when you request a protected page and you are // not yet authenticated .authenticationEntryPoint(new Http403ForbiddenEntryPoint()).and().csrf() // Allow unsecured requests to H2 consoles. .ignoringAntMatchers("/console/**").and().rememberMe() // TODO: GH #27 .disable().headers()/*from www . j a v a 2s. c om*/ // TODO .disable(); }
From source file:org.owasp.webwolf.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security = http .authorizeRequests().antMatchers("/css/**", "/images/**", "/js/**", "/fonts/**", "/webjars/**") .permitAll().antMatchers("/WebWolf/**").authenticated().anyRequest().permitAll(); security.and().csrf().disable().formLogin().loginPage("/login").failureUrl("/login?error=true"); security.and().formLogin().loginPage("/login").defaultSuccessUrl("/WebWolf/home", true).permitAll(); security.and().logout().permitAll(); }
From source file:org.owasp.webgoat.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security = http .authorizeRequests().antMatchers("/css/**", "/images/**", "/js/**", "fonts/**", "/plugins/**") .permitAll().antMatchers("/servlet/AdminServlet/**").hasAnyRole("WEBGOAT_ADMIN", "SERVER_ADMIN") // .antMatchers("/JavaSource/**").hasRole("SERVER_ADMIN") // .anyRequest().hasAnyRole("WEBGOAT_USER", "WEBGOAT_ADMIN", "SERVER_ADMIN"); security.and().formLogin().loginPage("/login").defaultSuccessUrl("/welcome.mvc", true) .usernameParameter("username").passwordParameter("password").permitAll(); security.and().logout().permitAll(); security.and().csrf().disable();//from w w w . jav a2 s .com http.headers().cacheControl().disable(); http.exceptionHandling().authenticationEntryPoint(new AjaxAuthenticationEntryPoint("/login")); }
From source file:shiver.me.timbers.spring.security.integration.JwtAnnotationSecurityConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(STATELESS); http.antMatcher("/jwt/**"); http.csrf().disable();//from w w w. j av a 2 s .com http.authorizeRequests().antMatchers("/jwt/one").access("hasRole('ONE')").antMatchers("/jwt/two") .access("hasRole('TWO')").anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/jwt/signIn") .permitAll(); http.logout().logoutUrl("/jwt/signOut").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:de.dominikschadow.duke.encounters.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.authorizeRequests().antMatchers("/", "/register", "/encounters", "/search", "/error").permitAll() .antMatchers("/admin/**").hasRole("ADMIN").anyRequest().authenticated().and().formLogin() .loginPage("/login").defaultSuccessUrl("/account").permitAll().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).and().logout() .logoutSuccessUrl("/").permitAll().and().rememberMe().and().securityContext() .securityContextRepository(securityContextRepository).and().headers() .addHeaderWriter(new StaticHeadersWriter("Content-Security-Policy", "default-src 'self'")).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }
From source file:reconf.server.ApplicationSecurity.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable();/* ww w. jav a2 s.co m*/ http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests().antMatchers("/crud/**").fullyAuthenticated().accessDecisionManager(decisionManager) .and().httpBasic(); }
From source file:de.kaiserpfalzEdv.office.ui.web.configuration.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { LOG.debug("Configuring HTTP Security: {}", http); // all requests are authenticated http.authorizeRequests().anyRequest().authenticated(); http.httpBasic();/* w w w . java2s . c o m*/ // Vaadin chokes if this filter is enabled, disable it! http.csrf().disable(); // TODO plumb custom HTTP 403 and 404 pages /* http.exceptionHandling().accessDeniedPage("/access?error"); */ }