List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity authorizeRequests
public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests() throws Exception
From source file:com.base.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { //http.headers().cacheControl().disable(); //http.headers().defaultsDisabled(); System.out.println("CONFIGURE HTTPSECURITY"); http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/admin/**") .access("hasRole('ROLE_ADMIN')") //vanha rivi: .antMatchers("/second").access("hasRole('ROLE_ADMIN') and hasRole('ROLE_TEACHER')") .antMatchers("/teacher/**").access("hasRole('ROLE_TEACHER') or hasRole('ROLE_ADMIN')") .antMatchers("/student/**").access("hasRole('ROLE_STUDENT') or hasRole('ROLE_ADMIN')").and() .formLogin().defaultSuccessUrl("/admin/second").loginPage("/login").failureUrl("/login/error") .usernameParameter("username").passwordParameter("password").and().logout() .logoutSuccessUrl("/login?logout").and().csrf().and().exceptionHandling().accessDeniedPage("/403"); }
From source file:com.isalnikov.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterBefore(authorizationFilter(), UserAuthorizationFilter.class); http.authorizeRequests() //http://www.webremeslo.ru/html/glava10.html .antMatchers("/page**").permitAll() .antMatchers("/login").permitAll().antMatchers("/user").hasRole("USER").antMatchers("/csrf") .hasRole("USER").anyRequest().authenticated().and().formLogin() // default login jsp //.failureUrl("/login") //.failureHandler((new SimpleUrlAuthenticationFailureHandler()) .permitAll().and().logout() //default logout jsp .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) // .deleteCookies("JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE") .permitAll();// w w w .ja v a2s. c o m http.sessionManagement().maximumSessions(1).and().invalidSessionUrl("/login"); // http // .headers() // .frameOptions().sameOrigin() // .httpStrictTransportSecurity().disable(); //http.exceptionHandling().authenticationEntryPoint(null); http.headers().addHeaderWriter(new StaticHeadersWriter("X-Content-Security-Policy", "default-src 'self'")) .addHeaderWriter(new StaticHeadersWriter("X-WebKit-CSP", "default-src 'self'")); }
From source file:com.avaya.subMgmt.server.SecurityConfigAdapter.java
@Override public void configure(HttpSecurity http) throws Exception { // Start configuration http.csrf().disable();/* www . jav a 2s . c om*/ if ("basic".equals(authType)) { http.authorizeRequests().antMatchers("/**").authenticated().and().httpBasic(); } if ("digest".equals(authType)) { http.exceptionHandling().authenticationEntryPoint(digestEntryPoint()); http.authorizeRequests().antMatchers("/**").authenticated().and() .addFilter(digestAuthenticationFilter(digestEntryPoint())); } }
From source file:com.expedia.seiso.SeisoWebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http // TODO Would prefer to do this without sessions if possible. But see // https://spring.io/guides/tutorials/spring-security-and-angular-js/ // http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-sticky-sessions.html // .sessionManagement() // .sessionCreationPolicy(SessionCreationPolicy.STATELESS) // .and() .authorizeRequests().antMatchers(HttpMethod.GET, "/internal/**").permitAll() .antMatchers(HttpMethod.GET, "/api/**").permitAll().antMatchers(HttpMethod.POST, "/api/**") .hasAnyRole(Roles.USER, Roles.ADMIN).antMatchers(HttpMethod.PUT, "/api/**") .hasAnyRole(Roles.USER, Roles.ADMIN).antMatchers(HttpMethod.DELETE, "/api/**") .hasAnyRole(Roles.USER, Roles.ADMIN).antMatchers(HttpMethod.PATCH, "/api/**") .hasAnyRole(Roles.USER, Roles.ADMIN) // Admin console .antMatchers(HttpMethod.GET, "/admin").hasRole(Roles.ADMIN).antMatchers(HttpMethod.GET, "/admin/**") .hasRole(Roles.ADMIN)// w ww . j ava 2 s.c om // Blacklist .anyRequest().denyAll() // .anyRequest().hasRole(Roles.USER) .and().httpBasic().authenticationEntryPoint(entryPoint()).and().exceptionHandling() .authenticationEntryPoint(entryPoint()).and() // FIXME Enable. See https://spring.io/guides/tutorials/spring-security-and-angular-js/ .csrf().disable(); // @formatter:on }
From source file:architecture.user.spring.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/main.do*", "/accounts/**", "/download/**", "/display/**", "/connect/**", "/data/**") .anonymous().antMatchers("/secure").hasAnyRole("SYSTEM", "ADMIN").anyRequest().authenticated().and() .formLogin().loginPage("/accounts/login").loginProcessingUrl("/accounts/authorize") .failureHandler(authenticationFailureHandler()).successHandler(authenticationSuccessHandler()) .usernameParameter("username").passwordParameter("password").and().logout() .invalidateHttpSession(true).logoutUrl("/accounts/logout").logoutSuccessUrl("/main.do").and() .anonymous().key("ANONYMOUS").and().exceptionHandling() .accessDeniedPage("/includes/jsp/unauthorized.jsp").and().requestCache() .requestCache(authenticationRequestCache()).and().httpBasic() .authenticationEntryPoint(authenticationEntryPoint()); }
From source file:com.boxedfolder.carrot.config.security.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable();// www . j a v a2 s . c o m http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests().antMatchers(HttpMethod.POST, "/client/analytics/logs/**").permitAll(); // Define secured routes here String[] securedEndpoints = { "/client/ping", "/client/beacons/**", "/client/apps/**", "/client/events/**", "/client/analytics/**" }; for (String endpoint : securedEndpoints) { http.authorizeRequests().antMatchers(endpoint).authenticated(); } SecurityConfigurer<DefaultSecurityFilterChain, HttpSecurity> securityConfigurerAdapter = new XAuthTokenConfigurer( userDetailsServiceBean()); http.apply(securityConfigurerAdapter); }
From source file:com.hp.autonomy.frontend.find.core.beanconfiguration.SecurityConfiguration.java
@SuppressWarnings("ProhibitedExceptionDeclared") @Override/* w ww .j a v a2 s . co m*/ protected void configure(final HttpSecurity http) throws Exception { final HttpSessionRequestCache requestCache = new HttpSessionRequestCache(); requestCache.setRequestMatcher(new AntPathRequestMatcher(FindController.APP_PATH)); http.authorizeRequests().antMatchers("/api/public/**").hasRole(FindRole.USER.name()) .antMatchers("/api/admin/**").hasRole(FindRole.ADMIN.name()).antMatchers("/api/config/**") .hasRole(FindRole.CONFIG.name()).antMatchers("/api/bi/**").hasRole(FindRole.BI.name()).and() .requestCache().requestCache(requestCache).and().csrf().disable().headers().defaultsDisabled() .frameOptions().sameOrigin(); }
From source file:shiver.me.timbers.spring.security.integration.JwtApplySecurityConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(STATELESS); http.apply(jwt());/*from ww w . j a v a2 s.c om*/ http.antMatcher("/jwt/**"); http.csrf().disable(); http.authorizeRequests().antMatchers("/jwt/one").access("hasRole('ONE')").antMatchers("/jwt/two") .access("hasRole('TWO')").anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/jwt/signIn") .permitAll(); http.logout().logoutUrl("/jwt/signOut").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:eu.trentorise.game.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // application never creates an http session http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests() .antMatchers("/gengine/**", "/console/**", "/model/**", "/data/**", "/exec/**", "/notification/**") .access("hasRole('ROLE_ADMIN')").and().httpBasic(); http.authorizeRequests().antMatchers("/api/**").anonymous(); // disable csrf permits POST http call to DomainConsoleController // without using csrf token http.csrf().disable();// w w w . j a va 2s.c o m }
From source file:com.toptal.conf.SecurityConfiguration.java
@Override protected final void configure(final HttpSecurity http) throws Exception { final String format = "%s/*"; http.csrf().disable();/*from w w w. j ava 2 s . c om*/ http.httpBasic(); http.authorizeRequests().antMatchers(HttpMethod.POST, SignupController.PATH).anonymous() .antMatchers(UserController.PATH).hasRole(Role.ROLE_MANAGER.text()) .antMatchers(String.format(format, UserController.PATH)).hasRole(Role.ROLE_MANAGER.text()) .antMatchers(EntryController.PATH).hasRole(Role.ROLE_USER.text()) .antMatchers(String.format(format, EntryController.PATH)).hasRole(Role.ROLE_USER.text()); }