List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity authorizeRequests
public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests() throws Exception
From source file:de.pksoftware.springstrap.basic.config.BasicWebSecurityConfig.java
/** * Configure the Web Security for the example application. *//* w w w .j av a 2s .com*/ @Override protected void configureSecurity(HttpSecurity http) throws Exception { this.addAuthenticationProcessingFilter(http, googleAuthenticationProcessingFilterBean()); //Access Rules String[] filesAdmin = { "/admin/**" }; String[] filesAuthorized = { "/account/**" }; //Authorize Requests http.authorizeRequests() .antMatchers(filesAdmin).hasAnyRole("ADMIN").antMatchers(filesAuthorized).authenticated() .anyRequest().permitAll(); }
From source file:de.pksoftware.springstrap.core.config.WebSecurityConfigBase.java
/** * Custom Security Configuration./*from www .ja va 2 s . com*/ * * @param http * @throws Exception */ protected void configureSecurity(HttpSecurity http) throws Exception { logger.info("Customizing Springstrap Web Security..."); //By default all requests are permitted. //TODO http.authorizeRequests().anyRequest().permitAll(); }
From source file:com.todo.backend.config.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().headers().frameOptions().disable().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilterBefore( new JWTFilter(customProperties.getSecretKey()), UsernamePasswordAuthenticationFilter.class); http.authorizeRequests().antMatchers("/management/**").hasAuthority("ADMIN"); }
From source file:org.opendatakit.configuration.TestBasicSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { logger.info("Setting up authentication."); // We have a choice here; stateless OR enable sessions and use CSRF. http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.csrf().disable();//from w ww . j a v a2 s.co m http.authorizeRequests().antMatchers("/*").permitAll(); http.authorizeRequests().antMatchers("/**").authenticated().and() .addFilterBefore(basicAuthenticationFilter(), AnonymousAuthenticationFilter.class); }
From source file:de.interseroh.report.webconfig.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { String successfulLoginPage = env.getProperty("login.successful.page", SUCCESSFUL_LOGIN_PAGE); String successfulLogoutPage = env.getProperty("logout.successful.page", SUCCESSFUL_LOGOUT_PAGE); http.authorizeRequests().antMatchers("/", SUCCESSFUL_LOGIN_PAGE, "/resources/**", "/imprint", "/images/**") // white list of urls .permitAll() // allow anyone on these links .anyRequest().authenticated() // all other urls need a // authentication .and().formLogin() // configure the login .loginPage("/login") // this is the loginPage .failureUrl("/login?error") // redirect to this page on failure .defaultSuccessUrl(successfulLoginPage) // redirect to this page // on success .permitAll() // permit any user to access the login page .and().logout() // logout config .logoutUrl("/logout") // url to trigger logout .logoutSuccessUrl(successfulLogoutPage) // redirect to start // page .permitAll(); // allow anyone to call the logout page http.csrf().disable(); // TODO Why is CSRF disabled? http.headers().disable(); // TODO need a different solution then // disabling security headers. }
From source file:com.traffitruck.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // handle content encoding CharacterEncodingFilter filter = new CharacterEncodingFilter(); filter.setEncoding("UTF-8"); filter.setForceEncoding(true);/* www . j a va 2s . c o m*/ http.addFilterBefore(filter, CsrfFilter.class); http.authorizeRequests() .antMatchers("/css/**", "/js/**", "/images/**", "/registerUser", "/verifyPhone", "/resendVerificationCode", "/registrationConfirmation", "/forgotPassword", "/resetPassword") .permitAll() .antMatchers("/newload", "/myLoads", "/deleteLoad", "/load_details/**", "/editLoad/**", "/updateload") .hasAuthority(Role.LOAD_OWNER.name()) .antMatchers("/truckerMenu", "/findTrucksForLoad", "/addAvailability", "/myTrucks", "/newTruck", "/load_details_for_trucker/**", "/load_for_truck_by_radius", "/myAlerts", "/newAlert") .hasAuthority(Role.TRUCK_OWNER.name()) .antMatchers("/loads", "/trucks", "/truckApproval", "/nonApprovedTrucks", "/approval/licenseimage/**", "/truckApproval", "/load_details_json/**", "/deleteLoadAdmin", "/users", "/alerts", "/allow_load_details/**") .hasAuthority(Role.ADMIN.name()).anyRequest().authenticated(); http.formLogin().loginPage("/login").successHandler(successHandler()).permitAll().and().logout().permitAll() .deleteCookies("remember-me").logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/login?logout"); http.rememberMe().tokenRepository(repository).userDetailsService(userDetails); http.sessionManagement().maximumSessions(9999).expiredUrl("/login?logout").maxSessionsPreventsLogin(false) .and().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).invalidSessionUrl("/login"); }
From source file:sample.MyConfigurer.java
@SuppressWarnings("unchecked") @Override/* w ww. j a va 2 s . com*/ public void init(HttpSecurity http) throws Exception { // autowire this bean ApplicationContext context = http.getSharedObject(ApplicationContext.class); context.getAutowireCapableBeanFactory().autowireBean(this); // Our DSL allows to grant access to URLs defined by permitAllPattern in a property // and then requires authentication for any other request http.authorizeRequests().antMatchers(permitAllPattern).permitAll().anyRequest().authenticated(); if (http.getConfigurer(FormLoginConfigurer.class) == null) { // only apply if formLogin() was not invoked by the user // this is a way of providing a default, but allow users to override http.formLogin().loginPage(loginPage); } }
From source file:org.smigo.user.authentication.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { /*// w w w . j av a 2s . co m HttpSessionSecurityContextRepository repository = new HttpSessionSecurityContextRepository(); repository.setDisableUrlRewriting(false); http.securityContext().securityContextRepository(repository); */ http.authorizeRequests().anyRequest().permitAll(); FormLoginConfigurer<HttpSecurity> formLogin = http.formLogin(); formLogin.loginPage("/login"); formLogin.loginProcessingUrl("/login"); formLogin.failureHandler(restAuthenticationFailureHandler); formLogin.successHandler(emptyAuthenticationSuccessHandler); final SpringSocialConfigurer springSocialConfigurer = new SpringSocialConfigurer(); springSocialConfigurer.postLoginUrl("/garden-planner"); http.apply(springSocialConfigurer); RememberMeConfigurer<HttpSecurity> rememberMe = http.rememberMe(); rememberMe.userDetailsService(customUserDetailsService); rememberMe.tokenValiditySeconds(Integer.MAX_VALUE); rememberMe.tokenRepository(persistentTokenRepository()); LogoutConfigurer<HttpSecurity> logout = http.logout(); logout.invalidateHttpSession(true); logout.logoutUrl("/logout"); logout.logoutSuccessUrl("/welcome-back"); CsrfConfigurer<HttpSecurity> csrf = http.csrf(); csrf.disable(); OpenIDLoginConfigurer<HttpSecurity> openidLogin = http.openidLogin(); openidLogin.loginPage("/login"); openidLogin.loginProcessingUrl("/login-openid"); openidLogin.authenticationUserDetailsService(openIdUserDetailsService); openidLogin.permitAll(); openidLogin.defaultSuccessUrl("/garden-planner"); // openidLogin.attributeExchange("https://www.google.com/.*").attribute("axContactEmail").type("http://axschema.org/contact/email").required(true); }
From source file:org.opendatakit.configuration.TestDigestSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { logger.info("Setting up authentication."); // We have a choice here; stateless OR enable sessions and use CSRF. http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.csrf().disable();/*from w ww . ja va 2s . c o m*/ http.authorizeRequests().antMatchers("/*").permitAll(); http.authorizeRequests().antMatchers("/**").authenticated().and() .addFilterBefore(basicAuthenticationFilter(), AnonymousAuthenticationFilter.class) .addFilter(digestAuthenticationFilter()); }
From source file:com.jservlet.TcloudClientApplication.java
@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http.authorizeRequests().antMatchers("/v2/api-docs/**").permitAll() .antMatchers("/swagger-ui.html", "/webjars/**", "/swagger-resources/**").permitAll().and() .authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin().loginPage("/login") .permitAll(); // Override Spring HttpSecurity login form path! // @formatter:on }