List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity csrf
public CsrfConfigurer<HttpSecurity> csrf() throws Exception
From source file:com.sothawo.taboo2.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { boolean requireSsl = securityProperties.isRequireSsl(); boolean basicEnabled = securityProperties.getBasic().isEnabled(); log.debug("configuring http, requires ssl: {}, basic authentication: {}", requireSsl, basicEnabled); if (requireSsl) { http.requiresChannel().anyRequest().requiresSecure(); }//from w w w. j av a 2 s.c om if (basicEnabled) { // authentication for the taboo2 service only, the app itself doesn't need use it to display it's own login // form. http.authorizeRequests().antMatchers("/taboo2/**").authenticated().anyRequest().permitAll(); } http.httpBasic().realmName("taboo2"); http.csrf().disable(); }
From source file:com.netflix.genie.web.security.saml.SAMLConfig.java
/** * Defines the web based security configuration. * * @param http It allows configuring web based security for specific http requests. * @throws Exception on any error//w w w. j av a 2s .c o m */ @Override protected void configure(final HttpSecurity http) throws Exception { // @formatter:off http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.antMatcher("/**").authorizeRequests().antMatchers("/actuator/**").permitAll().antMatchers("/api/**") .permitAll().antMatchers("/error").permitAll().antMatchers("/saml/**").permitAll().anyRequest() .authenticated().and().x509().authenticationUserDetailsService(this.x509UserDetailsService); http.logout().logoutSuccessUrl("/"); // @formatter:on }
From source file:com.netflix.genie.security.saml.SAMLConfig.java
/** * Defines the web based security configuration. * * @param http It allows configuring web based security for specific http requests. * @throws Exception on any error/* w ww. jav a 2 s .com*/ */ @Override protected void configure(final HttpSecurity http) throws Exception { // @formatter:off http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.antMatcher("/**").authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll() .antMatchers("/api/**").permitAll().antMatchers("/error").permitAll().antMatchers("/saml/**") .permitAll().anyRequest().authenticated().and().x509() .authenticationUserDetailsService(this.x509UserDetailsService); http.logout().logoutSuccessUrl("/"); // @formatter:on }
From source file:com.esquema.seguridad.ApplicationSecurity.java
@Override protected void configure(HttpSecurity http) throws Exception { /* Inicio/*from w w w. java2 s .c o m*/ *********************** Manejo de sesin y autenticacin **************************************/ http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests() .antMatchers("/esquema/**").fullyAuthenticated().and().httpBasic(); //.formLogin(); /********************** Manejo de sesin y autenticacin *************************************** * Fin */ /* Inicio *********************** Manejo de sesin y autenticacin **************************************/ http.authorizeRequests().antMatchers("/").permitAll().and().authorizeRequests() .antMatchers("/h2/**", "/H2/**").permitAll(); http.csrf().disable(); http.headers().frameOptions().disable(); /********************** Manejo de sesin y autenticacin *************************************** * Fin */ /* Inicio *********************** Hace que el request sea solo por HTTPS ************************************** http .requiresChannel().antMatchers("/escribe tu ruta aqu/**").requiresSecure(); http.csrf().disable(); /********************** Hace que el request sea solo por HTTPS *************************************** * Fin */ }
From source file:org.openlmis.notification.ResourceServerSecurityConfiguration.java
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new OncePerRequestFilter() { @Override/*ww w . j a va2s. co m*/ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // We don't want to allow access to a resource with no token so clear // the security context in case it is actually an OAuth2Authentication if (tokenExtractor.extract(request) == null) { SecurityContextHolder.clearContext(); } filterChain.doFilter(request, response); } }, AbstractPreAuthenticatedProcessingFilter.class); http.csrf().disable(); http.anonymous().and().authorizeRequests() .antMatchers("/notification", "/webjars/**", "/notification/webjars/**", "/notification/docs/**") .permitAll().antMatchers("/**").fullyAuthenticated(); }
From source file:org.openlmis.fulfillment.security.ResourceServerSecurityConfiguration.java
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new OncePerRequestFilter() { @Override/*w w w. j ava 2s .c o m*/ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // We don't want to allow access to a resource with no token so clear // the security context in case it is actually an OAuth2Authentication if (tokenExtractor.extract(request) == null) { SecurityContextHolder.clearContext(); } filterChain.doFilter(request, response); } }, AbstractPreAuthenticatedProcessingFilter.class); http.csrf().disable(); http.authorizeRequests() .antMatchers("/fulfillment", "/webjars/**", "/fulfillment/webjars/**", "/fulfillment/docs/**") .permitAll().antMatchers("/**").fullyAuthenticated(); }
From source file:it.infn.mw.iam.config.saml.SamlConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { String pattern = "/saml/**"; http.antMatcher(pattern);// w w w. j a v a2 s .c o m http.csrf().ignoringAntMatchers(pattern); http.authorizeRequests().antMatchers(pattern).permitAll(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); }
From source file:eu.eidas.sp.CsrfSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // Build the request matcher for CSFR protection RequestMatcher csrfRequestMatcher = new RequestMatcher() { // Disable CSFR protection on the following urls: private AntPathRequestMatcher[] requestMatchers = { new AntPathRequestMatcher("/respeidas", "POST"), new AntPathRequestMatcher("/mdeidas", "GET") }; @Override// w w w . j a v a2 s . co m public boolean matches(HttpServletRequest request) { // If the request match one url the CSFR protection will be disabled for (AntPathRequestMatcher rm : requestMatchers) { if (rm.matches(request)) { return false; } } return true; } // method matches }; // new RequestMatcher // Set security configurations http // Disable the csrf protection on some request matches .csrf().disable(); //.requireCsrfProtectionMatcher(csrfRequestMatcher).and(); }
From source file:io.syndesis.runtime.KeycloakConfiguration.java
@Override @SuppressWarnings("PMD.SignatureDeclareThrowsException") protected void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .sessionAuthenticationStrategy(sessionAuthenticationStrategy()).and() .addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class) .addFilterBefore(keycloakAuthenticationProcessingFilter(), X509AuthenticationFilter.class) .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and().authorizeRequests() .antMatchers(HttpMethod.OPTIONS).permitAll().antMatchers("/api/v1/swagger.*").permitAll() .antMatchers("/api/v1/index.html").permitAll() .antMatchers(HttpMethod.GET, "/api/v1/credentials/callback").permitAll().antMatchers("/api/v1/**") .authenticated().antMatchers("/api/setup").authenticated().anyRequest().permitAll(); http.csrf().disable(); }