List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity csrf
public CsrfConfigurer<HttpSecurity> csrf() throws Exception
From source file:com.github.wnameless.spring.papertrail.test.jpa.JpaSecutityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic(); http.csrf().disable(); }
From source file:org.awesomeagile.webapp.config.SecurityConfig.java
public void configure(HttpSecurity http) throws Exception { http.csrf().disable().httpBasic().authenticationEntryPoint(new AwesomeAgileAuthenticationEntryPoint()).and() .logout()/*from w w w .jav a 2s. c o m*/ // TODO signout isn't currently handled .logoutUrl("/signout").deleteCookies("JSESSIONID").and().authorizeRequests() .antMatchers("/index.html", "/", "/auth/**", "/info", "/health", "/images/**", "/css/**", "/js/**", "/node_modules/**", "/partials/**") .permitAll().anyRequest().authenticated().and().rememberMe().and() .apply(new SpringSocialConfigurer()); }
From source file:cz.sohlich.workstack.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().exceptionHandling().and().anonymous().and().servletApi().and().headers() .cacheControl().and().authorizeRequests().antMatchers("/api/task/**").authenticated() .antMatchers(HttpMethod.POST, "/security/login").permitAll().and() .addFilterBefore(new StatelessLoginFilter("/security/login", tokenAuthenticationService, userDetailService, authenticationManager), UsernamePasswordAuthenticationFilter.class) .addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class); // .exceptionHandling().authenticationEntryPoint(entryPoint); // .formLogin();//.loginPage("/security/login"); }
From source file:org.joinfaces.example.SecurityConfig.java
@Override protected void configure(HttpSecurity http) { try {/* w w w . ja v a 2 s.c om*/ http.csrf().disable(); http.userDetailsService(userDetailsService()).authorizeRequests().antMatchers("/").permitAll() .antMatchers("/index.jsf").permitAll().antMatchers("/javax.faces.resource/**").permitAll() .anyRequest().authenticated().and().formLogin().loginPage("/login.jsf").permitAll() .failureUrl("/login.jsf?error=true").defaultSuccessUrl("/index.jsf").and().logout() .logoutSuccessUrl("/login.jsf"); } catch (Exception ex) { throw new RuntimeException(ex); } }
From source file:com.todo.backend.config.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().headers().frameOptions().disable().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilterBefore( new JWTFilter(customProperties.getSecretKey()), UsernamePasswordAuthenticationFilter.class); http.authorizeRequests().antMatchers("/management/**").hasAuthority("ADMIN"); }
From source file:com.javiermoreno.springboot.rest.TokenSecurityAdapter.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()).and() // Filter order: http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/apidocs/org/springframework/security/config/annotation/web/HttpSecurityBuilder.html#addFilter%28javax.servlet.Filter%29 .addFilterAfter(authenticationTokenProcessingFilterBean(), BasicAuthenticationFilter.class) .authorizeRequests()// w w w. ja v a 2s . co m .antMatchers("/api-docs/**", "/public/**", "/views/**", "/errores/**", "/health/**", "/metrics/**", "/configprops/**") .permitAll().antMatchers(HttpMethod.GET, "/private/**").hasRole("ADMIN") .antMatchers(HttpMethod.GET, "/shutdown/**").hasRole("ADMIN") //.access("hasRole('ROLE_ADMIN')") .anyRequest().authenticated().and().httpBasic(); }
From source file:reconf.server.ApplicationSecurity.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests().antMatchers("/crud/**").fullyAuthenticated().accessDecisionManager(decisionManager) .and().httpBasic();//from w w w . j ava2s . c o m }
From source file:com.github.fedorchuck.webstore.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests().antMatchers("/resources/**", "/**").permitAll().anyRequest() .permitAll().and();/*from w w w . java 2 s . co m*/ http.formLogin().loginPage("/login").loginProcessingUrl("/j_spring_security_check") .failureUrl("/login?error").usernameParameter("j_username").passwordParameter("j_password") .permitAll(); http.logout().permitAll().logoutUrl("/user/logout")//.logoutUrl("/logout") .logoutSuccessUrl("/user/authorize")//.logoutSuccessUrl("/login?logout") .invalidateHttpSession(true); }
From source file:cn.cuizuoli.gotour.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests() .antMatchers("/login", "/", "/index.html", "/w/**", "/components/**", "/css/**", "/images/**") .permitAll().antMatchers("/a").hasRole("GOTOUR_ADMIN").antMatchers("/a/**").hasRole("GOTOUR_ADMIN") .anyRequest().anonymous().and().formLogin().loginPage("/login") .loginProcessingUrl("/j_spring_security_check").usernameParameter("username") .passwordParameter("password").defaultSuccessUrl("/a", true).failureUrl("/login").and().logout() .logoutUrl("/logout").logoutSuccessUrl("/login").deleteCookies("JSESSIONID") .invalidateHttpSession(true).and().httpBasic().and().rememberMe().and().sessionManagement() .maximumSessions(10).maxSessionsPreventsLogin(true); }
From source file:com.jiwhiz.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests().antMatchers("/api/admin/**") .hasAuthority(UserRoleType.ROLE_ADMIN.name()).antMatchers("/api/author/**") .hasAuthority(UserRoleType.ROLE_AUTHOR.name()).antMatchers("/api/user/**") .hasAuthority(UserRoleType.ROLE_USER.name()).antMatchers("/api/public/**").permitAll().anyRequest() .authenticated().and()/*from w w w .ja v a 2s. c o m*/ .addFilterBefore(testAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class); }