Example usage for org.springframework.security.config.annotation.web.builders HttpSecurity csrf

List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity csrf

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.config.annotation.web.builders.*
  5. HttpSecurity
  6. csrf

Introduction

In this page you can find the example usage for org.springframework.security.config.annotation.web.builders HttpSecurity csrf.

Prototype

public CsrfConfigurer<HttpSecurity> csrf() throws Exception

Source Link

Document

Adds CSRF support.

Usage

From source file:com.github.wnameless.spring.papertrail.test.jpa.JpaSecutityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.httpBasic();
    http.csrf().disable();
}

From source file:org.awesomeagile.webapp.config.SecurityConfig.java

public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().httpBasic().authenticationEntryPoint(new AwesomeAgileAuthenticationEntryPoint()).and()
            .logout()/*from  w w w .jav  a 2s. c o  m*/
            // TODO signout isn't currently handled
            .logoutUrl("/signout").deleteCookies("JSESSIONID").and().authorizeRequests()
            .antMatchers("/index.html", "/", "/auth/**", "/info", "/health", "/images/**", "/css/**", "/js/**",
                    "/node_modules/**", "/partials/**")
            .permitAll().anyRequest().authenticated().and().rememberMe().and()
            .apply(new SpringSocialConfigurer());
}

From source file:cz.sohlich.workstack.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().exceptionHandling().and().anonymous().and().servletApi().and().headers()
            .cacheControl().and().authorizeRequests().antMatchers("/api/task/**").authenticated()
            .antMatchers(HttpMethod.POST, "/security/login").permitAll().and()
            .addFilterBefore(new StatelessLoginFilter("/security/login", tokenAuthenticationService,
                    userDetailService, authenticationManager), UsernamePasswordAuthenticationFilter.class)
            .addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService),
                    UsernamePasswordAuthenticationFilter.class);
    //                .exceptionHandling().authenticationEntryPoint(entryPoint);
    //                .formLogin();//.loginPage("/security/login");
}

From source file:org.joinfaces.example.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) {
    try {/* w w  w  .  ja  v  a 2  s.c  om*/
        http.csrf().disable();
        http.userDetailsService(userDetailsService()).authorizeRequests().antMatchers("/").permitAll()
                .antMatchers("/index.jsf").permitAll().antMatchers("/javax.faces.resource/**").permitAll()
                .anyRequest().authenticated().and().formLogin().loginPage("/login.jsf").permitAll()
                .failureUrl("/login.jsf?error=true").defaultSuccessUrl("/index.jsf").and().logout()
                .logoutSuccessUrl("/login.jsf");
    } catch (Exception ex) {
        throw new RuntimeException(ex);
    }
}

From source file:com.todo.backend.config.SecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().headers().frameOptions().disable().and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilterBefore(
                    new JWTFilter(customProperties.getSecretKey()), UsernamePasswordAuthenticationFilter.class);

    http.authorizeRequests().antMatchers("/management/**").hasAuthority("ADMIN");
}

From source file:com.javiermoreno.springboot.rest.TokenSecurityAdapter.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()).and()
            // Filter order: http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/apidocs/org/springframework/security/config/annotation/web/HttpSecurityBuilder.html#addFilter%28javax.servlet.Filter%29
            .addFilterAfter(authenticationTokenProcessingFilterBean(), BasicAuthenticationFilter.class)
            .authorizeRequests()// w w w. ja v a  2s .  co  m
            .antMatchers("/api-docs/**", "/public/**", "/views/**", "/errores/**", "/health/**", "/metrics/**",
                    "/configprops/**")
            .permitAll().antMatchers(HttpMethod.GET, "/private/**").hasRole("ADMIN")
            .antMatchers(HttpMethod.GET, "/shutdown/**").hasRole("ADMIN")
            //.access("hasRole('ROLE_ADMIN')")
            .anyRequest().authenticated().and().httpBasic();
}

From source file:reconf.server.ApplicationSecurity.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http.authorizeRequests().antMatchers("/crud/**").fullyAuthenticated().accessDecisionManager(decisionManager)
            .and().httpBasic();//from w  w  w . j ava2s  . c  o m
}

From source file:com.github.fedorchuck.webstore.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests().antMatchers("/resources/**", "/**").permitAll().anyRequest()
            .permitAll().and();/*from   w w w  .  java  2  s . co m*/

    http.formLogin().loginPage("/login").loginProcessingUrl("/j_spring_security_check")
            .failureUrl("/login?error").usernameParameter("j_username").passwordParameter("j_password")
            .permitAll();

    http.logout().permitAll().logoutUrl("/user/logout")//.logoutUrl("/logout")
            .logoutSuccessUrl("/user/authorize")//.logoutSuccessUrl("/login?logout")
            .invalidateHttpSession(true);

}

From source file:cn.cuizuoli.gotour.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests()
            .antMatchers("/login", "/", "/index.html", "/w/**", "/components/**", "/css/**", "/images/**")
            .permitAll().antMatchers("/a").hasRole("GOTOUR_ADMIN").antMatchers("/a/**").hasRole("GOTOUR_ADMIN")
            .anyRequest().anonymous().and().formLogin().loginPage("/login")
            .loginProcessingUrl("/j_spring_security_check").usernameParameter("username")
            .passwordParameter("password").defaultSuccessUrl("/a", true).failureUrl("/login").and().logout()
            .logoutUrl("/logout").logoutSuccessUrl("/login").deleteCookies("JSESSIONID")
            .invalidateHttpSession(true).and().httpBasic().and().rememberMe().and().sessionManagement()
            .maximumSessions(10).maxSessionsPreventsLogin(true);
}

From source file:com.jiwhiz.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests().antMatchers("/api/admin/**")
            .hasAuthority(UserRoleType.ROLE_ADMIN.name()).antMatchers("/api/author/**")
            .hasAuthority(UserRoleType.ROLE_AUTHOR.name()).antMatchers("/api/user/**")
            .hasAuthority(UserRoleType.ROLE_USER.name()).antMatchers("/api/public/**").permitAll().anyRequest()
            .authenticated().and()/*from   w w  w .ja v  a 2s.  c o m*/
            .addFilterBefore(testAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class);
}