List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity csrf
public CsrfConfigurer<HttpSecurity> csrf() throws Exception
From source file:com.github.zxkane.config.SecurityTestConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().authorizeRequests().anyRequest().permitAll().and().httpBasic().realmName("realm"); }
From source file:com.boxedfolder.carrot.config.security.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests().antMatchers(HttpMethod.POST, "/client/analytics/logs/**").permitAll(); // Define secured routes here String[] securedEndpoints = { "/client/ping", "/client/beacons/**", "/client/apps/**", "/client/events/**", "/client/analytics/**" }; for (String endpoint : securedEndpoints) { http.authorizeRequests().antMatchers(endpoint).authenticated(); }//from w w w .j a v a2s .co m SecurityConfigurer<DefaultSecurityFilterChain, HttpSecurity> securityConfigurerAdapter = new XAuthTokenConfigurer( userDetailsServiceBean()); http.apply(securityConfigurerAdapter); }
From source file:com.mec.Security.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().cors().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests() .antMatchers(HttpMethod.POST, "/login/**").permitAll().antMatchers(HttpMethod.OPTIONS, "/**") .permitAll().and() // **permit OPTIONS call to all** .authorizeRequests().antMatchers("/API/editor/**").hasAnyRole("mapa.Editor").and() .addFilterBefore(jwtLoginFilter(), UsernamePasswordAuthenticationFilter.class)//filter the api/login requests .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);// And filter other requests to check the presence of JWT in header }
From source file:fr.mycellar.configuration.SpringSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() // .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() // .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint).and() // .securityContext().securityContextRepository(securityContextTokenRepository).and() // .antMatcher("**") // .authorizeRequests() // .antMatchers("/api/admin/**").hasRole("ADMIN") // .antMatchers("/api/**").permitAll() // .antMatchers("/cellar/**").hasRole("CELLAR") // .antMatchers("/admin/**").hasRole("ADMIN") // .antMatchers("/booking/reports").hasRole("ADMIN") // .antMatchers("/booking/**").hasRole("BOOKING") // .antMatchers("/contact/**").hasRole("ADMIN") // .antMatchers("/monitoring/**").hasRole("MONITORING"); }
From source file:org.createnet.raptor.auth.service.JWTWebSecurityConfigurationAdapter.java
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity // we don't need CSRF because our token is invulnerable .csrf().disable().exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() // don't create session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().cors().and() .authorizeRequests().antMatchers(authenticationPath).permitAll().antMatchers(authenticationRefresh) .permitAll().antMatchers("/v2/api-docs").permitAll() // keep this method private to allow sync beetween api and auth .antMatchers("/sync").hasIpAddress("127.0.0.1").anyRequest().authenticated(); // Custom JWT based security filter httpSecurity.addFilterBefore(authenticationTokenFilterBean(), JsonUsernamePasswordFilter.class); // disable page caching httpSecurity.headers().cacheControl(); }
From source file:com.devnexus.ting.web.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { HttpSecurity httpSecurity = http.csrf().disable() //TODO Refactor login form .authorizeRequests().antMatchers("/s/admin/cfp**").hasAnyAuthority("ADMIN", "CFP_REVIEWER").and() .authorizeRequests().antMatchers("/s/admin/index").hasAnyAuthority("ADMIN", "CFP_REVIEWER").and() .authorizeRequests().antMatchers("/s/admin/**").hasAuthority("ADMIN").and().authorizeRequests() .antMatchers("/**").permitAll().anyRequest().anonymous().and().logout().logoutSuccessUrl("/s/index") .logoutUrl("/s/logout").permitAll().and(); if (httpsEnabled) { httpSecurity = httpSecurity.requiresChannel().antMatchers("/s/admin/**").requiresSecure().and(); }/*from w w w. ja v a2 s.co m*/ httpSecurity.formLogin().loginProcessingUrl("/s/login").defaultSuccessUrl("/s/admin/index") .loginPage("/s/login").failureUrl("/s/login?status=error").permitAll(); }
From source file:com.github.lynxdb.server.api.http.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.antMatcher("/api/**").authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll() .antMatchers(EpAggregators.ENDPOINT, EpQuery.ENDPOINT, EpSuggest.ENDPOINT) .hasAnyRole(User.Rank.RO_USER.name(), User.Rank.RW_USER.name(), User.Rank.ADMIN.name()) .antMatchers(HttpMethod.POST, EpPut.ENDPOINT) .hasAnyRole(User.Rank.RW_USER.name(), User.Rank.ADMIN.name()) .antMatchers(EpUser.ENDPOINT, EpVhost.ENDPOINT).hasRole(User.Rank.ADMIN.name()); http.httpBasic().realmName("Lynx"); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); }
From source file:com.organization.projectname.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity // we don't need CSRF because our token is invulnerable .csrf().disable().exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() // don't create session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests()//from ww w .j a va 2 s. co m //.antMatchers(HttpMethod.OPTIONS, "/**").permitAll() // allow anonymous resource requests .antMatchers(HttpMethod.GET, "/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js") .permitAll().antMatchers("/api/v1/auth").permitAll().antMatchers("/api/v1/").permitAll() .antMatchers("/api/v1/admin").hasRole("ADMIN").anyRequest().authenticated(); // Custom JWT based security filter httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class); // disable page caching httpSecurity.headers().cacheControl(); }
From source file:com.devicehive.application.security.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests()/*from w w w . ja va 2s .co m*/ .antMatchers("/css/**", "/server/**", "/scripts/**", "/webjars/**", "/templates/**").permitAll() .antMatchers("/*/swagger.json", "/*/swagger.yaml").permitAll().and().anonymous().disable() .exceptionHandling().authenticationEntryPoint(unauthorizedEntryPoint()); http.addFilterBefore(new HttpAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class) .addFilterAfter(new SimpleCORSFilter(), HttpAuthenticationFilter.class); }
From source file:org.jrecruiter.web.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() //TODO Refactor login form .authorizeRequests().antMatchers("/admin/show-users.html**").hasAnyAuthority("ADMIN").and() .authorizeRequests().antMatchers("/admin/add-job.html**").hasAnyAuthority("MANAGER,ADMIN").and() .authorizeRequests().antMatchers("/admin/saveAddJob.html**").hasAnyAuthority("MANAGER,ADMIN").and() .authorizeRequests().antMatchers("/admin/show-jobs.html**").hasAnyAuthority("MANAGER,ADMIN").and() .authorizeRequests().antMatchers("/admin/show-jobs-ajax.html**").hasAnyAuthority("MANAGER,ADMIN") .and()//from w ww . j ava 2 s. c o m .authorizeRequests().antMatchers("/admin/edit-job.html**").hasAnyAuthority("MANAGER,ADMIN").and() .authorizeRequests().antMatchers("/admin/show-statistics.html**").hasAnyAuthority("MANAGER,ADMIN") .and().authorizeRequests().antMatchers("/admin/edit-user.html**").hasAnyAuthority("MANAGER,ADMIN") .and().authorizeRequests().antMatchers("/admin/index.html**").hasAnyAuthority("MANAGER,ADMIN").and() .authorizeRequests().antMatchers("/admin/delete-jobs.html**").hasAnyAuthority("MANAGER,ADMIN").and() .authorizeRequests().antMatchers("/admin/delete-user.html**").hasAnyAuthority("ADMIN").and() .authorizeRequests().antMatchers("/admin/add-user.html**").hasAnyAuthority("ADMIN").and() .authorizeRequests().antMatchers("/admin/**").hasAnyAuthority("ADMIN").and() .authorizeRequests().antMatchers("/admin/edit-settings.html**").hasAnyAuthority("ADMIN").and() .authorizeRequests().antMatchers("/admin/search-index.html**").hasAnyAuthority("ADMIN").and() .authorizeRequests().antMatchers("/admin/setup-demo.html**").hasAnyAuthority("ADMIN").and() .authorizeRequests().antMatchers("/admin/logging.html**").hasAnyAuthority("ADMIN").and() .authorizeRequests().antMatchers("/admin/*.html**").hasAnyAuthority("MANAGER,ADMIN").and() .authorizeRequests().antMatchers("/**").permitAll().anyRequest().anonymous().and() .logout().logoutSuccessUrl("/index.html").logoutUrl("/logout.html").permitAll().and() .requiresChannel().antMatchers("/admin/**").requiresSecure().and().formLogin() .loginProcessingUrl("/login.html").defaultSuccessUrl("/admin/index.html").loginPage("/login.html") .failureUrl("/login.html?status=error").permitAll(); }