Example usage for org.springframework.security.config.annotation.web.builders HttpSecurity csrf

List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity csrf

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.config.annotation.web.builders.*
  5. HttpSecurity
  6. csrf

Introduction

In this page you can find the example usage for org.springframework.security.config.annotation.web.builders HttpSecurity csrf.

Prototype

public CsrfConfigurer<HttpSecurity> csrf() throws Exception

Source Link

Document

Adds CSRF support.

Usage

From source file:rest.SecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/resources/**").permitAll().and().exceptionHandling().and()
            .httpBasic();/*from  w ww.  j  a  v  a 2  s.co  m*/

    http.csrf().disable();
}

From source file:ru.langboost.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    //        http.authorizeRequests()
    //                .antMatchers("/protected/**").access("hasRole('ROLE_ADMIN')");
    http.csrf().disable();// 
    http.formLogin().loginPage("/login").defaultSuccessUrl("/", false);
    http.httpBasic().realmName("Protected API");
    //        http.authorizeRequests().anyRequest();
}

From source file:eu.freme.broker.security.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .exceptionHandling().authenticationEntryPoint(unauthorizedEntryPoint());
    AuthenticationFilter authenticationFilter = new AuthenticationFilter(authenticationManager());
    //FilterRegistrationBean registration = new FilterRegistrationBean(authenticationFilter);
    //registration.setOrder(0);

    http.addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class).addFilterBefore(
            new ManagementEndpointAuthenticationFilter(authenticationManager()),
            BasicAuthenticationFilter.class);
}

From source file:coral.reef.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/admin/**").authenticated().antMatchers("/actuator/**")
            .authenticated().anyRequest().permitAll().and().httpBasic();
    http.csrf().disable();
}

From source file:cn.org.once.cstack.config.SecurityConfiguration.java

/**
 * Protection CSRF is critical for production env only
 *
 * @param http// w w w  .j  ava  2s . c  o m
 * @throws Exception
 */

@Profile({ "production" })
private void activateProtectionCRSF(HttpSecurity http) throws Exception {
    // CSRF protection
    http.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(),
            CsrfFilter.class);
}

From source file:eu.openanalytics.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            // must disable or handle in proxy
            .csrf().disable()//w  ww . j ava 2s .  c o  m
            // disable X-Frame-Options
            .headers().frameOptions().sameOrigin();

    if (hasAuth(environment)) {
        // Limit access to the app pages
        http.authorizeRequests().antMatchers("/login").permitAll();
        for (ShinyApp app : appService.getApps()) {
            String[] appRoles = appService.getAppRoles(app.getName());
            if (appRoles != null && appRoles.length > 0)
                http.authorizeRequests().antMatchers("/app/" + app.getName()).hasAnyRole(appRoles);
        }

        // Limit access to the admin pages
        http.authorizeRequests().antMatchers("/admin").hasAnyRole(userService.getAdminRoles());

        // All other pages are available to authenticated users
        http.authorizeRequests().anyRequest().fullyAuthenticated();

        http.formLogin().loginPage("/login").and().logout()
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessHandler(logoutHandler)
                .logoutSuccessUrl("/login");
    }
}

From source file:fr.treeptik.cloudunit.config.SecurityConfiguration.java

/**
 * Protection CSRF is critical for production env and vagrant usecases
 *
 * @param http//from   ww  w . ja va 2 s  . co m
 * @throws Exception
 */

@Profile({ "production", "vagrant" })
private void activateProtectionCRSF(HttpSecurity http) throws Exception {
    // CSRF protection
    http.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(),
            CsrfFilter.class);
}

From source file:jp.pigumer.security.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated();
    http.addFilterAfter(exampleFilter(), BasicAuthenticationFilter.class);
    http.csrf().disable();
}

From source file:jp.pigumer.app.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated();
    http.addFilterAfter(authenticationFilter(), BasicAuthenticationFilter.class);
    http.csrf().disable();
}

From source file:cz.muni.pa165.carparkapp.configuration.MySecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/road.jpg", "/style.css").permitAll();

    http.logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout=true").permitAll();

    http.csrf().disable();

    http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN") // #6
            .anyRequest().authenticated().and().formLogin().loginPage("/login")
            .successHandler(new AuthenticationHandler()).failureUrl("/login?auth=fail").permitAll();

    http.exceptionHandling().accessDeniedPage("/403");
}