List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity csrf
public CsrfConfigurer<HttpSecurity> csrf() throws Exception
From source file:rest.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/resources/**").permitAll().and().exceptionHandling().and() .httpBasic();/*from w ww. j a v a 2 s.co m*/ http.csrf().disable(); }
From source file:ru.langboost.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // http.authorizeRequests() // .antMatchers("/protected/**").access("hasRole('ROLE_ADMIN')"); http.csrf().disable();// http.formLogin().loginPage("/login").defaultSuccessUrl("/", false); http.httpBasic().realmName("Protected API"); // http.authorizeRequests().anyRequest(); }
From source file:eu.freme.broker.security.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .exceptionHandling().authenticationEntryPoint(unauthorizedEntryPoint()); AuthenticationFilter authenticationFilter = new AuthenticationFilter(authenticationManager()); //FilterRegistrationBean registration = new FilterRegistrationBean(authenticationFilter); //registration.setOrder(0); http.addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class).addFilterBefore( new ManagementEndpointAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class); }
From source file:coral.reef.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/admin/**").authenticated().antMatchers("/actuator/**") .authenticated().anyRequest().permitAll().and().httpBasic(); http.csrf().disable(); }
From source file:cn.org.once.cstack.config.SecurityConfiguration.java
/** * Protection CSRF is critical for production env only * * @param http// w w w .j ava 2s . c o m * @throws Exception */ @Profile({ "production" }) private void activateProtectionCRSF(HttpSecurity http) throws Exception { // CSRF protection http.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class); }
From source file:eu.openanalytics.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http // must disable or handle in proxy .csrf().disable()//w ww . j ava 2s . c o m // disable X-Frame-Options .headers().frameOptions().sameOrigin(); if (hasAuth(environment)) { // Limit access to the app pages http.authorizeRequests().antMatchers("/login").permitAll(); for (ShinyApp app : appService.getApps()) { String[] appRoles = appService.getAppRoles(app.getName()); if (appRoles != null && appRoles.length > 0) http.authorizeRequests().antMatchers("/app/" + app.getName()).hasAnyRole(appRoles); } // Limit access to the admin pages http.authorizeRequests().antMatchers("/admin").hasAnyRole(userService.getAdminRoles()); // All other pages are available to authenticated users http.authorizeRequests().anyRequest().fullyAuthenticated(); http.formLogin().loginPage("/login").and().logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessHandler(logoutHandler) .logoutSuccessUrl("/login"); } }
From source file:fr.treeptik.cloudunit.config.SecurityConfiguration.java
/** * Protection CSRF is critical for production env and vagrant usecases * * @param http//from ww w . ja va 2 s . co m * @throws Exception */ @Profile({ "production", "vagrant" }) private void activateProtectionCRSF(HttpSecurity http) throws Exception { // CSRF protection http.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class); }
From source file:jp.pigumer.security.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated(); http.addFilterAfter(exampleFilter(), BasicAuthenticationFilter.class); http.csrf().disable(); }
From source file:jp.pigumer.app.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated(); http.addFilterAfter(authenticationFilter(), BasicAuthenticationFilter.class); http.csrf().disable(); }
From source file:cz.muni.pa165.carparkapp.configuration.MySecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/road.jpg", "/style.css").permitAll(); http.logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout=true").permitAll(); http.csrf().disable(); http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN") // #6 .anyRequest().authenticated().and().formLogin().loginPage("/login") .successHandler(new AuthenticationHandler()).failureUrl("/login?auth=fail").permitAll(); http.exceptionHandling().accessDeniedPage("/403"); }