List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity exceptionHandling
public ExceptionHandlingConfigurer<HttpSecurity> exceptionHandling() throws Exception
From source file:com.create.application.configuration.security.ResourceServerConfiguration.java
@Override public void configure(HttpSecurity http) throws Exception { http.exceptionHandling().authenticationEntryPoint(accessForbiddenEntryPoint).and().logout() .logoutUrl("/oauth/logout").logoutSuccessHandler(logoutSuccessHandler).and().csrf() .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable().headers() .frameOptions().disable().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().anyRequest() .authenticated();//from w w w .ja va 2s . c o m }
From source file:de.sainth.recipe.backend.security.SecurityTokenAdapter.java
@Override protected void configure(HttpSecurity http) throws Exception { http.exceptionHandling().authenticationEntryPoint(getAuthenticationEntryPoint()) .accessDeniedHandler(getAccessDeniedHandler()).and().authorizeRequests().anyRequest() .authenticated().and()//from w ww. j ava 2s . co m .addFilterAfter(new AuthFilter(properties, userRepository), ExceptionTranslationFilter.class); }
From source file:com.coinblesk.server.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.exceptionHandling().authenticationEntryPoint(http401UnauthorizedEntryPoint).and().csrf().disable() .headers().frameOptions().sameOrigin() // To allow h2 console .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests()//from w w w.ja v a 2 s .c o m // .antMatchers("/").permitAll() .antMatchers(REQUIRE_USER_ROLE).hasAuthority(UserRole.USER.getAuthority()) .antMatchers(REQUIRE_ADMIN_ROLE).hasAuthority(UserRole.ADMIN.getAuthority()).and() .apply(securityConfigurerAdapter()); }
From source file:business.security.HttpSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()).and() .userDetailsService(userDetailsService()).formLogin().permitAll() .failureHandler(authenticationFailureHandler).and().logout().permitAll() .logoutSuccessUrl("/#/login").and().authorizeRequests().antMatchers("/admin/**") .access("hasRole('palga')").and().authorizeRequests() .antMatchers("/", "/robots.txt", "/public/labs/**", "/password/request-new", "/password/reset", "/index.html", "/bower_components/**", "/app/**", "/js/**", "/messages/**", "/css/**", "/*.ico", "/images/**") .permitAll().antMatchers(HttpMethod.POST, "/register/users").permitAll() .antMatchers(HttpMethod.POST, "/register/users/**").permitAll() .antMatchers(HttpMethod.GET, "/register/users/activate/**").permitAll() .antMatchers(HttpMethod.GET, "/status").permitAll().antMatchers(HttpMethod.GET, "/ping").permitAll() .anyRequest().authenticated().and().addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class).csrf() .csrfTokenRepository(csrfTokenRepository()).and().headers() .addHeaderWriter(new StaticHeadersWriter("Content-Security-Policy-Report-Only", "default-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:")); }
From source file:es.galvarez.rest.config.SpringSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.exceptionHandling().authenticationEntryPoint(basicAuthenticationEntryPoint()).and().sessionManagement() .enableSessionUrlRewriting(false).sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/api/**").permitAll().and() .authorizeRequests().antMatchers("/api/**").authenticated().and().httpBasic() .authenticationEntryPoint(basicAuthenticationEntryPoint()).and().csrf().disable(); // @formatter:on }
From source file:fi.helsinki.opintoni.config.LocalSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable();/*from w ww . j a v a 2s . c o m*/ http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint); http.formLogin().permitAll().loginPage("/login").loginProcessingUrl("/login").usernameParameter("username") .passwordParameter("password").successHandler(authSuccessHandler) .failureHandler(authFailureHandler); http.logout().logoutUrl("/logout").permitAll().logoutSuccessHandler(localLogoutSuccessHandler); http.sessionManagement().maximumSessions(1); http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/error").permitAll() .antMatchers("/login").permitAll().antMatchers("/redirect").permitAll() .antMatchers("/api/public/v1/**").permitAll().antMatchers("/api/private/v1/admin/*") .hasIpAddress("127.0.0.1").antMatchers("/api/admin/**").access(Constants.ADMIN_ROLE_REQUIRED) .anyRequest().authenticated(); }
From source file:fr.univlorraine.mondossierweb.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.exceptionHandling().authenticationEntryPoint(casEntryPoint()).and().headers().frameOptions().disable() .authorizeRequests().anyRequest().authenticated().and() .addFilterBefore(singleSignOutFilter(), LogoutFilter.class) .addFilter(new LogoutFilter(environment.getRequiredProperty("cas.url") + "/logout", new SecurityContextLogoutHandler())) .addFilter(casAuthenticationFilter()) // La protection Spring Security contre le Cross Scripting Request Forgery est dsactive, Vaadin implmente sa propre protection .csrf().disable();/*from w w w . java2 s. c o m*/ }
From source file:io.getlime.security.powerauth.app.rest.api.spring.configuration.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().disable();//w w w. j av a 2 s .c o m http.csrf().disable(); http.authorizeRequests().antMatchers("/secured/**").fullyAuthenticated(); http.exceptionHandling().authenticationEntryPoint(apiAuthenticationEntryPoint); }
From source file:de.pksoftware.springstrap.core.config.WebSecurityConfigBase.java
protected void configureAuthenticationEntryPoint(HttpSecurity http) throws Exception { // Register custom authentication entry point http.exceptionHandling().authenticationEntryPoint(authEntryPointBean()); }
From source file:org.opendatakit.configuration.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { logger.info("Setting up authentication."); http.exceptionHandling().authenticationEntryPoint(delegatingAuthenticationEntryPoint()); // We have a choice here; stateless OR enable sessions and use CSRF. http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.csrf().disable();/*from w ww . j av a 2 s . c om*/ http.authorizeRequests().antMatchers("/").permitAll(); http.authorizeRequests().antMatchers("/healthcheck").permitAll(); http.authorizeRequests().antMatchers("/swagger.json").permitAll(); http.authorizeRequests().antMatchers("/favicon.ico").permitAll(); http.authorizeRequests().antMatchers("/index.html").permitAll(); http.authorizeRequests().antMatchers("/swagger/**").permitAll(); http.authorizeRequests().antMatchers("/images/**").permitAll(); http.authorizeRequests().antMatchers("/odktables/**").hasRole("SYNCHRONIZE_TABLES"); http.authorizeRequests().antMatchers("/users/list").hasRole("USER"); // Backwards compatible // with aggregate http.authorizeRequests().antMatchers("/roles/granted").hasRole("USER"); // Backwards compatible // with aggregate http.authorizeRequests().antMatchers("/admin/**").hasRole("SITE_ACCESS_ADMIN"); // This is where we are currently enabling a fallback to Basic Authentication. // We may wish to remove this, as it is not very secure. On the other hand, we're not requiring // anyone to use it. http.authorizeRequests().antMatchers("/**").authenticated().and() .addFilterBefore(basicAuthenticationFilter(), AnonymousAuthenticationFilter.class) .addFilterAt(anonymousFilter(), AnonymousAuthenticationFilter.class) .addFilter(digestAuthenticationFilter()); }