List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity exceptionHandling
public ExceptionHandlingConfigurer<HttpSecurity> exceptionHandling() throws Exception
From source file:ch.wisv.areafiftylan.security.SecurityConfiguration.java
/** * This method is responsible for the main security configuration. The formlogin() section defines how to login. * POST requests should be made to /login with a username and password field. Errors are redirected to /login?error. * The logout section is similar./*from w ww. jav a2 s . c o m*/ * <p> * The last section is about permissions. Anything related to Login is accessible for everyone. Use this for * URL-based permissions if that's the best way. Use Method specific permissions if this is not feasible. * <p> * By default, all requests to the API should come from authenticated sources. (USER or ADMIN) * * @param http default parameter * * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { // We use our own exception handling for unauthorized request. THis simply returns a 401 when a request // should have been authenticated. http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint); //@formatter:off http.formLogin().loginProcessingUrl("/login").successHandler(authenticationSuccessHandler) .failureHandler(authenticationFailureHandler).and().logout().logoutUrl("/logout"); //@formatter:on http.csrf(). // This is used for the Mollie webhook, so it shouldn't be protected by CSRF ignoringAntMatchers("/orders/status"). // Don't require CSRF on requests with valid Tokens requireCsrfProtectionMatcher(csrfRequestMatcher). // We also ignore this for Token requests ignoringAntMatchers("/token"). // Ignore the route to request a password reset, no CSRF protection is needed ignoringAntMatchers("/requestResetPassword"); //@formatter:on // This is the filter that adds the CSRF Token to the header. CSRF is enabled by default in Spring, this just // copies the content to the X-CSRF-TOKEN header field. http.addFilterAfter(new CsrfTokenResponseHeaderBindingFilter(), CsrfFilter.class); // Add support for Token-base authentication http.addFilterAfter(new TokenAuthenticationFilter(authenticationTokenRepository), UsernamePasswordAuthenticationFilter.class); }
From source file:com.avaya.subMgmt.server.SecurityConfigAdapter.java
@Override public void configure(HttpSecurity http) throws Exception { // Start configuration http.csrf().disable();//from w ww.ja va 2 s.co m if ("basic".equals(authType)) { http.authorizeRequests().antMatchers("/**").authenticated().and().httpBasic(); } if ("digest".equals(authType)) { http.exceptionHandling().authenticationEntryPoint(digestEntryPoint()); http.authorizeRequests().antMatchers("/**").authenticated().and() .addFilter(digestAuthenticationFilter(digestEntryPoint())); } }
From source file:app.igogo.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); //To change body of generated methods, choose Tools | Templates. http.authorizeRequests().antMatchers("/home").permitAll().antMatchers("/admin").hasRole("ADMIN") .anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout() .permitAll();/*from w w w.ja v a2s . c o m*/ http.exceptionHandling().accessDeniedPage("/403"); }
From source file:shiver.me.timbers.spring.security.integration.SpringSecurityConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.antMatcher("/normal/**"); http.csrf().disable();/*from www. ja v a2 s . c o m*/ http.authorizeRequests().anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/normal/signIn") .permitAll(); http.logout().logoutUrl("/normal/signOut") .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:de.thm.arsnova.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint()); http.csrf().disable();/*from www . ja v a2 s . c o m*/ if (casEnabled) { http.addFilter(casAuthenticationFilter()); http.addFilter(casLogoutFilter()); } if (googleEnabled) { http.addFilterAfter(googleFilter(), CasAuthenticationFilter.class); } if (facebookEnabled) { http.addFilterAfter(facebookFilter(), CasAuthenticationFilter.class); } if (twitterEnabled) { http.addFilterAfter(twitterFilter(), CasAuthenticationFilter.class); } }
From source file:shiver.me.timbers.spring.security.integration.JwtCustomPrincipleSecurityConfigurationAnnotation.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.antMatcher("/custom/**"); http.csrf().disable();/* w ww .java2s.co m*/ http.authorizeRequests().anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/custom/signIn") .permitAll(); http.logout().logoutUrl("/custom/signOut") .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:shiver.me.timbers.spring.security.integration.JwtCustomPrincipleSecurityConfigurationApply.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.apply(jwt());//from w w w .j a v a2s . c o m http.antMatcher("/custom/**"); http.csrf().disable(); http.authorizeRequests().anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/custom/signIn") .permitAll(); http.logout().logoutUrl("/custom/signOut") .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:shiver.me.timbers.spring.security.integration.AllAnnotationAuthenticationConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.antMatcher("/all/**"); http.csrf().disable();/* w ww . j ava2s . c o m*/ http.authorizeRequests().antMatchers("/all/one").access("hasRole('ONE')").antMatchers("/all/two") .access("hasRole('TWO')").anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/all/signIn") .permitAll(); http.logout().logoutUrl("/all/signOut").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:cz.muni.pa165.carparkapp.configuration.MySecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/road.jpg", "/style.css").permitAll(); http.logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout=true").permitAll(); http.csrf().disable();/*from w w w . j ava2 s . c o m*/ http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN") // #6 .anyRequest().authenticated().and().formLogin().loginPage("/login") .successHandler(new AuthenticationHandler()).failureUrl("/login?auth=fail").permitAll(); http.exceptionHandling().accessDeniedPage("/403"); }
From source file:shiver.me.timbers.spring.security.integration.AllApplyAuthenticationConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.apply(jwt());/*from w ww . ja va 2 s . c om*/ http.antMatcher("/all/**"); http.csrf().disable(); http.authorizeRequests().antMatchers("/all/one").access("hasRole('ONE')").antMatchers("/all/two") .access("hasRole('TWO')").anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/all/signIn") .permitAll(); http.logout().logoutUrl("/all/signOut").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }