List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity formLogin
public FormLoginConfigurer<HttpSecurity> formLogin() throws Exception
From source file:net.thewaffleshop.nimbus.security.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // force security on all URLs http.authorizeRequests().antMatchers("/authenticationFailure").permitAll().antMatchers("/register") .permitAll().antMatchers("/webjarslocator/**").permitAll().anyRequest().hasRole("USER"); // configure login http.formLogin().loginPage("/").failureHandler(forwardingAuthenticationHandler()) .successHandler(forwardingAuthenticationHandler()).loginProcessingUrl("/authenticate") .usernameParameter("userName").passwordParameter("password").permitAll(); }
From source file:sample.web.WebSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests()//from ww w . ja va 2 s . c om .antMatchers("/", "/cart/**", "/category/**", "/product/**", "/item/**", "/search/**", "/account/add", "/images/**", "/css/**", "/js/**", "/webjars/**") .permitAll().anyRequest().authenticated(); http.formLogin().loginPage("/signin").permitAll().and().logout().logoutUrl("/signout").permitAll(); http.rememberMe().tokenRepository(persistentTokenRepository()); }
From source file:com.hp.autonomy.frontend.find.idol.beanconfiguration.IdolSecurityCustomizerImpl.java
@SuppressWarnings("ProhibitedExceptionDeclared") @Override/*www .j a va 2s . c o m*/ public void customize(final HttpSecurity http, final AuthenticationManager authenticationManager) throws Exception { final AuthenticationSuccessHandler successHandler = new IdolLoginSuccessHandler(FindController.CONFIG_PATH, FindController.APP_PATH, FindRole.CONFIG.toString(), authenticationInformationRetriever); http.formLogin().loginPage(FindController.DEFAULT_LOGIN_PAGE).loginProcessingUrl("/authenticate") .successHandler(successHandler).failureUrl(FindController.DEFAULT_LOGIN_PAGE + "?error=auth"); }
From source file:com.miserablemind.butter.security.WebSecurityContext.java
/** * Main configuration method that defines the protected pages, log in form parameters, remember me and access {@link AccessDeniedHandler}. * * @param http A {@link HttpSecurity}. It is similar to Spring Security's XML <http> element in the namespace configuration. * @throws Exception//ww w. j a va2 s. c o m */ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/login", "/signup", "/error/**", "/reset-password/**", "/forgot-password/**", "/js/**", "/img/**", "/css/**").permitAll().anyRequest() .access("hasRole('ROLE_USER')"); http.formLogin().loginPage("/login").failureUrl("/login?error=true").passwordParameter("password") .usernameParameter("username").loginProcessingUrl("/login-submit").defaultSuccessUrl("/"); http.csrf().disable(); http.logout().invalidateHttpSession(true).logoutUrl("/logout-success"); http.rememberMe().key(this.configSystem.getRememberMeKey()).rememberMeServices(this.rememberMeServices()); http.exceptionHandling().accessDeniedHandler(this.accessDeniedHandler); }
From source file:shiver.me.timbers.spring.security.integration.JwtAnnotationSecurityConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(STATELESS); http.antMatcher("/jwt/**"); http.csrf().disable();/*from w ww . java 2s . co m*/ http.authorizeRequests().antMatchers("/jwt/one").access("hasRole('ONE')").antMatchers("/jwt/two") .access("hasRole('TWO')").anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/jwt/signIn") .permitAll(); http.logout().logoutUrl("/jwt/signOut").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:shiver.me.timbers.spring.security.integration.JwtApplySecurityConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(STATELESS); http.apply(jwt());// w w w . ja va 2 s .c o m http.antMatcher("/jwt/**"); http.csrf().disable(); http.authorizeRequests().antMatchers("/jwt/one").access("hasRole('ONE')").antMatchers("/jwt/two") .access("hasRole('TWO')").anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/jwt/signIn") .permitAll(); http.logout().logoutUrl("/jwt/signOut").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:ch.wisv.areafiftylan.security.SecurityConfiguration.java
/** * This method is responsible for the main security configuration. The formlogin() section defines how to login. * POST requests should be made to /login with a username and password field. Errors are redirected to /login?error. * The logout section is similar./*from w w w .j a v a 2 s . c o m*/ * <p> * The last section is about permissions. Anything related to Login is accessible for everyone. Use this for * URL-based permissions if that's the best way. Use Method specific permissions if this is not feasible. * <p> * By default, all requests to the API should come from authenticated sources. (USER or ADMIN) * * @param http default parameter * * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { // We use our own exception handling for unauthorized request. THis simply returns a 401 when a request // should have been authenticated. http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint); //@formatter:off http.formLogin().loginProcessingUrl("/login").successHandler(authenticationSuccessHandler) .failureHandler(authenticationFailureHandler).and().logout().logoutUrl("/logout"); //@formatter:on http.csrf(). // This is used for the Mollie webhook, so it shouldn't be protected by CSRF ignoringAntMatchers("/orders/status"). // Don't require CSRF on requests with valid Tokens requireCsrfProtectionMatcher(csrfRequestMatcher). // We also ignore this for Token requests ignoringAntMatchers("/token"). // Ignore the route to request a password reset, no CSRF protection is needed ignoringAntMatchers("/requestResetPassword"); //@formatter:on // This is the filter that adds the CSRF Token to the header. CSRF is enabled by default in Spring, this just // copies the content to the X-CSRF-TOKEN header field. http.addFilterAfter(new CsrfTokenResponseHeaderBindingFilter(), CsrfFilter.class); // Add support for Token-base authentication http.addFilterAfter(new TokenAuthenticationFilter(authenticationTokenRepository), UsernamePasswordAuthenticationFilter.class); }
From source file:com.marklogic.samplestack.mock.MockApplicationSecurity.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers(HttpMethod.GET, "/session", "/questions/**", "/tags/**").permitAll() .and().authorizeRequests().antMatchers(HttpMethod.POST, "/search").permitAll().and() .authorizeRequests().antMatchers("/questions/**", "/contributors/**").authenticated().and() .authorizeRequests().anyRequest().denyAll(); http.formLogin().failureHandler(failureHandler).successHandler(successHandler).permitAll().and().logout() .logoutSuccessHandler(logoutSuccessHandler).permitAll(); http.csrf().disable();/*from w w w . j a va 2 s . c om*/ http.exceptionHandling().authenticationEntryPoint(entryPoint) .accessDeniedHandler(samplestackAccessDeniedHandler); }
From source file:com.marklogic.samplestack.security.ApplicationSecurity.java
@Override /**// ww w . j a va 2s . c o m * Standard practice in Spring Security is to provide * this implementation method for building security. This method * configures the endpoints' security characteristics. * @param http Security object projided by the framework. */ protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers(HttpMethod.GET, "/session", "/questions/**", "/tags/**").permitAll() .and().authorizeRequests().antMatchers(HttpMethod.POST, "/search").permitAll().and() .authorizeRequests().antMatchers("/questions/**", "/contributors/**").authenticated().and() .authorizeRequests().anyRequest().denyAll(); http.formLogin().failureHandler(failureHandler).successHandler(successHandler).permitAll().and().logout() .logoutSuccessHandler(logoutSuccessHandler).permitAll(); http.csrf().disable(); http.exceptionHandling().authenticationEntryPoint(entryPoint) .accessDeniedHandler(samplestackAccessDeniedHandler); }
From source file:ch.javaee.basicMvc.config.SecurityConfig.java
/** * @param http// w w w . j ava2s . com * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/users**", "/sessions/**").hasRole("ADMIN") // // everybody can access the main page ("/") and the signup page ("/signup") .antMatchers("/assets/**", "/", "/login", "/signup", "/public/**").permitAll().anyRequest() .hasRole("USER") ; FormLoginConfigurer formLoginConfigurer = http.formLogin(); formLoginConfigurer.loginPage("/login").failureUrl("/login/failure").defaultSuccessUrl("/login/success") .permitAll(); LogoutConfigurer logoutConfigurer = http.logout(); logoutConfigurer.logoutUrl("/logout").logoutSuccessUrl("/logout/success"); }