List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity formLogin
public FormLoginConfigurer<HttpSecurity> formLogin() throws Exception
From source file:com.devnexus.ting.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { HttpSecurity httpSecurity = http.csrf().disable() //TODO Refactor login form .authorizeRequests().antMatchers("/s/admin/cfp**") .hasAnyAuthority("ROLE_ADMIN", "ROLE_CFP_REVIEWER", "ROLE_APP_USER").and().authorizeRequests() .antMatchers("/s/admin/index").hasAnyAuthority("ROLE_ADMIN", "ROLE_CFP_REVIEWER", "ROLE_APP_USER") .and().authorizeRequests().antMatchers("/s/admin/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_APP_USER") .and().authorizeRequests()/* ww w . j a v a2 s. c om*/ .antMatchers("/s/cfp/index**", "/s/cfp/speaker**", "/s/cfp/abstract**", "/s/cfp/add-cfp-success**", "/s/cfp/speaker/**") .hasAnyAuthority("ROLE_ADMIN", "ROLE_APP_USER").and().authorizeRequests().antMatchers("/**") .permitAll().anyRequest().anonymous().and().logout().logoutSuccessUrl("/s/index") .logoutUrl("/s/logout").permitAll().and(); if (environment.getRequiredProperty("server.ssl.enabled", Boolean.class)) { httpSecurity = httpSecurity.requiresChannel().antMatchers("/s/admin/**").requiresSecure().and(); httpSecurity = httpSecurity.requiresChannel().antMatchers("/s/cfp/**").requiresSecure().and(); } final RoleAwareSimpleUrlAuthenticationSuccessHandler successHandler = new RoleAwareSimpleUrlAuthenticationSuccessHandler(); successHandler.setUseReferer(false); successHandler.setTargetUrlParameter("target"); successHandler.setDefaultTargetUrl("/s/admin/index"); httpSecurity.formLogin().loginProcessingUrl("/s/login").loginPage("/s/login") .failureUrl("/s/login?status=error").successHandler(successHandler).permitAll(); http.apply(new SpringSocialConfigurer().postLoginUrl("/s/cfp/index")); }
From source file:br.com.joaops.smt.configuration.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/").authenticated().antMatchers("/login/*").permitAll() .antMatchers("/logout/*").permitAll().antMatchers("/system/user").hasRole("SYSTEM_USER_READ") .antMatchers("/system/user/add").hasRole("SYSTEM_USER_ADD").antMatchers("/system/user/save") .hasRole("SYSTEM_USER_ADD").antMatchers("/system/user/edit/*").hasRole("SYSTEM_USER_EDIT") .antMatchers("/system/user/update").hasRole("SYSTEM_USER_EDIT").antMatchers("/system/user/delete/*") .hasRole("SYSTEM_USER_DELETE").antMatchers("/system/module").hasRole("SYSTEM_MODULE_READ") .antMatchers("/system/module/add").hasRole("SYSTEM_MODULE_ADD").antMatchers("/system/module/save") .hasRole("SYSTEM_MODULE_ADD").antMatchers("/system/module/edit/*").hasRole("SYSTEM_MODULE_EDIT") .antMatchers("/system/module/update").hasRole("SYSTEM_MODULE_EDIT") .antMatchers("/system/module/delete/*").hasRole("SYSTEM_MODULE_DELETE") .antMatchers("/system/permission").hasRole("SYSTEM_PERMISSION_READ") .antMatchers("/system/permission/add").hasRole("SYSTEM_PERMISSION_ADD") .antMatchers("/system/permission/save").hasRole("SYSTEM_PERMISSION_ADD") .antMatchers("/system/permission/edit/*").hasRole("SYSTEM_PERMISSION_EDIT") .antMatchers("/system/permission/update").hasRole("SYSTEM_PERMISSION_EDIT") .antMatchers("/system/permission/delete/*").hasRole("SYSTEM_PERMISSION_DELETE").anyRequest() .authenticated();//from w ww . java2s . c o m http.formLogin().loginPage("/login").loginProcessingUrl("/login/check").failureUrl("/login/error") .defaultSuccessUrl("/", true).usernameParameter("username").passwordParameter("password") .permitAll(); http.logout().logoutUrl("/logout").logoutSuccessUrl("/login").invalidateHttpSession(true) .deleteCookies("JSESSIONID"); http.sessionManagement().maximumSessions(1).and().sessionFixation().newSession(); }
From source file:shiver.me.timbers.security.spring.StatelessWebSecurityConfigurerAdapter.java
@Override protected final void configure(HttpSecurity http) throws Exception { final TokenParser<T> tokenParser = tokenParser(secret); final XAuthTokenHttpServletBinder<T> xAuthTokenHttpServletBinder = xAuthTokenHttpServletBinder(tokenParser); final AuthenticationHttpServletBinder<T> authenticationHttpServletBinder = authenticationHttpServletBinder( xAuthTokenHttpServletBinder, authenticationConverter()); final ExceptionMapper<ServletException> exceptionMapper = servletExceptionExceptionMapper(); if (!customTokenParser) { configure((JwtTokenParser) tokenParser); }//w w w. j av a2s . c o m if (!customXAuthTokenHttpServletBinder) { configure(xAuthTokenHttpServletBinder); } final StatelessAuthenticationSuccessHandler statelessAuthenticationSuccessHandler = statelessAuthenticationSuccessHandler( authenticationHttpServletBinder, simpleUrlAuthenticationSuccessHandler(defaultSuccessUrl()), exceptionMapper); final StatelessAuthenticationFilter statelessAuthenticationFilter = statelessAuthenticationFilter( authenticationHttpServletBinder, exceptionMapper); // Make Spring Security stateless. This means no session will be created by Spring Security, nor will it use any // previously existing session. http.sessionManagement().sessionCreationPolicy(STATELESS); // The CSRF prevention is disabled because it requires the session, which of course is not available in a // stateless application. It also greatly complicates the requirements for the sign in POST request. http.csrf().disable(); // Override the sign in success handler with the stateless implementation. http.formLogin().successHandler(statelessAuthenticationSuccessHandler); // Add our stateless authentication filter before the default sign in filter. The default sign in filter is // still used for the initial sign in, but once a user is authenticated we need to by pass it. http.addFilterBefore(statelessAuthenticationFilter, UsernamePasswordAuthenticationFilter.class); configureFurther(http); }