List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity headers
public HeadersConfigurer<HttpSecurity> headers() throws Exception
From source file:poc.hortonworks.storm.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.headers().disable().csrf().disable() //TODO Refactor login form .authorizeRequests().antMatchers("/assets/**").permitAll().anyRequest().authenticated().and() .logout().logoutSuccessUrl("/login.html?logout").logoutUrl("/logout.html").permitAll().and() .formLogin().defaultSuccessUrl("/index.html").loginPage("/login.html") .failureUrl("/login.html?error").permitAll(); }
From source file:edu.chalmers.dat076.moviefinder.config.SecurityConfig.java
@Override protected void configure(final HttpSecurity http) throws Exception { http.headers().cacheControl().contentTypeOptions().frameOptions().xssProtection() .addHeaderWriter(new StaticHeadersWriter("X-Content-Security-Policy", "script-src 'self'")) .addHeaderWriter(new StaticHeadersWriter("Content-Security-Policy", "script-src 'self'")); }
From source file:de.dominikschadow.javasecurity.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.headers().contentSecurityPolicy("default-src 'self'"); // @formatter:on }
From source file:de.dominikschadow.javasecurity.csp.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.headers().contentSecurityPolicy("default-src 'self'; frame-ancestors 'none'; reflected-xss block"); // @formatter:on }
From source file:org.openbaton.nfvo.security.authentication.ResourceServer.java
@Override public void configure(HttpSecurity http) throws Exception { http.headers().frameOptions().disable(); boolean enabled = Boolean.parseBoolean(enabledSt); // API calls/*from w ww . j a v a 2 s. co m*/ if (true) { log.info("Security is enabled"); http.authorizeRequests().regexMatchers(HttpMethod.POST, "/api/v1/").access("#oauth2.hasScope('write')") .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER).and() .exceptionHandling(); http.authorizeRequests().antMatchers(HttpMethod.POST, "/api/**").access("#oauth2.hasScope('write')") .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER).and() .exceptionHandling(); http.authorizeRequests().regexMatchers(HttpMethod.GET, "/api/v1/vnf-packages/*/download-with-link") .permitAll(); } else { log.warn("Security is not enabled!"); http.authorizeRequests().anyRequest().permitAll(); } }
From source file:com.projectthree.projectthree.security.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().permitAll(); http.headers().frameOptions().sameOrigin().xssProtection().block(false); }
From source file:com.alehuo.wepas2016projekti.configuration.ProductionSecurityConfiguration.java
/** * Konfiguroi Spring Security -lisosan/*w ww. j a v a2 s . c o m*/ * * @param http * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.headers().frameOptions().sameOrigin(); //Sallitaan psy resurssikansioihin //Kirjautumislokame lytyy GET -reitist /login http.authorizeRequests().antMatchers("/delete/**").hasAuthority(Role.ADMINISTRATOR.toString()) .antMatchers("/js/**", "/css/**", "/manifest.json", "/resources/**", "/register", "/fi_FI.png", "/en_EN.png", "/login**", "/fonts/roboto/**") .permitAll().anyRequest().permitAll().anyRequest().authenticated().and().formLogin() .defaultSuccessUrl("/", true).loginPage("/login").permitAll().and().logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll(); }
From source file:com.alehuo.wepas2016projekti.configuration.DevelopmentSecurityConfiguration.java
/** * Konfiguroi Spring Security -lisosan// w w w. j a va 2 s . co m * @param http * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.headers().frameOptions().sameOrigin(); //Sallitaan psy resurssikansioihin sek H2 -konsoliin // http.csrf().disable(); //Kirjautumislokame lytyy GET -reitist /login http.authorizeRequests().antMatchers("/delete/**").hasAuthority(Role.ADMINISTRATOR.toString()) .antMatchers("/js/**", "/css/**", "/manifest.json", "/resources/**", "/h2-console/**", "/register", "/fi_FI.png", "/en_EN.png", "/login**", "/fonts/roboto/**") .permitAll().anyRequest().permitAll().anyRequest().authenticated().and().formLogin() .defaultSuccessUrl("/", true).loginPage("/login").permitAll().and().logout().permitAll(); }
From source file:com.wiiyaya.consumer.web.initializer.config.SecurityConfig.java
private void configHeaders(HttpSecurity http) throws Exception { http.headers().httpStrictTransportSecurity().requestMatcher(AnyRequestMatcher.INSTANCE) .maxAgeInSeconds(31536000).includeSubDomains(false).and().frameOptions().sameOrigin(); }
From source file:de.pksoftware.springstrap.core.config.WebSecurityConfigBase.java
/** * Configure XFrame Options/*from ww w .j a va 2 s.c o m*/ * @throws Exception */ protected void configureXFrameOptions(HttpSecurity http) throws Exception { http.headers().frameOptions().sameOrigin(); }