List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity httpBasic
public HttpBasicConfigurer<HttpSecurity> httpBasic() throws Exception
From source file:io.getlime.security.powerauth.app.server.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { if (configuration.getRestrictAccess()) { http.authorizeRequests().antMatchers("/rest/**").authenticated().anyRequest().permitAll().and() .httpBasic().authenticationEntryPoint(authenticationEntryPoint()).and().csrf().disable(); } else {//from www. ja v a2s . c om http.httpBasic().disable().csrf().disable(); } }
From source file:jp.pigumer.sso.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable();//w w w . java2s . co m http.authorizeRequests().antMatchers("/", "/saml/**").permitAll().anyRequest().authenticated(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.logout().logoutSuccessUrl("/"); }
From source file:uk.co.caprica.bootlace.security.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { // Unsecured access must be allowed to the application root, the default welcome page, all // of the URLs for the application routes, and all of the assets (Javascript/CSS etc) and // components (HTML partials for AngularJS templates) http.httpBasic().and().authorizeRequests() .antMatchers("/", "/index.html", "/app/**", "/assets/**", "/components/**").permitAll().anyRequest() .authenticated().and().csrf().csrfTokenRepository(csrfTokenRepository()).and() .addFilterAfter(new AngularJsCsrfHeaderFilter(), SessionManagementFilter.class).logout() .logoutSuccessHandler(logoutSuccessHandler()); }
From source file:io.gravitee.management.security.config.basic.BasicSecurityConfigurerAdapter.java
@Override protected void configure(HttpSecurity http) throws Exception { final String jwtSecret = environment.getProperty("jwt.secret"); if (jwtSecret == null || jwtSecret.isEmpty()) { throw new IllegalStateException("JWT secret is mandatory"); }//from w w w. j av a2s. c o m http.httpBasic().realmName("Gravitee.io Management API").and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests() .antMatchers(HttpMethod.OPTIONS, "**").permitAll().antMatchers(HttpMethod.GET, "/user/**") .permitAll() // API requests .antMatchers(HttpMethod.GET, "/apis/**").permitAll().antMatchers(HttpMethod.POST, "/apis/**") .hasAnyAuthority("ADMIN", "API_PUBLISHER").antMatchers(HttpMethod.PUT, "/apis/**") .hasAnyAuthority("ADMIN", "API_PUBLISHER").antMatchers(HttpMethod.DELETE, "/apis/**") .hasAnyAuthority("ADMIN", "API_PUBLISHER") // Application requests .antMatchers(HttpMethod.POST, "/applications/**").hasAnyAuthority("ADMIN", "API_CONSUMER") .antMatchers(HttpMethod.PUT, "/applications/**").hasAnyAuthority("ADMIN", "API_CONSUMER") .antMatchers(HttpMethod.DELETE, "/applications/**").hasAnyAuthority("ADMIN", "API_CONSUMER") // Instance requests .antMatchers(HttpMethod.GET, "/instances/**").hasAuthority("ADMIN").anyRequest().authenticated() .and().csrf().disable().addFilterAfter(corsFilter(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterBefore(new JWTAuthenticationFilter(jwtCookieGenerator, jwtSecret), BasicAuthenticationFilter.class) .addFilterAfter( new AuthenticationSuccessFilter(jwtCookieGenerator, jwtSecret, environment.getProperty("jwt.issuer", DEFAULT_JWT_ISSUER), environment .getProperty("jwt.expire-after", Integer.class, DEFAULT_JWT_EXPIRE_AFTER)), BasicAuthenticationFilter.class); }
From source file:de.chludwig.websec.saml2sp.springconfig.SamlSpringSecurityConfig.java
/** * Defines the web based security configuration. * * @param http//from w w w . ja va 2 s . c om * It allows configuring web based security for specific http requests. * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.authorizeRequests().antMatchers(PW_LOGIN_PAGE_PATH).denyAll() // don't offer local login form in SAML SSO scenario .antMatchers(START_PAGE_PATH).permitAll() // .antMatchers(ERROR_PAGE_PATH).permitAll() // .antMatchers("/saml/**").permitAll() // .antMatchers(AUTHENTICATED_PAGE_PATH).authenticated() // .antMatchers(ANONYMOUS_PAGE_PATH).anonymous() // .antMatchers(USER_ROLE_PAGE_PATH).hasAuthority(RoleId.USER_ROLE_ID.getId()) // .antMatchers(ADMIN_ROLE_PAGE_PATH).hasAuthority(RoleId.ADMIN_ROLE_ID.getId()) // .anyRequest().authenticated(); http.logout().logoutSuccessUrl("/"); }
From source file:com.vdenotaris.spring.boot.security.saml.web.config.WebSecurityConfig.java
/** * Defines the web based security configuration. * //from ww w.java2 s .c o m * @param http It allows configuring web based security for specific http requests. * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/error").permitAll() .antMatchers("/saml/**").permitAll().anyRequest().authenticated(); http.logout().logoutSuccessUrl("/"); }
From source file:org.appverse.web.framework.backend.security.oauth2.resourceserver.configuration.jwtstore.ResourceServerWithJWTStoreConfigurerAdapter.java
@Override public void configure(HttpSecurity http) throws Exception { // In this OAuth2 scenario with implicit flow we both login the user and obtain the token // in the same endpoint (/oauth/authorize). User credentials will be passed as "username" and // "password" form. // This might be different in other scenarios, for instance if we wanted to implement // authorization code flow to support token refresh. http.httpBasic().disable() // Test filter gives problems because is redirecting to / is not saving the request to redirect properly .logout().logoutUrl(apiPath + oauth2LogoutEndpointPath).logoutSuccessHandler(oauth2LogoutHandler()); if (swagerEnabled) { if (!swaggerCloudMode) { // If swagger is enabled and we are not in 'cloud mode' (behind a Zuul OAuth2 enabled proxy) // we need to permit certain URLs and resources for Swagger UI to work with OAuth2 http.authorizeRequests().antMatchers(swaggerOauth2AllowedUrlsAntMatchers.split(",")).permitAll(); }/* ww w . j av a 2 s.c o m*/ } else { http.authorizeRequests().antMatchers(swaggerOauth2AllowedUrlsAntMatchers.split(",")).denyAll(); } http.authorizeRequests().anyRequest().authenticated(); }
From source file:com.naveen.demo.config.Saml2SSOConfig.java
/** * Defines the web based security configuration. * //www.j av a 2 s.co m * @param http It allows configuring web based security for specific http requests. * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/js/**", "/libs/**", "/login**").permitAll(); http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.antMatcher("/login/**").authorizeRequests().anyRequest().authenticated(); /* http .authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/error").permitAll() .antMatchers("/saml/**").permitAll() .anyRequest().authenticated();*/ http.logout().logoutSuccessUrl("/"); }
From source file:com.github.lynxdb.server.api.http.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable();//w ww. j av a 2s . c o m http.antMatcher("/api/**").authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll() .antMatchers(EpAggregators.ENDPOINT, EpQuery.ENDPOINT, EpSuggest.ENDPOINT) .hasAnyRole(User.Rank.RO_USER.name(), User.Rank.RW_USER.name(), User.Rank.ADMIN.name()) .antMatchers(HttpMethod.POST, EpPut.ENDPOINT) .hasAnyRole(User.Rank.RW_USER.name(), User.Rank.ADMIN.name()) .antMatchers(EpUser.ENDPOINT, EpVhost.ENDPOINT).hasRole(User.Rank.ADMIN.name()); http.httpBasic().realmName("Lynx"); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); }
From source file:com.sothawo.taboo2.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { boolean requireSsl = securityProperties.isRequireSsl(); boolean basicEnabled = securityProperties.getBasic().isEnabled(); log.debug("configuring http, requires ssl: {}, basic authentication: {}", requireSsl, basicEnabled); if (requireSsl) { http.requiresChannel().anyRequest().requiresSecure(); }/*from w w w .j av a2 s. c o m*/ if (basicEnabled) { // authentication for the taboo2 service only, the app itself doesn't need use it to display it's own login // form. http.authorizeRequests().antMatchers("/taboo2/**").authenticated().anyRequest().permitAll(); } http.httpBasic().realmName("taboo2"); http.csrf().disable(); }