List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity logout
public LogoutConfigurer<HttpSecurity> logout() throws Exception
From source file:com.netflix.genie.web.security.saml.SAMLConfig.java
/** * Defines the web based security configuration. * * @param http It allows configuring web based security for specific http requests. * @throws Exception on any error//w w w .ja v a2 s. c o m */ @Override protected void configure(final HttpSecurity http) throws Exception { // @formatter:off http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.antMatcher("/**").authorizeRequests().antMatchers("/actuator/**").permitAll().antMatchers("/api/**") .permitAll().antMatchers("/error").permitAll().antMatchers("/saml/**").permitAll().anyRequest() .authenticated().and().x509().authenticationUserDetailsService(this.x509UserDetailsService); http.logout().logoutSuccessUrl("/"); // @formatter:on }
From source file:com.netflix.genie.security.saml.SAMLConfig.java
/** * Defines the web based security configuration. * * @param http It allows configuring web based security for specific http requests. * @throws Exception on any error/*from w w w .j a v a 2s .com*/ */ @Override protected void configure(final HttpSecurity http) throws Exception { // @formatter:off http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.antMatcher("/**").authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll() .antMatchers("/api/**").permitAll().antMatchers("/error").permitAll().antMatchers("/saml/**") .permitAll().anyRequest().authenticated().and().x509() .authenticationUserDetailsService(this.x509UserDetailsService); http.logout().logoutSuccessUrl("/"); // @formatter:on }
From source file:de.chludwig.websec.saml2sp.springconfig.SamlSpringSecurityConfig.java
/** * Defines the web based security configuration. * * @param http//from www. j a va2s . c o m * It allows configuring web based security for specific http requests. * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.authorizeRequests().antMatchers(PW_LOGIN_PAGE_PATH).denyAll() // don't offer local login form in SAML SSO scenario .antMatchers(START_PAGE_PATH).permitAll() // .antMatchers(ERROR_PAGE_PATH).permitAll() // .antMatchers("/saml/**").permitAll() // .antMatchers(AUTHENTICATED_PAGE_PATH).authenticated() // .antMatchers(ANONYMOUS_PAGE_PATH).anonymous() // .antMatchers(USER_ROLE_PAGE_PATH).hasAuthority(RoleId.USER_ROLE_ID.getId()) // .antMatchers(ADMIN_ROLE_PAGE_PATH).hasAuthority(RoleId.ADMIN_ROLE_ID.getId()) // .anyRequest().authenticated(); http.logout().logoutSuccessUrl("/"); }
From source file:scratch.cucumber.example.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { // The http.formLogin().defaultSuccessUrl("/path/") method is required when using stateless Spring Security // because the session cannot be used to redirect to the page that was requested while signed out. Unfortunately // using this configuration method will cause our custom success handler (below) to be overridden with the // default success handler. So to replicate the defaultSuccessUrl("/path/") configuration we will instead // correctly configure and delegate to the default success handler. final SimpleUrlAuthenticationSuccessHandler delegate = new SimpleUrlAuthenticationSuccessHandler(); delegate.setDefaultTargetUrl("/spring/"); // Make Spring Security stateless. This means no session will be created by Spring Security, nor will it use any // previously existing session. http.sessionManagement().sessionCreationPolicy(STATELESS); // Disable the CSRF prevention because it requires the session, which of course is not available in a // stateless application. It also greatly complicates the requirements for the sign in POST request. http.csrf().disable();//www. j av a2 s.c o m // Viewing any page requires authentication. http.authorizeRequests().anyRequest().authenticated(); http.formLogin() // Viewing the sign in page does not require authentication. .loginPage("/spring/signIn").permitAll() // Override the sign in success handler with our stateless implementation. This will update the response // with any headers and cookies that are required for subsequent authenticated requests. .successHandler(new StatelessAuthenticationSuccessHandler(authenticationBinder, delegate)); http.logout().logoutUrl("/spring/signOut").logoutSuccessUrl("/spring/"); // Add our stateless authentication filter before the default sign in filter. The default sign in filter is // still used for the initial sign in, but if a user is authenticated we need to acknowledge this before it is // reached. http.addFilterBefore(new StatelessAuthenticationFilter(authenticationBinder, securityContextHolder), UsernamePasswordAuthenticationFilter.class); }
From source file:br.com.joaops.smt.configuration.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/").authenticated().antMatchers("/login/*").permitAll() .antMatchers("/logout/*").permitAll().antMatchers("/system/user").hasRole("SYSTEM_USER_READ") .antMatchers("/system/user/add").hasRole("SYSTEM_USER_ADD").antMatchers("/system/user/save") .hasRole("SYSTEM_USER_ADD").antMatchers("/system/user/edit/*").hasRole("SYSTEM_USER_EDIT") .antMatchers("/system/user/update").hasRole("SYSTEM_USER_EDIT").antMatchers("/system/user/delete/*") .hasRole("SYSTEM_USER_DELETE").antMatchers("/system/module").hasRole("SYSTEM_MODULE_READ") .antMatchers("/system/module/add").hasRole("SYSTEM_MODULE_ADD").antMatchers("/system/module/save") .hasRole("SYSTEM_MODULE_ADD").antMatchers("/system/module/edit/*").hasRole("SYSTEM_MODULE_EDIT") .antMatchers("/system/module/update").hasRole("SYSTEM_MODULE_EDIT") .antMatchers("/system/module/delete/*").hasRole("SYSTEM_MODULE_DELETE") .antMatchers("/system/permission").hasRole("SYSTEM_PERMISSION_READ") .antMatchers("/system/permission/add").hasRole("SYSTEM_PERMISSION_ADD") .antMatchers("/system/permission/save").hasRole("SYSTEM_PERMISSION_ADD") .antMatchers("/system/permission/edit/*").hasRole("SYSTEM_PERMISSION_EDIT") .antMatchers("/system/permission/update").hasRole("SYSTEM_PERMISSION_EDIT") .antMatchers("/system/permission/delete/*").hasRole("SYSTEM_PERMISSION_DELETE").anyRequest() .authenticated();// ww w .ja v a 2 s . c o m http.formLogin().loginPage("/login").loginProcessingUrl("/login/check").failureUrl("/login/error") .defaultSuccessUrl("/", true).usernameParameter("username").passwordParameter("password") .permitAll(); http.logout().logoutUrl("/logout").logoutSuccessUrl("/login").invalidateHttpSession(true) .deleteCookies("JSESSIONID"); http.sessionManagement().maximumSessions(1).and().sessionFixation().newSession(); }
From source file:com.erudika.para.security.SecurityConfig.java
/** * Configures the protected private resources * * @param http HTTP sec object//from w ww . j a v a 2s. co m * @throws Exception ex */ @Override protected void configure(HttpSecurity http) throws Exception { String[] defRoles = { "USER", "MOD", "ADMIN" }; Map<String, String> confMap = Config.getConfigMap(); ConfigObject c = Config.getConfig().getObject("security.protected"); ConfigValue apiSec = Config.getConfig().getValue("security.api_security"); boolean enableRestFilter = apiSec != null && Boolean.TRUE.equals(apiSec.unwrapped()); for (String key : c.keySet()) { ConfigValue cv = c.get(key); ArrayList<String> patterns = new ArrayList<String>(); ArrayList<String> roles = new ArrayList<String>(); // if API security is disabled don't add any API related patterns // to the list of protected resources if (!"api".equals(key) || enableRestFilter) { for (ConfigValue configValue : (ConfigList) cv) { if (configValue instanceof List) { for (ConfigValue role : (ConfigList) configValue) { roles.add(((String) role.unwrapped()).toUpperCase()); } } else { patterns.add((String) configValue.unwrapped()); } } String[] rolz = (roles.isEmpty()) ? defRoles : roles.toArray(new String[0]); http.authorizeRequests().antMatchers(patterns.toArray(new String[0])).hasAnyRole(rolz); } } if (Config.getConfigParamUnwrapped("security.csrf_protection", true)) { CachedCsrfTokenRepository str = new CachedCsrfTokenRepository(); Para.injectInto(str); http.csrf().requireCsrfProtectionMatcher(new RequestMatcher() { private final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$"); private final RegexRequestMatcher authEndpoints = new RegexRequestMatcher("^/\\w+_auth$", null); public boolean matches(HttpServletRequest request) { boolean matches = !RestRequestMatcher.INSTANCE.matches(request) && !IgnoredRequestMatcher.INSTANCE.matches(request) && !authEndpoints.matches(request) && !allowedMethods.matcher(request.getMethod()).matches(); return matches; } }).csrfTokenRepository(str); } else { http.csrf().disable(); } http.sessionManagement().enableSessionUrlRewriting(false); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER); http.sessionManagement().sessionAuthenticationStrategy(new NullAuthenticatedSessionStrategy()); http.exceptionHandling() .authenticationEntryPoint(new SimpleAuthenticationEntryPoint(confMap.get("security.signin"))); http.exceptionHandling() .accessDeniedHandler(new SimpleAccessDeniedHandler(confMap.get("security.access_denied"))); http.requestCache().requestCache(new SimpleRequestCache()); http.logout().logoutUrl(confMap.get("security.signout")) .logoutSuccessUrl(confMap.get("security.signout_success")); SimpleAuthenticationSuccessHandler successHandler = new SimpleAuthenticationSuccessHandler(); successHandler.setDefaultTargetUrl(confMap.get("security.signin_success")); successHandler.setTargetUrlParameter(confMap.get("security.returnto")); successHandler.setUseReferer(true); SimpleAuthenticationFailureHandler failureHandler = new SimpleAuthenticationFailureHandler(); failureHandler.setDefaultFailureUrl(confMap.get("security.signin_failure")); SimpleRememberMeServices tbrms = new SimpleRememberMeServices(Config.APP_SECRET_KEY, new SimpleUserService()); tbrms.setAlwaysRemember(true); tbrms.setTokenValiditySeconds(Config.SESSION_TIMEOUT_SEC.intValue()); tbrms.setCookieName(Config.AUTH_COOKIE); tbrms.setParameter(Config.AUTH_COOKIE.concat("-remember-me")); http.rememberMe().rememberMeServices(tbrms); PasswordAuthFilter passwordFilter = new PasswordAuthFilter("/" + PasswordAuthFilter.PASSWORD_ACTION); passwordFilter.setAuthenticationManager(authenticationManager()); passwordFilter.setAuthenticationSuccessHandler(successHandler); passwordFilter.setAuthenticationFailureHandler(failureHandler); passwordFilter.setRememberMeServices(tbrms); OpenIDAuthFilter openidFilter = new OpenIDAuthFilter("/" + OpenIDAuthFilter.OPENID_ACTION); openidFilter.setAuthenticationManager(authenticationManager()); openidFilter.setConsumer(new OpenID4JavaConsumer(new SimpleAxFetchListFactory())); openidFilter.setReturnToUrlParameters(Collections.singleton(confMap.get("security.returnto"))); openidFilter.setAuthenticationSuccessHandler(successHandler); openidFilter.setAuthenticationFailureHandler(failureHandler); openidFilter.setRememberMeServices(tbrms); FacebookAuthFilter facebookFilter = new FacebookAuthFilter("/" + FacebookAuthFilter.FACEBOOK_ACTION); facebookFilter.setAuthenticationManager(authenticationManager()); facebookFilter.setAuthenticationSuccessHandler(successHandler); facebookFilter.setAuthenticationFailureHandler(failureHandler); facebookFilter.setRememberMeServices(tbrms); GoogleAuthFilter googleFilter = new GoogleAuthFilter("/" + GoogleAuthFilter.GOOGLE_ACTION); googleFilter.setAuthenticationManager(authenticationManager()); googleFilter.setAuthenticationSuccessHandler(successHandler); googleFilter.setAuthenticationFailureHandler(failureHandler); googleFilter.setRememberMeServices(tbrms); LinkedInAuthFilter linkedinFilter = new LinkedInAuthFilter("/" + LinkedInAuthFilter.LINKEDIN_ACTION); linkedinFilter.setAuthenticationManager(authenticationManager()); linkedinFilter.setAuthenticationSuccessHandler(successHandler); linkedinFilter.setAuthenticationFailureHandler(failureHandler); linkedinFilter.setRememberMeServices(tbrms); TwitterAuthFilter twitterFilter = new TwitterAuthFilter("/" + TwitterAuthFilter.TWITTER_ACTION); twitterFilter.setAuthenticationManager(authenticationManager()); twitterFilter.setAuthenticationSuccessHandler(successHandler); twitterFilter.setAuthenticationFailureHandler(failureHandler); twitterFilter.setRememberMeServices(tbrms); GitHubAuthFilter githubFilter = new GitHubAuthFilter("/" + GitHubAuthFilter.GITHUB_ACTION); githubFilter.setAuthenticationManager(authenticationManager()); githubFilter.setAuthenticationSuccessHandler(successHandler); githubFilter.setAuthenticationFailureHandler(failureHandler); githubFilter.setRememberMeServices(tbrms); http.addFilterAfter(passwordFilter, BasicAuthenticationFilter.class); http.addFilterAfter(openidFilter, BasicAuthenticationFilter.class); http.addFilterAfter(facebookFilter, BasicAuthenticationFilter.class); http.addFilterAfter(googleFilter, BasicAuthenticationFilter.class); http.addFilterAfter(linkedinFilter, BasicAuthenticationFilter.class); http.addFilterAfter(twitterFilter, BasicAuthenticationFilter.class); http.addFilterAfter(githubFilter, BasicAuthenticationFilter.class); if (enableRestFilter) { RestAuthFilter restFilter = new RestAuthFilter(new Signer()); http.addFilterAfter(restFilter, RememberMeAuthenticationFilter.class); } }
From source file:org.esupportail.publisher.config.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling() .authenticationEntryPoint(casAuthenticationEntryPoint()).and() .addFilterBefore(casAuthenticationFilter(), BasicAuthenticationFilter.class) .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class); // .and()/*from ww w. j a v a 2 s.c o m*/ // .rememberMe() // .rememberMeServices(rememberMeServices) // .key(env.getProperty("jhipster.security.rememberme.key")) // .and() // .formLogin() // .loginProcessingUrl("/api/authentication") // .successHandler(ajaxAuthenticationSuccessHandler) // .failureHandler(ajaxAuthenticationFailureHandler) // .usernameParameter("j_username") // .passwordParameter("j_password") // .permitAll() http.headers().frameOptions().disable().authorizeRequests().antMatchers("/app/**").authenticated() .antMatchers("/api/register").denyAll().antMatchers("/api/activate").denyAll() .antMatchers("/api/authenticate").denyAll().antMatchers("/api/logs/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/api/enums/**").permitAll() .antMatchers("/api/conf/**").permitAll().antMatchers("/api/**") .hasAuthority(AuthoritiesConstants.USER).antMatchers("/metrics/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/health/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/trace/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/dump/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/shutdown/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/beans/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/configprops/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/info/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/autoconfig/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/env/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/trace/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/api-docs/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/published/**") .access("hasRole('" + AuthoritiesConstants.ANONYMOUS + "') and (hasIpAddress('" + ipVariableHolder.getIpRange() + "') or hasIpAddress('127.0.0.1/32') or hasIpAddress('::1'))") .antMatchers(FeedController.PRIVATE_RSS_FEED_URL_PATH + "**") .access("hasRole('" + AuthoritiesConstants.ANONYMOUS + "') and (hasIpAddress('" + ipVariableHolder.getIpRange() + "') or hasIpAddress('127.0.0.1/32') or hasIpAddress('::1'))") .antMatchers(PROTECTED_PATH + "**").authenticated().antMatchers("/view/**").permitAll(); http.logout().logoutUrl("/api/logout").logoutSuccessHandler(ajaxLogoutSuccessHandler) .invalidateHttpSession(true).deleteCookies("JSESSIONID").permitAll(); }
From source file:org.opentestsystem.ap.iat.config.SecurityConfig.java
/** * Defines the web based security configuration. * * @param http It allows configuring web based security for specific http requests. * @throws Exception// w w w.j a v a 2 s.com */ @Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(forwardedHeaderFilter(), ChannelProcessingFilter.class) .addFilterAfter(metadataGeneratorFilter(), ForwardedHeaderFilter.class) .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.headers().frameOptions().sameOrigin(); http.authorizeRequests() .antMatchers("/saml/**", "/manage/**/health**", "/manage/**/info**", "/assets/**", "**.js", "favicon.**", "/fontawesome**", "/glyphicons**", "/api/sec/**", "/api/ivs/**", "/error/403.html", "/keepalive") .permitAll(); http.authorizeRequests().antMatchers("/**").hasAnyRole("ADMIN", "USER"); http.logout().logoutSuccessUrl("/"); http.exceptionHandling().accessDeniedHandler(accessDeniedHandler()); }