List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity regexMatcher
public HttpSecurity regexMatcher(String pattern)
From source file:com.netflix.genie.web.security.SecurityUtils.java
/** * Build the common API HTTP security./* ww w .ja v a2s .com*/ * * @param http The http security object to use * @param x509UserDetailsService The x509 authentication user details service to use * @param actuatorEndpoint The endpoint where the Spring Actuator sits * @throws Exception when there is a problem configuring HTTP errors */ public static void buildAPIHttpSecurity(@NotNull final HttpSecurity http, @NotNull final X509UserDetailsService x509UserDetailsService, @NotBlank final String actuatorEndpoint) throws Exception { // @formatter:off http // .regexMatcher("(/api/.*)|(" + actuatorEndpoint + ")/(?!health).*") .regexMatcher("(/api/.*)").authorizeRequests() .regexMatchers(HttpMethod.DELETE, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PATCH, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.POST, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PUT, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.DELETE, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PATCH, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.POST, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PUT, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.DELETE, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PATCH, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.POST, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PUT, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE).anyRequest() .hasRole(USER_ROLE).and().x509().authenticationUserDetailsService(x509UserDetailsService).and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER) // .and() // .requiresChannel().anyRequest().requiresSecure() .and().requestCache().requestCache(new NullRequestCache()).and().csrf().disable(); // @formatter:on }
From source file:com.hp.autonomy.frontend.find.hod.beanconfiguration.InMemoryHodSecurity.java
@SuppressWarnings("ProhibitedExceptionDeclared") @Override/* w ww . j a v a2 s .c o m*/ protected void configure(final HttpSecurity http) throws Exception { final AuthenticationSuccessHandler loginSuccessHandler = new LoginSuccessHandler(FindRole.CONFIG.toString(), FindController.CONFIG_PATH, "/p/"); final HttpSessionRequestCache requestCache = new HttpSessionRequestCache(); requestCache.setRequestMatcher(new OrRequestMatcher(new AntPathRequestMatcher("/p/**"), new AntPathRequestMatcher(FindController.CONFIG_PATH))); http.regexMatcher("/p/.*|/config/.*|/authenticate|/logout").authorizeRequests().antMatchers("/p/**") .hasRole(FindRole.ADMIN.name()).antMatchers(FindController.CONFIG_PATH) .hasRole(FindRole.CONFIG.name()).and().requestCache().requestCache(requestCache).and().formLogin() .loginPage(FindController.DEFAULT_LOGIN_PAGE).loginProcessingUrl("/authenticate") .successHandler(loginSuccessHandler).failureUrl(FindController.DEFAULT_LOGIN_PAGE + "?error=auth") .and().logout() .logoutSuccessHandler(new HodLogoutSuccessHandler( new HodTokenLogoutSuccessHandler(SsoController.SSO_LOGOUT_PAGE, tokenRepository), FindController.APP_PATH)) .and().csrf().disable(); }
From source file:com.hp.autonomy.frontend.find.hod.beanconfiguration.HodSecurity.java
@SuppressWarnings("ProhibitedExceptionDeclared") @Override//from w w w .j a v a2 s. co m protected void configure(final HttpSecurity http) throws Exception { final AuthenticationEntryPoint ssoEntryPoint = new SsoAuthenticationEntryPoint(SsoController.SSO_PAGE); final SsoAuthenticationFilter ssoAuthenticationFilter = new SsoAuthenticationFilter( SsoController.SSO_AUTHENTICATION_URI); ssoAuthenticationFilter.setAuthenticationManager(authenticationManager()); final LogoutSuccessHandler logoutSuccessHandler = new HodTokenLogoutSuccessHandler( SsoController.SSO_LOGOUT_PAGE, tokenRepository); http.regexMatcher("/public/.*|/sso|/authenticate-sso|/api/authentication/.*|/logout").csrf().disable() .exceptionHandling().authenticationEntryPoint(ssoEntryPoint) .accessDeniedPage(DispatcherServletConfiguration.AUTHENTICATION_ERROR_PATH).and() .authorizeRequests().antMatchers(FindController.APP_PATH + "**").hasRole(FindRole.USER.name()).and() .logout().logoutSuccessHandler(logoutSuccessHandler).and() .addFilterAfter(ssoAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class); }