List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity requestMatchers
public RequestMatcherConfigurer requestMatchers()
From source file:org.moserp.common.security.SecurityConfiguration.java
/** * Provide security so that endpoints are only served if the request is * already authenticated.//from ww w. j av a 2s . c o m */ @Override public void configure(HttpSecurity http) throws Exception { http.requestMatchers().antMatchers("/**").and().authorizeRequests().anyRequest().authenticated(); // .antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')") // .antMatchers(HttpMethod.OPTIONS, "/**").access("#oauth2.hasScope('read')") // .antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')") // .antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')") // .antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')") // .antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')"); }
From source file:org.meruvian.yama.webapi.config.oauth.ResourceServerConfig.java
@Override public void configure(HttpSecurity http) throws Exception { String[] authorizedUrl = { "/autoconfig", "/beans", "/configprops", "/dump", "/env", "/health", "/info", "/metrics", "/mappings", "/shutdown", "/trace", "/oauth/token", "/api/**" }; http.requestMatchers().antMatchers(authorizedUrl).and().authorizeRequests().antMatchers("/oauth/token") .fullyAuthenticated().antMatchers("/api/roles", "/api/roles/**").hasAuthority("ADMINISTRATOR") .antMatchers("/api/users/me", "/api/users/me/**").fullyAuthenticated() .antMatchers("/api/users", "/api/users/**").hasAuthority("ADMINISTRATOR") .antMatchers("/api/oauth/clients/**").permitAll().antMatchers("/api/complaints").permitAll() .antMatchers("/api/categories").permitAll().antMatchers("/api/signup").anonymous() .antMatchers("/**").fullyAuthenticated().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .userDetailsService(clientDetailsUserDetailsService).anonymous().and().headers().frameOptions() .disable().exceptionHandling().accessDeniedHandler(accessDeniedHandler); }
From source file:de.pksoftware.springstrap.core.config.ResourceServerConfigBase.java
/** * /* w w w.j av a 2 s . c om*/ */ @Override public void configure(HttpSecurity http) throws Exception { //http.authorizeRequests().anyRequest().authenticated().and().httpBasic(); //TODO Find out if there is a difference if session is stateless. //http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.requestMatchers().antMatchers(getProtectedPathes()).and().authorizeRequests().antMatchers("/**") .authenticated(); }
From source file:org.osiam.configuration.WebApplicationSecurity.java
@Override protected void configure(HttpSecurity http) throws Exception { LoginDecisionFilter loginDecisionFilter = new LoginDecisionFilter(); loginDecisionFilter.setAuthenticationManager(authenticationManagerBean()); SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setAlwaysUseDefaultTargetUrl(false); loginDecisionFilter.setAuthenticationSuccessHandler(successHandler); loginDecisionFilter// w w w . j ava2 s. c o m .setAuthenticationFailureHandler(new OsiamCachingAuthenticationFailureHandler("/login/error")); // @formatter:off http.requestMatchers().antMatchers("/login/**", "/error", "/oauth/**").and().authorizeRequests() .antMatchers("/login", "/login/error", "/error").permitAll().anyRequest().authenticated().and() .csrf() // TODO: This is a bad idea! We need CSRF at least for the `/oauth/authorize` endpoint // see also: https://github.com/spring-projects/spring-security-oauth/blob/2.0.8.RELEASE/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/SecurityConfiguration.java#L48 .disable().exceptionHandling().accessDeniedPage("/login/error").and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and().formLogin() .loginProcessingUrl("/login/check").failureUrl("/login/error").loginPage("/login").and() .addFilterBefore(loginDecisionFilter, UsernamePasswordAuthenticationFilter.class); // @formatter:on }