Example usage for org.springframework.security.config.annotation.web.builders HttpSecurity requestMatchers

List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity requestMatchers

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.config.annotation.web.builders.*
  5. HttpSecurity
  6. requestMatchers

Introduction

In this page you can find the example usage for org.springframework.security.config.annotation.web.builders HttpSecurity requestMatchers.

Prototype

public RequestMatcherConfigurer requestMatchers()

Source Link

Document

Allows specifying which HttpServletRequest instances this HttpSecurity will be invoked on.

Usage

From source file:org.moserp.common.security.SecurityConfiguration.java

/**
 * Provide security so that endpoints are only served if the request is
 * already authenticated.//from  ww w. j av  a  2s  .  c o m
 */
@Override
public void configure(HttpSecurity http) throws Exception {
    http.requestMatchers().antMatchers("/**").and().authorizeRequests().anyRequest().authenticated();
    //                .antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
    //                .antMatchers(HttpMethod.OPTIONS, "/**").access("#oauth2.hasScope('read')")
    //                .antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
    //                .antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
    //                .antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
    //                .antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')");
}

From source file:org.meruvian.yama.webapi.config.oauth.ResourceServerConfig.java

@Override
public void configure(HttpSecurity http) throws Exception {
    String[] authorizedUrl = { "/autoconfig", "/beans", "/configprops", "/dump", "/env", "/health", "/info",
            "/metrics", "/mappings", "/shutdown", "/trace", "/oauth/token", "/api/**" };

    http.requestMatchers().antMatchers(authorizedUrl).and().authorizeRequests().antMatchers("/oauth/token")
            .fullyAuthenticated().antMatchers("/api/roles", "/api/roles/**").hasAuthority("ADMINISTRATOR")
            .antMatchers("/api/users/me", "/api/users/me/**").fullyAuthenticated()
            .antMatchers("/api/users", "/api/users/**").hasAuthority("ADMINISTRATOR")
            .antMatchers("/api/oauth/clients/**").permitAll().antMatchers("/api/complaints").permitAll()
            .antMatchers("/api/categories").permitAll().antMatchers("/api/signup").anonymous()
            .antMatchers("/**").fullyAuthenticated().and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .userDetailsService(clientDetailsUserDetailsService).anonymous().and().headers().frameOptions()
            .disable().exceptionHandling().accessDeniedHandler(accessDeniedHandler);
}

From source file:de.pksoftware.springstrap.core.config.ResourceServerConfigBase.java

/**
 * /*  w w  w.j  av  a  2  s  . c  om*/
 */
@Override
public void configure(HttpSecurity http) throws Exception {
    //http.authorizeRequests().anyRequest().authenticated().and().httpBasic();

    //TODO Find out if there is a difference if session is stateless.
    //http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http.requestMatchers().antMatchers(getProtectedPathes()).and().authorizeRequests().antMatchers("/**")
            .authenticated();
}

From source file:org.osiam.configuration.WebApplicationSecurity.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    LoginDecisionFilter loginDecisionFilter = new LoginDecisionFilter();
    loginDecisionFilter.setAuthenticationManager(authenticationManagerBean());
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setAlwaysUseDefaultTargetUrl(false);
    loginDecisionFilter.setAuthenticationSuccessHandler(successHandler);
    loginDecisionFilter// w w w . j ava2 s.  c  o  m
            .setAuthenticationFailureHandler(new OsiamCachingAuthenticationFailureHandler("/login/error"));

    // @formatter:off
    http.requestMatchers().antMatchers("/login/**", "/error", "/oauth/**").and().authorizeRequests()
            .antMatchers("/login", "/login/error", "/error").permitAll().anyRequest().authenticated().and()
            .csrf()
            // TODO: This is a bad idea! We need CSRF at least for the `/oauth/authorize` endpoint
            // see also: https://github.com/spring-projects/spring-security-oauth/blob/2.0.8.RELEASE/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/SecurityConfiguration.java#L48
            .disable().exceptionHandling().accessDeniedPage("/login/error").and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and().formLogin()
            .loginProcessingUrl("/login/check").failureUrl("/login/error").loginPage("/login").and()
            .addFilterBefore(loginDecisionFilter, UsernamePasswordAuthenticationFilter.class);
    // @formatter:on
}