List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity requiresChannel
public ChannelSecurityConfigurer<HttpSecurity>.ChannelRequestMatcherRegistry requiresChannel() throws Exception
From source file:io.pivotal.cla.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { AuthenticationEntryPoint entryPoint = entryPoint(); AdminRequestedAccessDeniedHandler accessDeniedHandler = new AdminRequestedAccessDeniedHandler(entryPoint); http.requiresChannel().requestMatchers(request -> request.getHeader("x-forwarded-port") != null) .requiresSecure().and().exceptionHandling().authenticationEntryPoint(entryPoint) .accessDeniedHandler(accessDeniedHandler).and().csrf().ignoringAntMatchers("/github/hooks/**").and() .authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll() .antMatchers("/login/**", "/", "/about", "/faq").permitAll() .antMatchers("/webjars/**", "/assets/**").permitAll().antMatchers("/github/hooks/**").permitAll() .antMatchers("/admin", "/admin/cla/link/**", "/admin/help/**").hasRole("ADMIN") .antMatchers("/admin/**", "/manage/**").hasRole("CLA_AUTHOR").anyRequest().authenticated().and() .logout().logoutSuccessUrl("/?logout"); }
From source file:com.sothawo.taboo2.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { boolean requireSsl = securityProperties.isRequireSsl(); boolean basicEnabled = securityProperties.getBasic().isEnabled(); log.debug("configuring http, requires ssl: {}, basic authentication: {}", requireSsl, basicEnabled); if (requireSsl) { http.requiresChannel().anyRequest().requiresSecure(); }/*from w ww . jav a 2 s . c o m*/ if (basicEnabled) { // authentication for the taboo2 service only, the app itself doesn't need use it to display it's own login // form. http.authorizeRequests().antMatchers("/taboo2/**").authenticated().anyRequest().permitAll(); } http.httpBasic().realmName("taboo2"); http.csrf().disable(); }
From source file:com.orange.clara.cloud.services.sandbox.config.SecurityConfiguration.java
@Override public void configure(HttpSecurity http) throws Exception { String managementContextPath = managementServerProperties.getContextPath(); // @formatter:off if (securityProperties.isRequireSsl()) { LOGGER.info("SSL enabled in springboot config, cannot access this app using http"); http.requiresChannel().anyRequest().requiresSecure(); }/*from ww w . j a v a 2s .c o m*/ if (securityProperties.isEnableCsrf()) { LOGGER.info("CSRF enabled in springboot config"); http.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class); } http.authorizeRequests().antMatchers(managementContextPath + "/health", managementContextPath + "/info") .access("isAnonymous() or #oauth2.throwOnError(#oauth2.hasScope('" + oauth2AdminScope + "'))") .antMatchers(managementContextPath + "/**").access("#oauth2.hasScope('" + oauth2AdminScope + "')") .anyRequest().authenticated().and().formLogin().disable().logout().disable().sessionManagement() .sessionCreationPolicy(securityProperties.getSessions()); // @formatter:on }
From source file:com.devnexus.ting.web.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { HttpSecurity httpSecurity = http.csrf().disable() //TODO Refactor login form .authorizeRequests().antMatchers("/s/admin/cfp**").hasAnyAuthority("ADMIN", "CFP_REVIEWER").and() .authorizeRequests().antMatchers("/s/admin/index").hasAnyAuthority("ADMIN", "CFP_REVIEWER").and() .authorizeRequests().antMatchers("/s/admin/**").hasAuthority("ADMIN").and().authorizeRequests() .antMatchers("/**").permitAll().anyRequest().anonymous().and().logout().logoutSuccessUrl("/s/index") .logoutUrl("/s/logout").permitAll().and(); if (httpsEnabled) { httpSecurity = httpSecurity.requiresChannel().antMatchers("/s/admin/**").requiresSecure().and(); }/*w ww .j av a 2 s . c o m*/ httpSecurity.formLogin().loginProcessingUrl("/s/login").defaultSuccessUrl("/s/admin/index") .loginPage("/s/login").failureUrl("/s/login?status=error").permitAll(); }
From source file:com.orange.clara.tool.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.requestMatcher(new RequestMatcher() { @Override//from w w w . j ava 2 s. c om public boolean matches(HttpServletRequest httpServletRequest) { return httpServletRequest.getHeader("Authorization") == null; } }).authorizeRequests().antMatchers("/api/admin/**").hasRole(UserRole.ADMIN) .antMatchers("/info/**", "/ws/**").permitAll().anyRequest().authenticated().and().csrf() .csrfTokenRepository(csrfTokenRepository()).and() .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class); if (useSsl) { http.requiresChannel().anyRequest().requiresSecure(); } }
From source file:com.devnexus.ting.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { HttpSecurity httpSecurity = http.csrf().disable() //TODO Refactor login form .authorizeRequests().antMatchers("/s/admin/cfp**") .hasAnyAuthority("ROLE_ADMIN", "ROLE_CFP_REVIEWER", "ROLE_APP_USER").and().authorizeRequests() .antMatchers("/s/admin/index").hasAnyAuthority("ROLE_ADMIN", "ROLE_CFP_REVIEWER", "ROLE_APP_USER") .and().authorizeRequests().antMatchers("/s/admin/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_APP_USER") .and().authorizeRequests()/*from ww w.j a v a 2 s. co m*/ .antMatchers("/s/cfp/index**", "/s/cfp/speaker**", "/s/cfp/abstract**", "/s/cfp/add-cfp-success**", "/s/cfp/speaker/**") .hasAnyAuthority("ROLE_ADMIN", "ROLE_APP_USER").and().authorizeRequests().antMatchers("/**") .permitAll().anyRequest().anonymous().and().logout().logoutSuccessUrl("/s/index") .logoutUrl("/s/logout").permitAll().and(); if (environment.getRequiredProperty("server.ssl.enabled", Boolean.class)) { httpSecurity = httpSecurity.requiresChannel().antMatchers("/s/admin/**").requiresSecure().and(); httpSecurity = httpSecurity.requiresChannel().antMatchers("/s/cfp/**").requiresSecure().and(); } final RoleAwareSimpleUrlAuthenticationSuccessHandler successHandler = new RoleAwareSimpleUrlAuthenticationSuccessHandler(); successHandler.setUseReferer(false); successHandler.setTargetUrlParameter("target"); successHandler.setDefaultTargetUrl("/s/admin/index"); httpSecurity.formLogin().loginProcessingUrl("/s/login").loginPage("/s/login") .failureUrl("/s/login?status=error").successHandler(successHandler).permitAll(); http.apply(new SpringSocialConfigurer().postLoginUrl("/s/cfp/index")); }
From source file:cn.org.once.cstack.config.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { // Login Form http.formLogin().loginProcessingUrl("/user/authentication").successHandler(ajaxAuthenticationSuccessHandler) .failureHandler(ajaxAuthenticationFailureHandler).usernameParameter("j_username") .passwordParameter("j_password").permitAll(); // Logout/*from w ww . j a va2 s .com*/ http.logout().logoutUrl("/user/logout").logoutSuccessHandler(ajaxLogoutSuccessHandler) .deleteCookies("JSESSIONID", "XSRF-TOKEN", "isLogged").invalidateHttpSession(true).permitAll(); // CSRF protection // enable for any profils activateProtectionCRSF(http); // enable for any profils disableProtectionCRSF(http); // Routes security http.authorizeRequests().antMatchers("/gitlab/**").permitAll().antMatchers("/**") .hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").and().exceptionHandling() .authenticationEntryPoint(authenticationEntryPoint); if ("true".equals(System.getProperty("httpsOnly"))) { logger.info("launching the application in HTTPS-only mode"); http.requiresChannel().anyRequest().requiresSecure(); } }
From source file:fr.treeptik.cloudunit.config.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { // Login Form http.formLogin().loginProcessingUrl("/user/authentication").successHandler(ajaxAuthenticationSuccessHandler) .failureHandler(ajaxAuthenticationFailureHandler).usernameParameter("j_username") .passwordParameter("j_password").permitAll(); // Logout//ww w. j a v a2 s. c o m http.logout().logoutUrl("/user/logout").logoutSuccessHandler(ajaxLogoutSuccessHandler) .deleteCookies("JSESSIONID", "XSRF-TOKEN", "isLogged").invalidateHttpSession(true).permitAll(); // CSRF protection // enable for any profils activateProtectionCRSF(http); // enable for any profils disableProtectionCRSF(http); // Routes security http.authorizeRequests().antMatchers("/application/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN") .antMatchers("/server/**").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").antMatchers("/module/**") .hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").antMatchers("/file/**") .hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").antMatchers("/image/**") .hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").antMatchers("/user/**") .hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").antMatchers("/logs/**") .hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").antMatchers("/snapshot/**") .hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").antMatchers("/monitoring/**") .hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").antMatchers("/messages/**") .hasAnyAuthority("ROLE_USER", "ROLE_ADMIN").antMatchers("/admin/**").hasAnyAuthority("ROLE_ADMIN") .antMatchers("/user/check", "/nopublic/**").permitAll().and().exceptionHandling() .authenticationEntryPoint(authenticationEntryPoint); if ("true".equals(System.getProperty("httpsOnly"))) { logger.info("launching the application in HTTPS-only mode"); http.requiresChannel().anyRequest().requiresSecure(); } }