List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity sessionManagement
public SessionManagementConfigurer<HttpSecurity> sessionManagement() throws Exception
From source file:com.sg.rest.spring.SecurityContext.java
public static void ConfigureStatelessSecurityWithoutCsrfProtection(HttpSecurity http) throws Exception { //Stateless/*from ww w .jav a 2 s . c om*/ http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); //No csrf http.csrf().disable(); }
From source file:at.ac.univie.isc.asio.Security.java
/** * default security settings for rest-ful endpoints *///ww w. j a v a2 s.co m private static void defaultHttpOptions(final HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().requestCache() .disable().csrf().disable().logout().disable().headers().cacheControl().contentTypeOptions() .xssProtection().frameOptions(); }
From source file:docs.security.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http // other config goes here... .sessionManagement().maximumSessions(2).sessionRegistry(sessionRegistry()); }
From source file:shiver.me.timbers.spring.security.integration.JwtAnnotationSecurityConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(STATELESS); http.antMatcher("/jwt/**"); http.csrf().disable();/*from w ww.j a v a 2 s. c o m*/ http.authorizeRequests().antMatchers("/jwt/one").access("hasRole('ONE')").antMatchers("/jwt/two") .access("hasRole('TWO')").anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/jwt/signIn") .permitAll(); http.logout().logoutUrl("/jwt/signOut").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:shiver.me.timbers.spring.security.integration.JwtApplySecurityConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(STATELESS); http.apply(jwt());/* w w w. j a va2 s .c om*/ http.antMatcher("/jwt/**"); http.csrf().disable(); http.authorizeRequests().antMatchers("/jwt/one").access("hasRole('ONE')").antMatchers("/jwt/two") .access("hasRole('TWO')").anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/jwt/signIn") .permitAll(); http.logout().logoutUrl("/jwt/signOut").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:hr.foi.sis.conf.ConfSecurity.java
@Override protected void configure(HttpSecurity http) throws Exception { http.sessionManagement().maximumSessions(1); http.csrf().disable().authorizeRequests().antMatchers("/admin-page.html").access("hasRole('ROLE_ADMIN')") .antMatchers("/user-page.html").access("isAuthenticated()") .antMatchers("/index.html", "/register.html", "spring-security.css").permitAll() .antMatchers("/register.html").permitAll().and().formLogin().loginPage("/login.html") .usernameParameter("username").passwordParameter("password").failureUrl("/login-error.html") .defaultSuccessUrl("/user-page.html").and().logout().logoutUrl("/logout") .logoutSuccessUrl("/index.html").and().exceptionHandling() .accessDeniedPage("/acces-denied-page.html").and().headers().xssProtection(); //CsrfTokenResponseHeaderBindingFilter csrfTokenFilter = new CsrfTokenResponseHeaderBindingFilter(); //http.addFilterAfter(csrfTokenFilter, CsrfFilter.class); }
From source file:io.syndesis.runtime.SecurityConfiguration.java
@Override @SuppressWarnings("PMD.SignatureDeclareThrowsException") protected void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .addFilter(requestHeaderAuthenticationFilter()) .addFilter(new AnonymousAuthenticationFilter("anonymous")).authorizeRequests() .antMatchers(HttpMethod.OPTIONS).permitAll().antMatchers("/api/v1/swagger.*").permitAll() .antMatchers("/api/v1/index.html").permitAll().antMatchers("/api/v1/version").permitAll() .antMatchers(HttpMethod.GET, "/api/v1/credentials/callback").permitAll().antMatchers("/api/v1/**") .hasRole("AUTHENTICATED").anyRequest().permitAll(); http.csrf().disable();//from w w w . ja va2s . c o m }
From source file:some.test.config.OAuthConfiguration.java
/** * Configure scopes for specific controller/httpmethods/roles here. *//* www .j av a2s . co m*/ @Override public void configure(final HttpSecurity http) throws Exception { //J- http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER).and().requestMatchers() .antMatchers("/secured/**").and().authorizeRequests().antMatchers(HttpMethod.GET, "/secured/**") .access("#oauth2.hasScope('testscope')"); //J+ }
From source file:reconf.server.ApplicationSecurity.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable();//from w w w. j av a2 s . co m http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests().antMatchers("/crud/**").fullyAuthenticated().accessDecisionManager(decisionManager) .and().httpBasic(); }
From source file:com.esa.infocontrol.config.spring.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { System.out.println("Configuring InfoControl Security. . . "); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().portMapper() .http(8080).mapsTo(8181).and().requiresChannel().anyRequest().requiresSecure().and().csrf() .disable().authorizeRequests().antMatchers("/api/admin/**").hasRole("ADMIN").antMatchers("/api/**") .hasRole("USERAPI").antMatchers("/*").hasRole("USER").and().httpBasic() .realmName("InfoControlRestAPI REALM"); }