List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity sessionManagement
public SessionManagementConfigurer<HttpSecurity> sessionManagement() throws Exception
From source file:io.syndesis.runtime.KeycloakConfiguration.java
@Override @SuppressWarnings("PMD.SignatureDeclareThrowsException") protected void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .sessionAuthenticationStrategy(sessionAuthenticationStrategy()).and() .addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class) .addFilterBefore(keycloakAuthenticationProcessingFilter(), X509AuthenticationFilter.class) .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and().authorizeRequests() .antMatchers(HttpMethod.OPTIONS).permitAll().antMatchers("/api/v1/swagger.*").permitAll() .antMatchers("/api/v1/index.html").permitAll() .antMatchers(HttpMethod.GET, "/api/v1/credentials/callback").permitAll().antMatchers("/api/v1/**") .authenticated().antMatchers("/api/setup").authenticated().anyRequest().permitAll(); http.csrf().disable();//from ww w . j a v a 2 s . c o m }
From source file:ch.ge.ve.protopoc.config.WebSecurityConfigurer.java
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity // don't create session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() // restrict access for some URLs .authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll() .antMatchers("/api/accounts/*").denyAll().antMatchers("/auth/login").permitAll().antMatchers("/") .permitAll().anyRequest().fullyAuthenticated().and() // JWT tokens are immune to CSRF, // see http://stackoverflow.com/questions/21357182/csrf-token-necessary-when-using-stateless-sessionless-authentication .csrf().disable();//from ww w . j ava 2 s . c om // Custom JWT based security filter httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class); // disable page caching httpSecurity.headers().cacheControl(); }
From source file:com.boxedfolder.carrot.config.security.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable();//from w w w . j a v a 2 s . c om http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests().antMatchers(HttpMethod.POST, "/client/analytics/logs/**").permitAll(); // Define secured routes here String[] securedEndpoints = { "/client/ping", "/client/beacons/**", "/client/apps/**", "/client/events/**", "/client/analytics/**" }; for (String endpoint : securedEndpoints) { http.authorizeRequests().antMatchers(endpoint).authenticated(); } SecurityConfigurer<DefaultSecurityFilterChain, HttpSecurity> securityConfigurerAdapter = new XAuthTokenConfigurer( userDetailsServiceBean()); http.apply(securityConfigurerAdapter); }
From source file:eu.trentorise.game.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // application never creates an http session http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests()/* w w w. j av a2 s. c o m*/ .antMatchers("/gengine/**", "/console/**", "/model/**", "/data/**", "/exec/**", "/notification/**") .access("hasRole('ROLE_ADMIN')").and().httpBasic(); http.authorizeRequests().antMatchers("/api/**").anonymous(); // disable csrf permits POST http call to DomainConsoleController // without using csrf token http.csrf().disable(); }
From source file:com.wiiyaya.consumer.web.initializer.config.SecurityConfig.java
private void configSessionManager(HttpSecurity http) throws Exception { http.sessionManagement().maximumSessions(1).maxSessionsPreventsLogin(false) .expiredUrl(MainURIResource.PATH_ERROR_MAX_SESSIONS)//??URL .and().invalidSessionUrl(MainURIResource.PATH_ERROR_TIME_OUT);//session?URL }
From source file:com.esquema.seguridad.ApplicationSecurity.java
@Override protected void configure(HttpSecurity http) throws Exception { /* Inicio// www . j a v a 2 s . co m *********************** Manejo de sesin y autenticacin **************************************/ http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests() .antMatchers("/esquema/**").fullyAuthenticated().and().httpBasic(); //.formLogin(); /********************** Manejo de sesin y autenticacin *************************************** * Fin */ /* Inicio *********************** Manejo de sesin y autenticacin **************************************/ http.authorizeRequests().antMatchers("/").permitAll().and().authorizeRequests() .antMatchers("/h2/**", "/H2/**").permitAll(); http.csrf().disable(); http.headers().frameOptions().disable(); /********************** Manejo de sesin y autenticacin *************************************** * Fin */ /* Inicio *********************** Hace que el request sea solo por HTTPS ************************************** http .requiresChannel().antMatchers("/escribe tu ruta aqu/**").requiresSecure(); http.csrf().disable(); /********************** Hace que el request sea solo por HTTPS *************************************** * Fin */ }
From source file:org.opendatakit.configuration.TestBasicSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { logger.info("Setting up authentication."); // We have a choice here; stateless OR enable sessions and use CSRF. http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.csrf().disable();/*from w ww . j av a2 s . c o m*/ http.authorizeRequests().antMatchers("/*").permitAll(); http.authorizeRequests().antMatchers("/**").authenticated().and() .addFilterBefore(basicAuthenticationFilter(), AnonymousAuthenticationFilter.class); }
From source file:org.opendatakit.configuration.TestDigestSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { logger.info("Setting up authentication."); // We have a choice here; stateless OR enable sessions and use CSRF. http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.csrf().disable();/*from w ww . j a v a2s . c o m*/ http.authorizeRequests().antMatchers("/*").permitAll(); http.authorizeRequests().antMatchers("/**").authenticated().and() .addFilterBefore(basicAuthenticationFilter(), AnonymousAuthenticationFilter.class) .addFilter(digestAuthenticationFilter()); }
From source file:com.hillert.botanic.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { SessionRepositoryFilter<ExpiringSession> sessionRepositoryFilter = new SessionRepositoryFilter( sessionRepository);//from w w w.jav a2s . c o m sessionRepositoryFilter.setHttpSessionStrategy(new HeaderHttpSessionStrategy()); http.addFilterBefore(sessionRepositoryFilter, ChannelProcessingFilter.class).csrf().disable(); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests().antMatchers(HttpMethod.POST, "/api/plants/**") .hasRole(DefaultUserDetailsService.ROLE_ADMIN); }
From source file:com.frequentis.maritime.mcsr.config.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { //super.configure(http); log.debug("Configuring HttpSecurity"); log.debug("RememberMe service {}", rememberMeServices); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .sessionAuthenticationStrategy(sessionAuthenticationStrategy()).and() .addFilterBefore(basicAuthenticationFilter(), LogoutFilter.class) .addFilterBefore(new SkippingFilter(keycloakPreAuthActionsFilter()), LogoutFilter.class) .addFilterBefore(new SkippingFilter(keycloakAuthenticationProcessingFilter()), X509AuthenticationFilter.class) .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and() // .addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class) // .exceptionHandling() // .accessDeniedHandler(new CustomAccessDeniedHandler()) // .authenticationEntryPoint(authenticationEntryPoint) // .and() .rememberMe().rememberMeServices(rememberMeServices).rememberMeParameter("remember-me") .key(jHipsterProperties.getSecurity().getRememberMe().getKey()).and().formLogin() .loginProcessingUrl("/api/authentication").successHandler(ajaxAuthenticationSuccessHandler) .failureHandler(ajaxAuthenticationFailureHandler).usernameParameter("j_username") .passwordParameter("j_password").permitAll().and().logout().logoutUrl("/api/logout") .logoutSuccessHandler(ajaxLogoutSuccessHandler).deleteCookies("JSESSIONID", "CSRF-TOKEN") .permitAll().and().headers().frameOptions().disable().and().authorizeRequests() .antMatchers("/api/register").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/api/elasticsearch/**").permitAll().antMatchers("/api/activate").permitAll() .antMatchers("/api/authenticate").permitAll() .antMatchers("/api/account/reset_password/inactivateit").permitAll() .antMatchers("/api/account/reset_password/finish").permitAll().antMatchers("/api/profile-info") .permitAll().antMatchers("/websocket/tracker").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/websocket/**").permitAll().antMatchers("/management/**") .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/v2/api-docs/**").permitAll() .antMatchers(HttpMethod.PUT, "/api/**").authenticated().antMatchers(HttpMethod.POST, "/api/**") .authenticated().antMatchers(HttpMethod.DELETE, "/api/**").authenticated() .antMatchers(HttpMethod.TRACE, "/api/**").authenticated().antMatchers(HttpMethod.HEAD, "/api/**") .authenticated().antMatchers(HttpMethod.PATCH, "/api/**").authenticated() .antMatchers(HttpMethod.OPTIONS, "/api/**").permitAll().antMatchers(HttpMethod.GET, "/api/**") .permitAll().antMatchers("/swagger-resources/configuration/ui").permitAll() .antMatchers("/swagger-ui/index.html").permitAll().and().csrf().disable(); }