List of usage examples for org.springframework.security.config.http SessionCreationPolicy ALWAYS
SessionCreationPolicy ALWAYS
To view the source code for org.springframework.security.config.http SessionCreationPolicy ALWAYS.
Click Source Link
From source file:com.ericsson.eiffel.remrem.generate.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { LOGGER.debug("LDAP authentication enabled"); http.authorizeRequests().anyRequest().authenticated().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and().httpBasic().and().csrf().disable(); }
From source file:org.meruvian.yama.webapi.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/oauth/authorize").fullyAuthenticated() .and().formLogin().loginPage(LOGIN_PAGE_URL).loginProcessingUrl(LOGIN_PROCESSING_URL) .usernameParameter("username").passwordParameter("password").defaultSuccessUrl(LOGIN_SUCCESS_URL) .failureUrl(LOGIN_FAILURE_URL).and().logout().logoutUrl(LOGOUT_URL) .logoutSuccessUrl(LOGOUT_SUCCESS_URL).invalidateHttpSession(true).and().rememberMe() .userDetailsService(userDetailsService).and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and().csrf() .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable(); }
From source file:org.osiam.configuration.WebApplicationSecurity.java
@Override protected void configure(HttpSecurity http) throws Exception { LoginDecisionFilter loginDecisionFilter = new LoginDecisionFilter(); loginDecisionFilter.setAuthenticationManager(authenticationManagerBean()); SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setAlwaysUseDefaultTargetUrl(false); loginDecisionFilter.setAuthenticationSuccessHandler(successHandler); loginDecisionFilter/* ww w . j av a2 s .c om*/ .setAuthenticationFailureHandler(new OsiamCachingAuthenticationFailureHandler("/login/error")); // @formatter:off http.requestMatchers().antMatchers("/login/**", "/error", "/oauth/**").and().authorizeRequests() .antMatchers("/login", "/login/error", "/error").permitAll().anyRequest().authenticated().and() .csrf() // TODO: This is a bad idea! We need CSRF at least for the `/oauth/authorize` endpoint // see also: https://github.com/spring-projects/spring-security-oauth/blob/2.0.8.RELEASE/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/SecurityConfiguration.java#L48 .disable().exceptionHandling().accessDeniedPage("/login/error").and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and().formLogin() .loginProcessingUrl("/login/check").failureUrl("/login/error").loginPage("/login").and() .addFilterBefore(loginDecisionFilter, UsernamePasswordAuthenticationFilter.class); // @formatter:on }
From source file:org.apache.atlas.web.security.AtlasSecurityConfig.java
protected void configure(HttpSecurity httpSecurity) throws Exception { //@formatter:off httpSecurity.authorizeRequests().anyRequest().authenticated().and().headers().disable().servletApi().and() .csrf().disable().sessionManagement().enableSessionUrlRewriting(false) .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).sessionFixation().newSession().and() .formLogin().loginPage("/login.jsp").loginProcessingUrl("/j_spring_security_check") .successHandler(successHandler).failureHandler(failureHandler).usernameParameter("j_username") .passwordParameter("j_password").and().logout().logoutSuccessUrl("/login.jsp") .deleteCookies("ATLASSESSIONID").logoutUrl("/logout.html").and().httpBasic() .authenticationEntryPoint(getDelegatingAuthenticationEntryPoint()); //@formatter:on if (configuration.getBoolean("atlas.server.ha.enabled", false)) { LOG.info("Atlas is in HA Mode, enabling ActiveServerFilter"); httpSecurity.addFilterAfter(activeServerFilter, BasicAuthenticationFilter.class); }//from www .jav a2 s .c om httpSecurity.addFilterAfter(staleTransactionCleanupFilter, BasicAuthenticationFilter.class) .addFilterAfter(ssoAuthenticationFilter, BasicAuthenticationFilter.class) .addFilterAfter(atlasAuthenticationFilter, SecurityContextHolderAwareRequestFilter.class) .addFilterAfter(csrfPreventionFilter, AtlasAuthenticationFilter.class) .addFilterAfter(atlasAuthorizationFilter, FilterSecurityInterceptor.class); }