Example usage for org.springframework.security.config.http SessionCreationPolicy ALWAYS

List of usage examples for org.springframework.security.config.http SessionCreationPolicy ALWAYS

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.config.http.*
  5. SessionCreationPolicy
  6. ALWAYS

Introduction

In this page you can find the example usage for org.springframework.security.config.http SessionCreationPolicy ALWAYS.

Prototype

SessionCreationPolicy ALWAYS

To view the source code for org.springframework.security.config.http SessionCreationPolicy ALWAYS.

Click Source Link

Document

Always create an HttpSession

Usage

From source file:com.ericsson.eiffel.remrem.generate.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    LOGGER.debug("LDAP authentication enabled");
    http.authorizeRequests().anyRequest().authenticated().and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and().httpBasic().and().csrf().disable();

}

From source file:org.meruvian.yama.webapi.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/oauth/authorize").fullyAuthenticated()
            .and().formLogin().loginPage(LOGIN_PAGE_URL).loginProcessingUrl(LOGIN_PROCESSING_URL)
            .usernameParameter("username").passwordParameter("password").defaultSuccessUrl(LOGIN_SUCCESS_URL)
            .failureUrl(LOGIN_FAILURE_URL).and().logout().logoutUrl(LOGOUT_URL)
            .logoutSuccessUrl(LOGOUT_SUCCESS_URL).invalidateHttpSession(true).and().rememberMe()
            .userDetailsService(userDetailsService).and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and().csrf()
            .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable();
}

From source file:org.osiam.configuration.WebApplicationSecurity.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    LoginDecisionFilter loginDecisionFilter = new LoginDecisionFilter();
    loginDecisionFilter.setAuthenticationManager(authenticationManagerBean());
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setAlwaysUseDefaultTargetUrl(false);
    loginDecisionFilter.setAuthenticationSuccessHandler(successHandler);
    loginDecisionFilter/* ww w .  j av a2 s .c om*/
            .setAuthenticationFailureHandler(new OsiamCachingAuthenticationFailureHandler("/login/error"));

    // @formatter:off
    http.requestMatchers().antMatchers("/login/**", "/error", "/oauth/**").and().authorizeRequests()
            .antMatchers("/login", "/login/error", "/error").permitAll().anyRequest().authenticated().and()
            .csrf()
            // TODO: This is a bad idea! We need CSRF at least for the `/oauth/authorize` endpoint
            // see also: https://github.com/spring-projects/spring-security-oauth/blob/2.0.8.RELEASE/samples/oauth2/sparklr/src/main/java/org/springframework/security/oauth/examples/sparklr/config/SecurityConfiguration.java#L48
            .disable().exceptionHandling().accessDeniedPage("/login/error").and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and().formLogin()
            .loginProcessingUrl("/login/check").failureUrl("/login/error").loginPage("/login").and()
            .addFilterBefore(loginDecisionFilter, UsernamePasswordAuthenticationFilter.class);
    // @formatter:on
}

From source file:org.apache.atlas.web.security.AtlasSecurityConfig.java

protected void configure(HttpSecurity httpSecurity) throws Exception {

    //@formatter:off
    httpSecurity.authorizeRequests().anyRequest().authenticated().and().headers().disable().servletApi().and()
            .csrf().disable().sessionManagement().enableSessionUrlRewriting(false)
            .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).sessionFixation().newSession().and()
            .formLogin().loginPage("/login.jsp").loginProcessingUrl("/j_spring_security_check")
            .successHandler(successHandler).failureHandler(failureHandler).usernameParameter("j_username")
            .passwordParameter("j_password").and().logout().logoutSuccessUrl("/login.jsp")
            .deleteCookies("ATLASSESSIONID").logoutUrl("/logout.html").and().httpBasic()
            .authenticationEntryPoint(getDelegatingAuthenticationEntryPoint());
    //@formatter:on

    if (configuration.getBoolean("atlas.server.ha.enabled", false)) {
        LOG.info("Atlas is in HA Mode, enabling ActiveServerFilter");
        httpSecurity.addFilterAfter(activeServerFilter, BasicAuthenticationFilter.class);
    }//from  www .jav a2 s  .c om
    httpSecurity.addFilterAfter(staleTransactionCleanupFilter, BasicAuthenticationFilter.class)
            .addFilterAfter(ssoAuthenticationFilter, BasicAuthenticationFilter.class)
            .addFilterAfter(atlasAuthenticationFilter, SecurityContextHolderAwareRequestFilter.class)
            .addFilterAfter(csrfPreventionFilter, AtlasAuthenticationFilter.class)
            .addFilterAfter(atlasAuthorizationFilter, FilterSecurityInterceptor.class);
}