Example usage for org.springframework.security.config.http SessionCreationPolicy STATELESS

List of usage examples for org.springframework.security.config.http SessionCreationPolicy STATELESS

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.config.http.*
  5. SessionCreationPolicy
  6. STATELESS

Introduction

In this page you can find the example usage for org.springframework.security.config.http SessionCreationPolicy STATELESS.

Prototype

SessionCreationPolicy STATELESS

To view the source code for org.springframework.security.config.http SessionCreationPolicy STATELESS.

Click Source Link

Document

Spring Security will never create an HttpSession and it will never use it to obtain the SecurityContext

Usage

From source file:com.sg.rest.spring.SecurityContext.java

public static void ConfigureStatelessSecurityWithoutCsrfProtection(HttpSecurity http) throws Exception {
    //Stateless/*from   w  ww  .  j  a  va 2  s.c  o m*/
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    //No csrf
    http.csrf().disable();
}

From source file:st.malike.auth.client.security.ResourceServerConfig.java

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/**").authenticated().and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}

From source file:com.pablinchapin.tiendaliz.configuration.SecurityConfiguration.java

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {

    httpSecurity.csrf().disable().authorizeRequests().antMatchers(HttpMethod.POST, "/api/**").authenticated()
            .antMatchers(HttpMethod.PUT, "/api/**").authenticated().antMatchers(HttpMethod.DELETE, "/api/**")
            .authenticated()//w  w w  .  j ava2s  . c  om

            .anyRequest().permitAll().and().httpBasic().and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

}

From source file:org.starfishrespect.myconsumption.server.business.security.WebSecurityConfig.java

/**
 * Define the security policy for the REST services.
 * BASIC authentication is supported./*from w  ww.  ja  v  a 2 s .c om*/
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers(HttpMethod.POST, "/users/**").permitAll() // needed to create a user on the first launch of the app
            .antMatchers(HttpMethod.POST, "/users/**/sensor/**").authenticated().antMatchers("/configs/**")
            .permitAll() // this resource does not need to be protected
            .anyRequest().authenticated().and().httpBasic().and().csrf().disable().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}

From source file:com.esquema.seguridad.ApplicationSecurity.java

@Override
protected void configure(HttpSecurity http) throws Exception {

    /* Inicio//from w  w  w  .  j a  va 2 s  .com
     *********************** Manejo de sesin y autenticacin **************************************/
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests()
            .antMatchers("/esquema/**").fullyAuthenticated().and().httpBasic();
    //.formLogin();
    /********************** Manejo de sesin y autenticacin ***************************************
    * Fin */

    /* Inicio
     *********************** Manejo de sesin y autenticacin **************************************/
    http.authorizeRequests().antMatchers("/").permitAll().and().authorizeRequests()
            .antMatchers("/h2/**", "/H2/**").permitAll();
    http.csrf().disable();
    http.headers().frameOptions().disable();
    /********************** Manejo de sesin y autenticacin ***************************************
    * Fin */

    /* Inicio
     *********************** Hace que el request sea solo por HTTPS **************************************
    http
        .requiresChannel().antMatchers("/escribe tu ruta aqu/**").requiresSecure();
    http.csrf().disable();
    /********************** Hace que el request sea solo por HTTPS ***************************************
    * Fin */

}

From source file:com.javiermoreno.springboot.mvc.users.CustomSecurityAdapter.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests().antMatchers("/**").permitAll();
}

From source file:reconf.server.ApplicationSecurity.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();//from www . ja v a  2 s . c o  m
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http.authorizeRequests().antMatchers("/crud/**").fullyAuthenticated().accessDecisionManager(decisionManager)
            .and().httpBasic();
}

From source file:blankd.acme.pet.licensing.config.security.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable() //<--- Research why this only allows GET and POST
            .authorizeRequests().antMatchers("/license/find/*").permitAll().antMatchers("/license/").permitAll()
            .antMatchers("/license/new").hasAuthority("ADMIN").antMatchers("/license/assign/*")
            .hasAnyAuthority("CLERK", "ADMIN").antMatchers("/license/assign/force/**").hasAuthority("ADMIN")
            .antMatchers("/license/delete/**").hasAuthority("ADMIN").antMatchers("/account/view/*").permitAll()
            .antMatchers("/pet/new").hasAnyAuthority("CLERK", "ADMIN").antMatchers("/pet/*/update")
            .hasAnyAuthority("CLERK", "ADMIN").antMatchers("/pet/*/delete").hasAnyAuthority("CLERK", "ADMIN")
            .antMatchers("/pet/**").permitAll().antMatchers("/account/new").permitAll()
            .antMatchers("/account/**").hasAnyAuthority("CLERK", "ADMIN").anyRequest().fullyAuthenticated()
            .and().httpBasic().realmName(REALM).authenticationEntryPoint(getMyEntryPoint()).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}

From source file:com.esa.infocontrol.config.spring.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    System.out.println("Configuring InfoControl Security. . . ");
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().portMapper()
            .http(8080).mapsTo(8181).and().requiresChannel().anyRequest().requiresSecure().and().csrf()
            .disable().authorizeRequests().antMatchers("/api/admin/**").hasRole("ADMIN").antMatchers("/api/**")
            .hasRole("USERAPI").antMatchers("/*").hasRole("USER").and().httpBasic()
            .realmName("InfoControlRestAPI REALM");
}

From source file:com.javiermoreno.springboot.rest.TokenSecurityAdapter.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()).and()
            // Filter order: http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/apidocs/org/springframework/security/config/annotation/web/HttpSecurityBuilder.html#addFilter%28javax.servlet.Filter%29
            .addFilterAfter(authenticationTokenProcessingFilterBean(), BasicAuthenticationFilter.class)
            .authorizeRequests()/*  w w w .  ja  va 2 s.  co m*/
            .antMatchers("/api-docs/**", "/public/**", "/views/**", "/errores/**", "/health/**", "/metrics/**",
                    "/configprops/**")
            .permitAll().antMatchers(HttpMethod.GET, "/private/**").hasRole("ADMIN")
            .antMatchers(HttpMethod.GET, "/shutdown/**").hasRole("ADMIN")
            //.access("hasRole('ROLE_ADMIN')")
            .anyRequest().authenticated().and().httpBasic();
}