List of usage examples for org.springframework.security.config.http SessionCreationPolicy STATELESS
SessionCreationPolicy STATELESS
To view the source code for org.springframework.security.config.http SessionCreationPolicy STATELESS.
Click Source Link
From source file:com.create.application.configuration.security.ResourceServerConfiguration.java
@Override public void configure(HttpSecurity http) throws Exception { http.exceptionHandling().authenticationEntryPoint(accessForbiddenEntryPoint).and().logout() .logoutUrl("/oauth/logout").logoutSuccessHandler(logoutSuccessHandler).and().csrf() .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable().headers() .frameOptions().disable().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().anyRequest() .authenticated();/*from w ww .ja v a2 s .c om*/ }
From source file:com.boxedfolder.carrot.config.security.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable();// w ww .j av a2 s . c om http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests().antMatchers(HttpMethod.POST, "/client/analytics/logs/**").permitAll(); // Define secured routes here String[] securedEndpoints = { "/client/ping", "/client/beacons/**", "/client/apps/**", "/client/events/**", "/client/analytics/**" }; for (String endpoint : securedEndpoints) { http.authorizeRequests().antMatchers(endpoint).authenticated(); } SecurityConfigurer<DefaultSecurityFilterChain, HttpSecurity> securityConfigurerAdapter = new XAuthTokenConfigurer( userDetailsServiceBean()); http.apply(securityConfigurerAdapter); }
From source file:com.todo.backend.config.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().headers().frameOptions().disable().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().addFilterBefore( new JWTFilter(customProperties.getSecretKey()), UsernamePasswordAuthenticationFilter.class); http.authorizeRequests().antMatchers("/management/**").hasAuthority("ADMIN"); }
From source file:com.devicehive.application.security.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests()//from w w w. jav a2s.com .antMatchers("/css/**", "/server/**", "/scripts/**", "/webjars/**", "/templates/**").permitAll() .antMatchers("/*/swagger.json", "/*/swagger.yaml").permitAll().and().anonymous().disable() .exceptionHandling().authenticationEntryPoint(unauthorizedEntryPoint()); http.addFilterBefore(new HttpAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class) .addFilterAfter(new SimpleCORSFilter(), HttpAuthenticationFilter.class); }
From source file:io.syndesis.runtime.SecurityConfiguration.java
@Override @SuppressWarnings("PMD.SignatureDeclareThrowsException") protected void configure(HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .addFilter(requestHeaderAuthenticationFilter()) .addFilter(new AnonymousAuthenticationFilter("anonymous")).authorizeRequests() .antMatchers(HttpMethod.OPTIONS).permitAll().antMatchers("/api/v1/swagger.*").permitAll() .antMatchers("/api/v1/index.html").permitAll().antMatchers("/api/v1/version").permitAll() .antMatchers(HttpMethod.GET, "/api/v1/credentials/callback").permitAll().antMatchers("/api/v1/**") .hasRole("AUTHENTICATED").anyRequest().permitAll(); http.csrf().disable();// w ww . ja va 2 s . c om }
From source file:com.hillert.botanic.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { SessionRepositoryFilter<ExpiringSession> sessionRepositoryFilter = new SessionRepositoryFilter( sessionRepository);//ww w . ja v a2 s . co m sessionRepositoryFilter.setHttpSessionStrategy(new HeaderHttpSessionStrategy()); http.addFilterBefore(sessionRepositoryFilter, ChannelProcessingFilter.class).csrf().disable(); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests().antMatchers(HttpMethod.POST, "/api/plants/**") .hasRole(DefaultUserDetailsService.ROLE_ADMIN); }
From source file:eu.trentorise.game.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // application never creates an http session http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); http.authorizeRequests()//from w ww.j a va2 s .c o m .antMatchers("/gengine/**", "/console/**", "/model/**", "/data/**", "/exec/**", "/notification/**") .access("hasRole('ROLE_ADMIN')").and().httpBasic(); http.authorizeRequests().antMatchers("/api/**").anonymous(); // disable csrf permits POST http call to DomainConsoleController // without using csrf token http.csrf().disable(); }
From source file:com.coinblesk.server.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.exceptionHandling().authenticationEntryPoint(http401UnauthorizedEntryPoint).and().csrf().disable() .headers().frameOptions().sameOrigin() // To allow h2 console .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests()/* w ww . jav a 2s . co m*/ // .antMatchers("/").permitAll() .antMatchers(REQUIRE_USER_ROLE).hasAuthority(UserRole.USER.getAuthority()) .antMatchers(REQUIRE_ADMIN_ROLE).hasAuthority(UserRole.ADMIN.getAuthority()).and() .apply(securityConfigurerAdapter()); }
From source file:com.mec.Security.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().cors().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests() .antMatchers(HttpMethod.POST, "/login/**").permitAll().antMatchers(HttpMethod.OPTIONS, "/**") .permitAll().and() // **permit OPTIONS call to all** .authorizeRequests().antMatchers("/API/editor/**").hasAnyRole("mapa.Editor").and() .addFilterBefore(jwtLoginFilter(), UsernamePasswordAuthenticationFilter.class)//filter the api/login requests .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);// And filter other requests to check the presence of JWT in header }
From source file:org.meruvian.yama.webapi.config.oauth.ResourceServerConfig.java
@Override public void configure(HttpSecurity http) throws Exception { String[] authorizedUrl = { "/autoconfig", "/beans", "/configprops", "/dump", "/env", "/health", "/info", "/metrics", "/mappings", "/shutdown", "/trace", "/oauth/token", "/api/**" }; http.requestMatchers().antMatchers(authorizedUrl).and().authorizeRequests().antMatchers("/oauth/token") .fullyAuthenticated().antMatchers("/api/roles", "/api/roles/**").hasAuthority("ADMINISTRATOR") .antMatchers("/api/users/me", "/api/users/me/**").fullyAuthenticated() .antMatchers("/api/users", "/api/users/**").hasAuthority("ADMINISTRATOR") .antMatchers("/api/oauth/clients/**").permitAll().antMatchers("/api/complaints").permitAll() .antMatchers("/api/categories").permitAll().antMatchers("/api/signup").anonymous() .antMatchers("/**").fullyAuthenticated().and().sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .userDetailsService(clientDetailsUserDetailsService).anonymous().and().headers().frameOptions() .disable().exceptionHandling().accessDeniedHandler(accessDeniedHandler); }