Example usage for org.springframework.security.config.http SessionCreationPolicy STATELESS

List of usage examples for org.springframework.security.config.http SessionCreationPolicy STATELESS

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.config.http.*
  5. SessionCreationPolicy
  6. STATELESS

Introduction

In this page you can find the example usage for org.springframework.security.config.http SessionCreationPolicy STATELESS.

Prototype

SessionCreationPolicy STATELESS

To view the source code for org.springframework.security.config.http SessionCreationPolicy STATELESS.

Click Source Link

Document

Spring Security will never create an HttpSession and it will never use it to obtain the SecurityContext

Usage

From source file:org.createnet.raptor.auth.service.JWTWebSecurityConfigurationAdapter.java

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity//from   w  w  w . j a v  a 2s  .c om
            // we don't need CSRF because our token is invulnerable
            .csrf().disable().exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
            // don't create session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().cors().and()
            .authorizeRequests().antMatchers(authenticationPath).permitAll().antMatchers(authenticationRefresh)
            .permitAll().antMatchers("/v2/api-docs").permitAll()
            // keep this method private to allow sync beetween api and auth
            .antMatchers("/sync").hasIpAddress("127.0.0.1").anyRequest().authenticated();

    // Custom JWT based security filter
    httpSecurity.addFilterBefore(authenticationTokenFilterBean(), JsonUsernamePasswordFilter.class);

    // disable page caching
    httpSecurity.headers().cacheControl();
}

From source file:fr.mycellar.configuration.SpringSecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable() //
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() //
            .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint).and() //
            .securityContext().securityContextRepository(securityContextTokenRepository).and() //
            .antMatcher("**") //
            .authorizeRequests() //
            .antMatchers("/api/admin/**").hasRole("ADMIN") //
            .antMatchers("/api/**").permitAll() //
            .antMatchers("/cellar/**").hasRole("CELLAR") //
            .antMatchers("/admin/**").hasRole("ADMIN") //
            .antMatchers("/booking/reports").hasRole("ADMIN") //
            .antMatchers("/booking/**").hasRole("BOOKING") //
            .antMatchers("/contact/**").hasRole("ADMIN") //
            .antMatchers("/monitoring/**").hasRole("MONITORING");
}

From source file:org.apache.nifi.minifi.c2.security.SecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.rememberMe().disable().authorizeRequests().anyRequest().fullyAuthenticated().and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http.addFilterBefore(x509AuthenticationFilter, AnonymousAuthenticationFilter.class);
    http.anonymous().authenticationFilter(c2AnonymousAuthenticationFilter);
}

From source file:es.galvarez.rest.config.SpringSecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http.exceptionHandling().authenticationEntryPoint(basicAuthenticationEntryPoint()).and().sessionManagement()
            .enableSessionUrlRewriting(false).sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/api/**").permitAll().and()
            .authorizeRequests().antMatchers("/api/**").authenticated().and().httpBasic()
            .authenticationEntryPoint(basicAuthenticationEntryPoint()).and().csrf().disable();
    // @formatter:on
}

From source file:org.opendatakit.configuration.TestBasicSecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    logger.info("Setting up authentication.");

    // We have a choice here; stateless OR enable sessions and use CSRF.
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http.csrf().disable();/*from  w ww . j  a  v  a 2s . c om*/

    http.authorizeRequests().antMatchers("/*").permitAll();

    http.authorizeRequests().antMatchers("/**").authenticated().and()
            .addFilterBefore(basicAuthenticationFilter(), AnonymousAuthenticationFilter.class);

}

From source file:com.organization.projectname.config.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity// w w w.  j a  v  a 2 s. c om
            // we don't need CSRF because our token is invulnerable
            .csrf().disable().exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
            // don't create session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests()
            //.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()

            // allow anonymous resource requests
            .antMatchers(HttpMethod.GET, "/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js")
            .permitAll().antMatchers("/api/v1/auth").permitAll().antMatchers("/api/v1/").permitAll()
            .antMatchers("/api/v1/admin").hasRole("ADMIN").anyRequest().authenticated();

    // Custom JWT based security filter
    httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

    // disable page caching
    httpSecurity.headers().cacheControl();
}

From source file:com.github.lynxdb.server.api.http.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.csrf().disable();//w w  w.j  a  va 2 s  .  c om

    http.antMatcher("/api/**").authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll()
            .antMatchers(EpAggregators.ENDPOINT, EpQuery.ENDPOINT, EpSuggest.ENDPOINT)
            .hasAnyRole(User.Rank.RO_USER.name(), User.Rank.RW_USER.name(), User.Rank.ADMIN.name())
            .antMatchers(HttpMethod.POST, EpPut.ENDPOINT)
            .hasAnyRole(User.Rank.RW_USER.name(), User.Rank.ADMIN.name())
            .antMatchers(EpUser.ENDPOINT, EpVhost.ENDPOINT).hasRole(User.Rank.ADMIN.name());

    http.httpBasic().realmName("Lynx");

    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}

From source file:org.opendatakit.configuration.TestDigestSecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    logger.info("Setting up authentication.");

    // We have a choice here; stateless OR enable sessions and use CSRF.
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http.csrf().disable();//from   w w  w . j a va  2 s  .c o  m

    http.authorizeRequests().antMatchers("/*").permitAll();

    http.authorizeRequests().antMatchers("/**").authenticated().and()
            .addFilterBefore(basicAuthenticationFilter(), AnonymousAuthenticationFilter.class)
            .addFilter(digestAuthenticationFilter());

}

From source file:at.ac.univie.isc.asio.Security.java

/**
 * default security settings for rest-ful endpoints
 *//*from w  w  w  . j  a v  a 2  s  . c o  m*/
private static void defaultHttpOptions(final HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().requestCache()
            .disable().csrf().disable().logout().disable().headers().cacheControl().contentTypeOptions()
            .xssProtection().frameOptions();
}

From source file:org.opendatakit.configuration.SecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    logger.info("Setting up authentication.");
    http.exceptionHandling().authenticationEntryPoint(delegatingAuthenticationEntryPoint());

    // We have a choice here; stateless OR enable sessions and use CSRF.
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http.csrf().disable();/*from  w w w . ja v  a2  s  .  co m*/

    http.authorizeRequests().antMatchers("/").permitAll();
    http.authorizeRequests().antMatchers("/healthcheck").permitAll();
    http.authorizeRequests().antMatchers("/swagger.json").permitAll();
    http.authorizeRequests().antMatchers("/favicon.ico").permitAll();
    http.authorizeRequests().antMatchers("/index.html").permitAll();
    http.authorizeRequests().antMatchers("/swagger/**").permitAll();
    http.authorizeRequests().antMatchers("/images/**").permitAll();
    http.authorizeRequests().antMatchers("/odktables/**").hasRole("SYNCHRONIZE_TABLES");
    http.authorizeRequests().antMatchers("/users/list").hasRole("USER"); // Backwards compatible
                                                                         // with aggregate
    http.authorizeRequests().antMatchers("/roles/granted").hasRole("USER"); // Backwards compatible
                                                                            // with aggregate
    http.authorizeRequests().antMatchers("/admin/**").hasRole("SITE_ACCESS_ADMIN");

    // This is where we are currently enabling a fallback to Basic Authentication.
    // We may wish to remove this, as it is not very secure. On the other hand, we're not requiring
    // anyone to use it.
    http.authorizeRequests().antMatchers("/**").authenticated().and()
            .addFilterBefore(basicAuthenticationFilter(), AnonymousAuthenticationFilter.class)
            .addFilterAt(anonymousFilter(), AnonymousAuthenticationFilter.class)
            .addFilter(digestAuthenticationFilter());

}