List of usage examples for org.springframework.security.web.header.writers.frameoptions XFrameOptionsHeaderWriter XFrameOptionsHeaderWriter
public XFrameOptionsHeaderWriter(AllowFromStrategy allowFromStrategy)
From source file:com.crec.controller.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() // Refactor login form // See https://jira.springsource.org/browse/SPR-11496 .headers()//from ww w . ja v a 2 s. c o m .addHeaderWriter( new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN)) .and() .formLogin().defaultSuccessUrl("/index.html").loginPage("/login.html") .failureUrl("/login.html?error").permitAll().and().logout().logoutSuccessUrl("/login.html?logout") .logoutUrl("/logout.html").permitAll().and().authorizeRequests().antMatchers("/assets/**") .permitAll().anyRequest().authenticated().and(); }
From source file:com.jfillo.spring.samples.chatroom.config.ChatWebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable().headers()//from w w w.jav a2s. c o m .addHeaderWriter( new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN)) .and().authorizeRequests().antMatchers("/resources/**").permitAll().anyRequest().authenticated() .and().formLogin().defaultSuccessUrl("/index.html").loginPage("/login.html") .failureUrl("/login.html?error").permitAll().and().logout().logoutSuccessUrl("/login.html?logout") .logoutUrl("/logout.html").permitAll(); }
From source file:ch.rasc.s4ws.portfolio.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.csrf().disable()/* w w w.j a v a 2 s .c om*/ // See https://jira.springsource.org/browse/SPR-11496 .headers() .addHeaderWriter( new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN)) .and() .formLogin().defaultSuccessUrl("/portfolio/index.html").loginPage("/portfolio/login.html") .failureUrl("/portfolio/login.html?error").permitAll().and().logout() .logoutSuccessUrl("/portfolio/login.html?logout").logoutUrl("/portfolio/logout.html").permitAll() .and().authorizeRequests().antMatchers("/portfolio/login.css").permitAll() .antMatchers("/portfolio/**").authenticated().and(); // @formatter:on }
From source file:cn.designthougths.sample.axon.sfav.webui.UIApplication.java
@Override public void configure(HttpSecurity http) throws Exception { http.logout().and().headers()/*from w w w. jav a 2 s . c om*/ .addHeaderWriter( new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN)) .and().antMatcher("/**").authorizeRequests() .antMatchers("/index.html", "/location.html", "/templates/*", "/partials/*", "/", "/login") .permitAll().anyRequest().authenticated().and().csrf().csrfTokenRepository(csrfTokenRepository()) .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class); }
From source file:com.xiovr.unibot.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // http.authorizeRequests().antMatchers("/css/**", "/images/**, /js/**") // .permitAll().anyRequest().authenticated(); ////w ww . j a v a 2 s . c o m // http.formLogin().failureUrl("/login").loginPage("/login") // .loginProcessingUrl("/login/submit") // .usernameParameter("username").passwordParameter("password") // .defaultSuccessUrl("/", false).permitAll(); // http.logout().logoutUrl("/logout").invalidateHttpSession(true) // .permitAll(); http.headers().addHeaderWriter( new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN)); http.headers().xssProtection(); http.headers().cacheControl(); http.headers().contentTypeOptions(); HstsHeaderWriter writer = new HstsHeaderWriter(false); writer.setRequestMatcher(AnyRequestMatcher.INSTANCE); http.headers().addHeaderWriter(writer); http.csrf().disable(); http.authorizeRequests().antMatchers("/css/**", "/images/**").permitAll().anyRequest().authenticated(); http.formLogin().usernameParameter("username").passwordParameter("password").loginPage("/login") .loginProcessingUrl("/login/submit").defaultSuccessUrl("/", false).permitAll().and() .exceptionHandling().accessDeniedPage("/error").and().logout().permitAll(); }