List of usage examples for org.springframework.security.web.savedrequest NullRequestCache NullRequestCache
NullRequestCache
From source file:com.netflix.genie.web.security.SecurityUtils.java
/** * Build the common API HTTP security.// w w w.j a v a2 s .c o m * * @param http The http security object to use * @param x509UserDetailsService The x509 authentication user details service to use * @param actuatorEndpoint The endpoint where the Spring Actuator sits * @throws Exception when there is a problem configuring HTTP errors */ public static void buildAPIHttpSecurity(@NotNull final HttpSecurity http, @NotNull final X509UserDetailsService x509UserDetailsService, @NotBlank final String actuatorEndpoint) throws Exception { // @formatter:off http // .regexMatcher("(/api/.*)|(" + actuatorEndpoint + ")/(?!health).*") .regexMatcher("(/api/.*)").authorizeRequests() .regexMatchers(HttpMethod.DELETE, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PATCH, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.POST, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PUT, APPLICATIONS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.DELETE, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PATCH, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.POST, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PUT, CLUSTERS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.DELETE, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PATCH, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.POST, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE) .regexMatchers(HttpMethod.PUT, COMMANDS_API_REGEX).hasRole(ADMIN_ROLE).anyRequest() .hasRole(USER_ROLE).and().x509().authenticationUserDetailsService(x509UserDetailsService).and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER) // .and() // .requiresChannel().anyRequest().requiresSecure() .and().requestCache().requestCache(new NullRequestCache()).and().csrf().disable(); // @formatter:on }
From source file:cn.edu.zjnu.acm.judge.config.SecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { SimpleUrlAuthenticationSuccessHandler simpleUrlAuthenticationSuccessHandler = new JudgeAuthenticationSuccessHandler( "/"); simpleUrlAuthenticationSuccessHandler.setUseReferer(false); simpleUrlAuthenticationSuccessHandler.setTargetUrlParameter("url"); DefaultRedirectStrategy defaultRedirectStrategy = new DefaultRedirectStrategy(); simpleUrlAuthenticationSuccessHandler.setRedirectStrategy(defaultRedirectStrategy); SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); simpleUrlLogoutSuccessHandler.setUseReferer(true); // @formatter:off http.authorizeRequests().antMatchers(ckfinder.getServlet().getPath()).hasAnyRole("ADMIN").and().csrf() .disable().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and() .formLogin().loginPage("/login").usernameParameter("user_id1").passwordParameter("password1") .successHandler(simpleUrlAuthenticationSuccessHandler).failureHandler(failureHandler()).permitAll() .and().headers().cacheControl().disable().httpStrictTransportSecurity().disable().frameOptions() .sameOrigin().and().logout().logoutUrl("/logout") .logoutSuccessHandler(simpleUrlLogoutSuccessHandler).permitAll().and().rememberMe() .rememberMeParameter("rememberMe").tokenRepository(persistentTokenRepository).and().requestCache() .requestCache(new NullRequestCache()).and().servletApi(); // @formatter:on }
From source file:com.appspot.potlachkk.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // We don't want to cache requests during login http.requestCache().requestCache(new NullRequestCache()); //I am not sure if this configuration is not a "work-aroud" //maybe there is a simpler/more elegant solution //Avoid CSRF token related problems with mobile clients http.csrf().disable();//from w w w . ja v a 2s . c o m //if attempt to access protected URL without authentication //send the client HTTP code (instead of redirecting to login form) //now to login a POST to /login with password=pass1&username=user1 //Content-Type: application/x-www-form-urlencoded must be sent http.exceptionHandling().authenticationEntryPoint(JSON_AUTHENTICATION_ENTRY_POINT); http.formLogin().successHandler(NO_REDIRECT_SUCCESS_HANDLER).failureHandler(NO_REDIRECT_FAILURE_HANDLER) .permitAll().and().logout().logoutUrl("/logout").logoutSuccessHandler(JSON_LOGOUT_SUCCESS_HANDLER) .deleteCookies("JSESSIONID").invalidateHttpSession(true).permitAll(); //GAE - specific localhost maintenance URL http.authorizeRequests().antMatchers("/_ah/**").permitAll(); //configuration URL - should be disabled in production http.authorizeRequests().antMatchers("/config").permitAll(); http.authorizeRequests().antMatchers("/delconfig").permitAll(); //test http.authorizeRequests().antMatchers("/image/**").permitAll(); //http.authorizeRequests().antMatchers("/chain/**").permitAll(); //http.authorizeRequests().antMatchers("/gift/**").permitAll(); http.authorizeRequests().anyRequest().authenticated(); }