List of usage examples for org.springframework.security.web.util.matcher AntPathRequestMatcher AntPathRequestMatcher
public AntPathRequestMatcher(String pattern)
From source file:cherry.foundation.springmvc.CsrfRequestMatcherTest.java
@Test public void testMatches() { RequestMatcher m = new AntPathRequestMatcher("/logout/**"); CsrfRequestMatcher matcher = new CsrfRequestMatcher(); matcher.setAllowedMethods(Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$", Pattern.CASE_INSENSITIVE)); matcher.setExcludes(asList(m));/*ww w .j a v a 2 s .c o m*/ assertFalse(matcher.matches(createRequest("GET", "/login"))); assertFalse(matcher.matches(createRequest("GET", "/logout"))); assertTrue(matcher.matches(createRequest("POST", "/login"))); assertFalse(matcher.matches(createRequest("POST", "/logout"))); }
From source file:com.kazuki43zoo.jpetstore.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.formLogin().loginPage("/login").defaultSuccessUrl("/catalog").permitAll(); http.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/catalog") .deleteCookies("JSESSIONID").permitAll(); http.authorizeRequests().mvcMatchers("/my/**").authenticated().anyRequest().permitAll(); }
From source file:com.hp.autonomy.frontend.find.core.beanconfiguration.SecurityConfiguration.java
@SuppressWarnings("ProhibitedExceptionDeclared") @Override/*from www . j av a 2 s . com*/ protected void configure(final HttpSecurity http) throws Exception { final HttpSessionRequestCache requestCache = new HttpSessionRequestCache(); requestCache.setRequestMatcher(new AntPathRequestMatcher(FindController.APP_PATH)); http.authorizeRequests().antMatchers("/api/public/**").hasRole(FindRole.USER.name()) .antMatchers("/api/admin/**").hasRole(FindRole.ADMIN.name()).antMatchers("/api/config/**") .hasRole(FindRole.CONFIG.name()).antMatchers("/api/bi/**").hasRole(FindRole.BI.name()).and() .requestCache().requestCache(requestCache).and().csrf().disable().headers().defaultsDisabled() .frameOptions().sameOrigin(); }
From source file:com.chortitzer.web.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // Have to disable it for POST methods: // http://stackoverflow.com/a/20608149/1199132 http.csrf().disable();// w w w . j a v a 2 s .c om // Logout and redirection: // http://stackoverflow.com/a/24987207/1199132 http.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).invalidateHttpSession(true) .logoutSuccessUrl("/login.xhtml"); http.authorizeRequests() // Some filters enabling url regex: // http://stackoverflow.com/a/8911284/1199132 .regexMatchers("\\A/page1.xhtml\\?param1=true\\Z", "\\A/page2.xhtml.*").permitAll() //Permit access for all to error and denied views .antMatchers("/500.xhtml", "/denied.xhtml").permitAll() // Only access with admin role .antMatchers("/admin/**").hasRole("ADMIN") //Permit access only for some roles .antMatchers("/usi/**").hasAnyRole("ADMIN", "energia") //If user doesn't have permission, forward him to login page .and().formLogin().loginPage("/login.xhtml").loginProcessingUrl("/login") .defaultSuccessUrl("/index.xhtml").and().exceptionHandling().accessDeniedPage("/denied.xhtml"); }
From source file:com.olegchir.wicket_spring_security_example.init.SpringSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new CsrfTokenFilter(), CsrfFilter.class).formLogin().loginPage("/login").permitAll() .and().logout().deleteCookies("remove").invalidateHttpSession(true).logoutUrl("/logout") .logoutSuccessUrl("/logout_success") //http://stackoverflow.com/questions/24108585/spring-security-java-config-not-generating-logout-url .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).and().authorizeRequests() .antMatchers("/favicon.ico").permitAll().antMatchers("/logout_success").permitAll() .antMatchers("/**").hasRole("USER"); }
From source file:cz.sohlich.workstack.security.StatelessLoginFilter.java
public StatelessLoginFilter(String urlMapping, TokenAuthenticationService tokenAuthenticationService, MongoUserDetailService userDetailsService, AuthenticationManager authManager) { super(new AntPathRequestMatcher(urlMapping)); this.userDetailsService = userDetailsService; this.tokenAuthenticationService = tokenAuthenticationService; setAuthenticationManager(authManager); }
From source file:com.mec.Security.JWTLoginFilter.java
public JWTLoginFilter(String url, AuthenticationManager authManager) { super(new AntPathRequestMatcher(url)); setAuthenticationManager(authManager); }
From source file:rzd.vivc.documentexamination.configuration.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.formLogin().loginPage("/login").and().logout().logoutSuccessUrl("/") .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).deleteCookies("remove") .invalidateHttpSession(true).and().authorizeRequests().antMatchers("/director/**") .hasRole("DIRECTOR").antMatchers("/admin/**").hasRole("ADMIN").antMatchers("/user/**") .hasAnyRole("USER", "DIRECTOR").anyRequest().permitAll().and().csrf().disable(); /** .and()/* ww w. j a va 2 s.com*/ // , ? https. ? ? https .requiresChannel().antMatchers("/users/**","/user**","/login").requiresSecure()**/ ; }
From source file:org.italiangrid.storm.webdav.authz.util.ReadonlyHTTPMethodMatcher.java
public ReadonlyHTTPMethodMatcher(String pattern) { pathMatcher = new AntPathRequestMatcher(pattern); }
From source file:com.sentinel.config.StatelessLoginFilter.java
/** * @param requiresAuthenticationRequestMatcher *//*from w ww . j a v a 2s .c om*/ protected StatelessLoginFilter(String urlMapping, TokenAuthenticationService tokenAuthenticationService, UserProfileService userProfileService, AuthenticationManager authManager) { super(new AntPathRequestMatcher(urlMapping)); this.userProfileService = userProfileService; this.tokenAuthenticationService = tokenAuthenticationService; setAuthenticationManager(authManager); }