List of usage examples for org.springframework.security.web.util.matcher AntPathRequestMatcher AntPathRequestMatcher
public AntPathRequestMatcher(String pattern)
From source file:com.alehuo.wepas2016projekti.configuration.ProductionSecurityConfiguration.java
/** * Konfiguroi Spring Security -lisosan/* w ww . j a v a 2 s . c o m*/ * * @param http * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.headers().frameOptions().sameOrigin(); //Sallitaan psy resurssikansioihin //Kirjautumislokame lytyy GET -reitist /login http.authorizeRequests().antMatchers("/delete/**").hasAuthority(Role.ADMINISTRATOR.toString()) .antMatchers("/js/**", "/css/**", "/manifest.json", "/resources/**", "/register", "/fi_FI.png", "/en_EN.png", "/login**", "/fonts/roboto/**") .permitAll().anyRequest().permitAll().anyRequest().authenticated().and().formLogin() .defaultSuccessUrl("/", true).loginPage("/login").permitAll().and().logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll(); }
From source file:com.ecsteam.springutils.pattern.controller.PatternController.java
/** * Build a Spring Security {@link RequestMatcher} from the request * /*from w w w. j a v a 2 s .co m*/ * @param request * @return */ private RequestMatcher getRequestMatcher(PatternRequest request) { RequestMatcher matcher = null; Assert.notNull(request.getPattern()); Assert.notNull(request.getType()); PatternType type = PatternType.valueOf(request.getType()); if (type == PatternType.ANT) { matcher = new AntPathRequestMatcher(request.getPattern()); } else if (type == PatternType.REGEX) { matcher = new RegexRequestMatcher(request.getPattern(), null); } else { throw new IllegalArgumentException(); } return matcher; }
From source file:com.hp.autonomy.frontend.find.hod.beanconfiguration.InMemoryHodSecurity.java
@SuppressWarnings("ProhibitedExceptionDeclared") @Override// www .ja va 2 s. c om protected void configure(final HttpSecurity http) throws Exception { final AuthenticationSuccessHandler loginSuccessHandler = new LoginSuccessHandler(FindRole.CONFIG.toString(), FindController.CONFIG_PATH, "/p/"); final HttpSessionRequestCache requestCache = new HttpSessionRequestCache(); requestCache.setRequestMatcher(new OrRequestMatcher(new AntPathRequestMatcher("/p/**"), new AntPathRequestMatcher(FindController.CONFIG_PATH))); http.regexMatcher("/p/.*|/config/.*|/authenticate|/logout").authorizeRequests().antMatchers("/p/**") .hasRole(FindRole.ADMIN.name()).antMatchers(FindController.CONFIG_PATH) .hasRole(FindRole.CONFIG.name()).and().requestCache().requestCache(requestCache).and().formLogin() .loginPage(FindController.DEFAULT_LOGIN_PAGE).loginProcessingUrl("/authenticate") .successHandler(loginSuccessHandler).failureUrl(FindController.DEFAULT_LOGIN_PAGE + "?error=auth") .and().logout() .logoutSuccessHandler(new HodLogoutSuccessHandler( new HodTokenLogoutSuccessHandler(SsoController.SSO_LOGOUT_PAGE, tokenRepository), FindController.APP_PATH)) .and().csrf().disable(); }
From source file:com.hp.autonomy.frontend.find.idol.beanconfiguration.IdolSecurity.java
@SuppressWarnings("ProhibitedExceptionDeclared") @Override/*from w w w . j ava2s .c o m*/ protected void configure(final HttpSecurity http) throws Exception { final LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>(); entryPoints.put(new AntPathRequestMatcher("/api/**"), new Http403ForbiddenEntryPoint()); entryPoints.put(AnyRequestMatcher.INSTANCE, new LoginUrlAuthenticationEntryPoint(FindController.DEFAULT_LOGIN_PAGE)); final AuthenticationEntryPoint authenticationEntryPoint = new DelegatingAuthenticationEntryPoint( entryPoints); http.csrf().disable().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint) .accessDeniedPage("/authentication-error").and().logout().logoutUrl("/logout") .logoutSuccessUrl(FindController.DEFAULT_LOGIN_PAGE).and().authorizeRequests() .antMatchers(FindController.APP_PATH + "**").hasAnyRole(FindRole.USER.name()) .antMatchers(FindController.CONFIG_PATH).hasRole(FindRole.CONFIG.name()) .antMatchers("/api/public/**").hasRole(FindRole.USER.name()).antMatchers("/api/bi/**") .hasRole(FindRole.BI.name()).antMatchers("/api/config/**").hasRole(FindRole.CONFIG.name()) .antMatchers("/api/admin/**").hasRole(FindRole.ADMIN.name()) .antMatchers(FindController.DEFAULT_LOGIN_PAGE).permitAll().antMatchers(FindController.LOGIN_PATH) .permitAll().antMatchers("/").permitAll().anyRequest().denyAll().and().headers().defaultsDisabled() .frameOptions().sameOrigin(); idolSecurityCustomizer.customize(http, authenticationManager()); }
From source file:com.erudika.para.security.JWTRestfulAuthFilter.java
private void setFilterProcessesUrl(String filterProcessesUrl) { this.authenticationRequestMatcher = new AntPathRequestMatcher(filterProcessesUrl); }
From source file:com.juliuskrah.multipart.security.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/u/**").authenticated().and().formLogin() .loginPage("/login").permitAll().and().rememberMe().userDetailsService(userDetailsService).and() .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll(); // @formatter:on }
From source file:jeeves.config.springutil.JeevesAccessDeniedHandler.java
/** * The URLs matching this pattern will only receive the HTTP error code and an empty body, even if the errorPage is * set./*from w w w . j a v a 2 s.c om*/ * @param pattern */ public void setOnlyStatusResponsePages(String pattern) { if (StringUtils.isNotBlank(pattern)) { this.matcher = new AntPathRequestMatcher(pattern); } }
From source file:hu.petabyte.redflags.web.cfg.SecurityRoles.java
@Override protected void configure(HttpSecurity http) throws Exception { CharacterEncodingFilter filter = new CharacterEncodingFilter(); filter.setEncoding("UTF-8"); filter.setForceEncoding(true);//from w w w .ja va2 s . c o m http.addFilterBefore(new LoginCaptchaFilter(security), CsrfFilter.class) // .authorizeRequests() // .antMatchers(// // resources "/css/**", // "/doc/**", // "/img/**", // "/js/**", // "/favicon.ico", // "/robots.txt", // // public pages "/", // "/activate/**", // "/change-password/**", // "/chart/**", // "/forgot", // "/login", // "/register", // "/send-filter-emails", // "/version"// "/send-test-email" ).permitAll() // .anyRequest().authenticated().and() // .formLogin().loginPage("/login").permitAll().and() // .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).deleteCookies("remember-me") .logoutSuccessUrl("/login").permitAll().and() // .rememberMe().tokenValiditySeconds(60 * 60 * 24 * 30).tokenRepository(persistentTokenRepository()); }
From source file:grails.plugin.springsecurity.web.access.intercept.ChannelFilterInvocationSecurityMetadataSourceFactoryBean.java
protected LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> buildMap() { LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> map = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>(); for (Map.Entry<String, String> entry : definition.entrySet()) { String value = entry.getValue(); if (value == null) { throw new IllegalArgumentException("The rule for URL '" + value + "' cannot be null"); }/*from w w w .j ava 2s .c o m*/ value = value.trim(); if (!SUPPORTED.contains(value)) { throw new IllegalArgumentException("The rule for URL '" + value + "' must be one of REQUIRES_SECURE_CHANNEL, REQUIRES_INSECURE_CHANNEL, or ANY_CHANNEL"); } map.put(new AntPathRequestMatcher(entry.getKey()), SecurityConfig.createList(value)); } return map; }
From source file:org.shaigor.rest.retro.service.security.config.OAuth2SecurityConfigurer.java
@Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/login.jsp").permitAll().and().authorizeRequests().anyRequest() .hasRole("USER").and().exceptionHandling().accessDeniedPage("/login.jsp?authorization_error=true") .and()/* w w w . ja va2 s.co m*/ // TODO: put CSRF protection back into this endpoint .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable() .logout().logoutSuccessUrl("/index.jsp").logoutUrl("/logout.do").and().authorizeRequests() .regexMatchers(HttpMethod.GET, "/word/list(\\?.*)?") // .access("hasIpAddress('127.0.0.1') or (#oauth2.hasScope('words') and hasRole('ROLE_USER'))") .access("#oauth2.hasScope('words') and hasRole('ROLE_USER')").and().formLogin() .usernameParameter("j_username").passwordParameter("j_password") .failureUrl("/login.jsp?authentication_error=true").loginPage("/login.jsp") .loginProcessingUrl("/j_spring_security_check"); }