List of usage examples for org.springframework.security.web.util.matcher AnyRequestMatcher INSTANCE
RequestMatcher INSTANCE
To view the source code for org.springframework.security.web.util.matcher AnyRequestMatcher INSTANCE.
Click Source Link
From source file:com.hp.autonomy.frontend.find.idol.beanconfiguration.IdolSecurity.java
@SuppressWarnings("ProhibitedExceptionDeclared") @Override//from w w w . j av a2 s . c o m protected void configure(final HttpSecurity http) throws Exception { final LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>(); entryPoints.put(new AntPathRequestMatcher("/api/**"), new Http403ForbiddenEntryPoint()); entryPoints.put(AnyRequestMatcher.INSTANCE, new LoginUrlAuthenticationEntryPoint(FindController.DEFAULT_LOGIN_PAGE)); final AuthenticationEntryPoint authenticationEntryPoint = new DelegatingAuthenticationEntryPoint( entryPoints); http.csrf().disable().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint) .accessDeniedPage("/authentication-error").and().logout().logoutUrl("/logout") .logoutSuccessUrl(FindController.DEFAULT_LOGIN_PAGE).and().authorizeRequests() .antMatchers(FindController.APP_PATH + "**").hasAnyRole(FindRole.USER.name()) .antMatchers(FindController.CONFIG_PATH).hasRole(FindRole.CONFIG.name()) .antMatchers("/api/public/**").hasRole(FindRole.USER.name()).antMatchers("/api/bi/**") .hasRole(FindRole.BI.name()).antMatchers("/api/config/**").hasRole(FindRole.CONFIG.name()) .antMatchers("/api/admin/**").hasRole(FindRole.ADMIN.name()) .antMatchers(FindController.DEFAULT_LOGIN_PAGE).permitAll().antMatchers(FindController.LOGIN_PATH) .permitAll().antMatchers("/").permitAll().anyRequest().denyAll().and().headers().defaultsDisabled() .frameOptions().sameOrigin(); idolSecurityCustomizer.customize(http, authenticationManager()); }
From source file:com.xiovr.unibot.config.WebSecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { // http.authorizeRequests().antMatchers("/css/**", "/images/**, /js/**") // .permitAll().anyRequest().authenticated(); ///*ww w.j a v a 2 s . c om*/ // http.formLogin().failureUrl("/login").loginPage("/login") // .loginProcessingUrl("/login/submit") // .usernameParameter("username").passwordParameter("password") // .defaultSuccessUrl("/", false).permitAll(); // http.logout().logoutUrl("/logout").invalidateHttpSession(true) // .permitAll(); http.headers().addHeaderWriter( new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN)); http.headers().xssProtection(); http.headers().cacheControl(); http.headers().contentTypeOptions(); HstsHeaderWriter writer = new HstsHeaderWriter(false); writer.setRequestMatcher(AnyRequestMatcher.INSTANCE); http.headers().addHeaderWriter(writer); http.csrf().disable(); http.authorizeRequests().antMatchers("/css/**", "/images/**").permitAll().anyRequest().authenticated(); http.formLogin().usernameParameter("username").passwordParameter("password").loginPage("/login") .loginProcessingUrl("/login/submit").defaultSuccessUrl("/", false).permitAll().and() .exceptionHandling().accessDeniedPage("/error").and().logout().permitAll(); }
From source file:com.wiiyaya.consumer.web.initializer.config.SecurityConfig.java
private void configHeaders(HttpSecurity http) throws Exception { http.headers().httpStrictTransportSecurity().requestMatcher(AnyRequestMatcher.INSTANCE) .maxAgeInSeconds(31536000).includeSubDomains(false).and().frameOptions().sameOrigin(); }
From source file:org.lightadmin.core.config.context.LightAdminSecurityConfiguration.java
@Bean @Autowired/*from w w w . j a v a2s.com*/ public FilterChainProxy springSecurityFilterChain(Filter filterSecurityInterceptor, Filter authenticationFilter, Filter rememberMeAuthenticationFilter, Filter logoutFilter, Filter exceptionTranslationFilter, Filter securityContextPersistenceFilter) { List<SecurityFilterChain> filterChains = newArrayList(); for (String pattern : PUBLIC_RESOURCES) { filterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher(applicationUrl(pattern)))); } filterChains.add(new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, securityContextPersistenceFilter, exceptionTranslationFilter, logoutFilter, authenticationFilter, rememberMeAuthenticationFilter, filterSecurityInterceptor)); return new FilterChainProxy(filterChains); }
From source file:org.lightadmin.core.config.context.LightAdminSecurityConfiguration.java
private FilterInvocationSecurityMetadataSource securityMetadataSource() { LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> map = newLinkedHashMap(); map.put(AnyRequestMatcher.INSTANCE, asList((ConfigAttribute) new SecurityConfig(ROLE_ADMIN))); return new DefaultFilterInvocationSecurityMetadataSource(map); }
From source file:org.springframework.cloud.dataflow.server.config.security.OAuthSecurityConfiguration.java
@Override protected void configure(HttpSecurity http) throws Exception { final RequestMatcher textHtmlMatcher = new MediaTypeRequestMatcher( new BrowserDetectingContentNegotiationStrategy(), MediaType.TEXT_HTML); final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint(); basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm()); basicAuthenticationEntryPoint.afterPropertiesSet(); final Filter oauthFilter = oauthFilter(); BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(providerManager(), basicAuthenticationEntryPoint); http.addFilterAfter(oauthFilter, basicAuthenticationFilter.getClass()); http.addFilterBefore(basicAuthenticationFilter, oauthFilter.getClass()); http.addFilterBefore(oAuth2AuthenticationProcessingFilter(), basicAuthenticationFilter.getClass()); http.authorizeRequests()//from w ww . j a v a 2 s . com .antMatchers("/security/info**", "/login**", dashboard("/logout-success-oauth.html"), dashboard("/styles/**"), dashboard("/images/**"), dashboard("/fonts/**"), dashboard("/lib/**")) .permitAll().anyRequest().authenticated().and().httpBasic().and().logout() .logoutSuccessUrl(dashboard("/logout-success-oauth.html")).and().csrf().disable() .exceptionHandling() .defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), textHtmlMatcher) .defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, AnyRequestMatcher.INSTANCE); securityStateBean.setAuthenticationEnabled(true); securityStateBean.setAuthorizationEnabled(false); }
From source file:org.springframework.security.config.http.DefaultFilterChainValidator.java
private void checkPathOrder(List<SecurityFilterChain> filterChains) { // Check that the universal pattern is listed at the end, if at all Iterator<SecurityFilterChain> chains = filterChains.iterator(); while (chains.hasNext()) { RequestMatcher matcher = ((DefaultSecurityFilterChain) chains.next()).getRequestMatcher(); if (AnyRequestMatcher.INSTANCE.equals(matcher) && chains.hasNext()) { throw new IllegalArgumentException("A universal match pattern ('/**') is defined " + " before other patterns in the filter chain, causing them to be ignored. Please check the " + "ordering in your <security:http> namespace or FilterChainProxy bean configuration"); }/*from w w w.j a va 2 s . c o m*/ } }
From source file:org.springframework.security.config.http.DefaultFilterChainValidatorTests.java
@Before public void setUp() throws Exception { AnonymousAuthenticationFilter aaf = new AnonymousAuthenticationFilter("anonymous"); fsi = new FilterSecurityInterceptor(); fsi.setAccessDecisionManager(accessDecisionManager); fsi.setSecurityMetadataSource(metadataSource); AuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login"); ExceptionTranslationFilter etf = new ExceptionTranslationFilter(authenticationEntryPoint); DefaultSecurityFilterChain securityChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE, aaf, etf, fsi);//w w w. j a v a 2s. co m fcp = new FilterChainProxy(securityChain); validator = new DefaultFilterChainValidator(); ReflectionTestUtils.setField(validator, "logger", logger); }