Here are the examples of the java api org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeRequests() taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.
577 Examples
19
Source : AuthConfig.java
with MIT License
from zidoshare
with MIT License
from zidoshare
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests().anyRequest().permitAll().and().formLogin().and().apply(new PhoneCodeLoginConfigurer<>()).phoneCodeService((phone, code) -> {
System.out.printf("phone:%s,code:%s\n", phone, code);
}).and().apply(new RestSecurityContextConfigurer<>()).jwt();
}
19
Source : CasSecurityConfig.java
with Apache License 2.0
from zhaoguhong
with Apache License 2.0
from zhaoguhong
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
if (casProperties.isEnable()) {
http.authorizeRequests().and().addFilterBefore(casAuthenticationFilter(), BasicAuthenticationFilter.clreplaced).addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.clreplaced).exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint());
}
}
19
Source : SecurityCoreAutoConfigurer.java
with MIT License
from ZeroOrInfinity
with MIT License
from ZeroOrInfinity
private void urlAuthorizationConfigurer(HttpSecurity http, UriHttpMethodTuple[] permitAllArray, UriHttpMethodTuple[] denyAllArray, UriHttpMethodTuple[] anonymousArray, UriHttpMethodTuple[] authenticatedArray, UriHttpMethodTuple[] fullyAuthenticatedArray, UriHttpMethodTuple[] rememberMeArray, Map<UriHttpMethodTuple, String[]> accessMap, Map<UriHttpMethodTuple, String[]> hasRoleMap, Map<UriHttpMethodTuple, String[]> hasAnyRoleMap, Map<UriHttpMethodTuple, String[]> hasAuthorityMap, Map<UriHttpMethodTuple, String[]> hasAnyAuthorityMap, Map<UriHttpMethodTuple, String[]> hasIpAddressMap) throws Exception {
final ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
// 根据 authorizeRequestType 设置权限
setAuthorizeRequest(registry, permitAllArray, PERMIT_ALL);
setAuthorizeRequest(registry, denyAllArray, DENY_ALL);
setAuthorizeRequest(registry, anonymousArray, ANONYMOUS);
setAuthorizeRequest(registry, authenticatedArray, AUTHENTICATED);
setAuthorizeRequest(registry, fullyAuthenticatedArray, FULLY_AUTHENTICATED);
setAuthorizeRequest(registry, rememberMeArray, REMEMBER_ME);
// 根据 authorizeRequestType 设置权限
setAuthorizeRequestPlus(registry, hasRoleMap, HAS_ROLE);
setAuthorizeRequestPlus(registry, hasAnyRoleMap, HAS_ANY_ROLE);
setAuthorizeRequestPlus(registry, hasAuthorityMap, HAS_AUTHORITY);
setAuthorizeRequestPlus(registry, hasAnyAuthorityMap, HAS_ANY_AUTHORITY);
setAuthorizeRequestPlus(registry, hasIpAddressMap, HAS_IP_ADDRESS);
// 设置 ACCESS 权限
if (accessMap.size() > 0) {
final StringBuilder sb = new StringBuilder();
accessMap.values().stream().flatMap(Arrays::stream).forEach(access -> sb.append(access).append(" and "));
int interceptLen = 5;
if (sb.length() > interceptLen) {
sb.setLength(sb.length() - interceptLen);
registry.anyRequest().access(sb.toString());
return;
}
}
registry.anyRequest().authenticated();
}
19
Source : WebSecurityConfig.java
with Apache License 2.0
from Xlinlin
with Apache License 2.0
from Xlinlin
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// 基于token 接口间鉴权
// tokenConfigure(httpSecurity);
// 基于session 适应于浏览器
sessionConfig(httpSecurity);
httpSecurity.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll().antMatchers(anonymousUrls.split(",")).permitAll().anyRequest().authenticated();
// 禁用缓存
httpSecurity.headers().cacheControl();
// 添加JWT filter
httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePreplacedwordAuthenticationFilter.clreplaced);
// 设置 鉴权失败和无权的处理
httpSecurity.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).accessDeniedHandler(accessDeniedHandler);
}
19
Source : SpringWebConfig.java
with Apache License 2.0
from WeBankPartners
with Apache License 2.0
from WeBankPartners
protected void configureLocalAuthentication(HttpSecurity http) throws Exception {
//
http.authorizeRequests().antMatchers("/index.html").permitAll().antMatchers("/workflow/**").permitAll().antMatchers("/swagger-ui.html/**", "/swagger-resources/**").permitAll().antMatchers("/webjars/**").permitAll().antMatchers("/v2/api-docs").permitAll().antMatchers("/csrf").permitAll().antMatchers("/**").permitAll().anyRequest().authenticated().and().addFilter(//
jwtSsoBasedAuthenticationFilter()).csrf().disable().exceptionHandling().authenticationEntryPoint(//
new Http401AuthenticationEntryPoint());
}
19
Source : SpringWebConfig.java
with Apache License 2.0
from WeBankPartners
with Apache License 2.0
from WeBankPartners
protected void configureLocalAuthentication(HttpSecurity http) throws Exception {
//
http.authorizeRequests().antMatchers("/swagger-ui.html/**", "/swagger-resources/**").permitAll().antMatchers("/webjars/**").permitAll().antMatchers("/v2/api-docs").permitAll().antMatchers("/csrf").permitAll().antMatchers("/v1/route-items").permitAll().antMatchers("/v1/route-items/**").permitAll().antMatchers("/v1/health-check").permitAll().antMatchers("/v1/appinfo/loggers/query").permitAll().antMatchers("/v1/appinfo/loggers/update").permitAll().antMatchers("/v1/appinfo/version").permitAll().anyRequest().authenticated().and().addFilter(//
jwtSsoBasedAuthenticationFilter()).csrf().disable().exceptionHandling().authenticationEntryPoint(//
new Http401AuthenticationEntryPoint());
}
19
Source : LocalSpringWebConfig.java
with Apache License 2.0
from WeBankPartners
with Apache License 2.0
from WeBankPartners
protected void configureLocalAuthentication(HttpSecurity http) throws Exception {
//
http.authorizeRequests().antMatchers("/**").permitAll().and().addFilter(//
jwtSsoBasedAuthenticationFilter()).csrf().disable().exceptionHandling().authenticationEntryPoint(//
new Http401AuthenticationEntryPoint());
}
19
Source : WebSecurityConfig.java
with Apache License 2.0
from V1toss
with Apache License 2.0
from V1toss
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/**").hasAnyRole("ADMIN", "USER").and().formLogin().and().httpBasic().and().csrf().disable();
}
19
Source : SecurityConfiguration.java
with MIT License
from TrainingByPackt
with MIT License
from TrainingByPackt
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/css/**", "/webjars/**", "/login").permitAll().antMatchers("/**").permitAll().and().formLogin().loginPage("/login").and().logout().logoutSuccessUrl("/").and().httpBasic().realmName("securityintro").and().cors();
}
19
Source : SecurityConfig.java
with MIT License
from tomoyane
with MIT License
from tomoyane
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/api/v1/hello", "/api/v1/auth/**").permitAll().anyRequest().authenticated().and().csrf().disable().addFilter(preAuthenticatedProcessingFilter()).exceptionHandling().authenticationEntryPoint(new AuthEntryPoint());
}
19
Source : BootWebSecurityConfigurer.java
with Apache License 2.0
from Taskana
with Apache License 2.0
from Taskana
protected void addLoginPageConfiguration(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin().loginPage("/login").failureUrl("/login?error").defaultSuccessUrl("/").permitAll().and().logout().invalidateHttpSession(true).clearAuthentication(true).logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID").permitAll();
}
19
Source : SecurityConfig.java
with Apache License 2.0
from spring-projects-experimental
with Apache License 2.0
from spring-projects-experimental
// formatter:off
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()).oauth2Login(oauth2Login -> oauth2Login.loginPage("/oauth2/authorization/messaging-client-oidc")).oauth2Client(withDefaults());
return http.build();
}
19
Source : DefaultSecurityConfig.java
with Apache License 2.0
from spring-projects-experimental
with Apache License 2.0
from spring-projects-experimental
// formatter:off
@Bean
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()).formLogin(withDefaults());
return http.build();
}
19
Source : SecurityConfig.java
with MIT License
from SourceLabOrg
with MIT License
from SourceLabOrg
/**
* Sets up HttpSecurity for standard local user authentication.
*/
private void enableUserAuth(final HttpSecurity http) throws Exception {
logger.info("Configuring with authenticated user access.");
http.authorizeRequests().antMatchers("/register/**", "/login/**", "/vendors/**", "/css/**", "/js/**", "/img/**").permitAll().antMatchers("/configuration/user/edit/**", "/configuration/user/update").fullyAuthenticated().antMatchers(// Configuration
"/configuration/**", // Create topic
"/api/cluster/*/create/**", // Modify topic
"/api/cluster/*/modify/**", // Delete topic
"/api/cluster/*/delete/**", // Remove consumer group
"/api/cluster/*/consumer/remove").hasRole("ADMIN").anyRequest().fullyAuthenticated().and().formLogin().loginPage("/login").usernameParameter("email").preplacedwordParameter("preplacedword").failureUrl("/login?error=true").defaultSuccessUrl("/").permitAll().and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login").permitAll();
}
19
Source : ProResourceServerConfigurerAdapter.java
with Apache License 2.0
from pro-cloud
with Apache License 2.0
from pro-cloud
/**
* 对匹配的资源进行放行
* @param http
* @throws Exception
*/
@Override
public void configure(HttpSecurity http) throws Exception {
String[] urls = Convert.toStrArray(permitProps.getIgnoreUrls());
http.headers().frameOptions().disable();
http.authorizeRequests().antMatchers(urls).permitAll();
http.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll();
http.authorizeRequests().anyRequest().authenticated().and().csrf().disable();
}
19
Source : SecurityConfiguration.java
with MIT License
from PearAdmin
with MIT License
from PearAdmin
/**
* Describe: 配置 Security 控制逻辑
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(securityProperty.getOpenApi()).permitAll().anyRequest().authenticated().and().addFilterBefore(securityCaptchaSupport, // 验证码验证类
UsernamePreplacedwordAuthenticationFilter.clreplaced).httpBasic().authenticationEntryPoint(securityAuthenticationEntryPoint).and().formLogin().loginPage("/login").loginProcessingUrl("/login").successHandler(securityAccessSuccessHander).failureHandler(securityAccessFailureHander).and().logout().deleteCookies(// 退出登录删除 cookie缓存
"JSESSIONID").logoutSuccessHandler(// 配置用户登出自定义处理类
securityAccessLogoutHander).and().exceptionHandling().accessDeniedHandler(// 配置没有权限自定义处理类
securityAccessDeniedHander).and().rememberMe().rememberMeParameter("remember-me").rememberMeCookieName("rememberme-token").tokenRepository(securityUserTokenService).key(securityProperty.getRememberKey()).and().sessionManagement().sessionFixation().migrateSession().sessionCreationPolicy(// 在需要使用到session时才创建session
SessionCreationPolicy.IF_REQUIRED).maximumSessions(// 同时登陆多个只保留一个
1).maxSessionsPreventsLogin(false).expiredSessionStrategy(// //踢出用户操作
securityExpiredSessionHandler).sessionRegistry(// 用于统计在线
sessionRegistry());
// 取消跨站请求伪造防护
http.csrf().disable();
// 防止iframe 造成跨域
http.headers().frameOptions().disable();
}
19
Source : SecurityConfig.java
with MIT License
from PacktPublishing
with MIT License
from PacktPublishing
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests().antMatchers("/admin/h2/**").permitAll().antMatchers("/").permitAll().antMatchers("/login/*").permitAll().antMatchers("/logout").permitAll().antMatchers("/signup/*").permitAll().antMatchers("/errors/**").permitAll().antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()").antMatchers("/events/").hasRole("ADMIN").antMatchers("/**").hasRole("USER");
// Login
http.formLogin().loginPage("/login/form").loginProcessingUrl("/login").failureUrl("/login/form?error").usernameParameter("username").preplacedwordParameter("preplacedword").defaultSuccessUrl("/default", true).permitAll();
// Logout
http.logout().logoutUrl("/logout").logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true).permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling().accessDeniedPage("/errors/403");
// remember me configuration
http.rememberMe().key("jbcpCalendar").rememberMeServices(rememberMeServices);
// SSL / TLS x509 support
http.x509().x509AuthenticationFilter(x509Filter());
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
19
Source : SecurityConfig.java
with MIT License
from PacktPublishing
with MIT License
from PacktPublishing
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests().antMatchers("/admin/h2/**").permitAll().antMatchers("/login/*").permitAll().antMatchers("/logout").permitAll().antMatchers("/signup/*").permitAll().antMatchers("/errors/**").permitAll().antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()").antMatchers("/events/").hasRole("ADMIN").antMatchers("/**").hasRole("USER");
// Login
http.formLogin().loginPage("/login/form").loginProcessingUrl("/login").failureUrl("/login/form?error").usernameParameter("username").preplacedwordParameter("preplacedword").defaultSuccessUrl("/default", true).permitAll();
// Logout
http.logout().logoutUrl("/logout").logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true).permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling().accessDeniedPage("/errors/403");
// remember me configuration
http.rememberMe().key("jbcpCalendar").rememberMeServices(rememberMeServices);
// SSL / TLS x509 support
http.x509().x509AuthenticationFilter(x509Filter());
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
19
Source : SecurityConfig.java
with MIT License
from PacktPublishing
with MIT License
from PacktPublishing
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests().antMatchers("/admin/h2/**").permitAll().antMatchers("/").permitAll().antMatchers("/login/*").permitAll().antMatchers("/logout").permitAll().antMatchers("/signup/*").permitAll().antMatchers("/errors/**").permitAll().antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()").antMatchers("/events/").hasRole("ADMIN").antMatchers("/**").hasRole("USER");
http.addFilterAt(casFilter, CasAuthenticationFilter.clreplaced);
http.addFilterBefore(singleSignOutFilter, LogoutFilter.clreplaced);
// Logout
http.logout().logoutUrl("/logout").logoutSuccessUrl(creplacederverLogout).permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint).accessDeniedPage("/errors/403");
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
19
Source : SecurityConfig.java
with MIT License
from PacktPublishing
with MIT License
from PacktPublishing
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests().antMatchers("/admin/h2/**").permitAll().antMatchers("/").permitAll().antMatchers("/login/*").permitAll().antMatchers("/logout").permitAll().antMatchers("/signup/*").permitAll().antMatchers("/errors/**").permitAll().antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()").antMatchers("/events/").hasRole("ADMIN").antMatchers("/**").hasRole("USER");
// Login
/*http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.preplacedwordParameter("preplacedword")
.defaultSuccessUrl("/default", true)
.permitAll();*/
// Logout
http.logout().logoutUrl("/logout").logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true).permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
http.addFilterAt(casFilter, CasAuthenticationFilter.clreplaced);
// Exception Handling
http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint).accessDeniedPage("/errors/403");
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
19
Source : SecurityConfig.java
with MIT License
from PacktPublishing
with MIT License
from PacktPublishing
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/admin/h2/**").permitAll().antMatchers("/").permitAll().antMatchers("/login/*").permitAll().antMatchers("/logout").permitAll().antMatchers("/signup/*").permitAll().antMatchers("/errors/**").permitAll().antMatchers("/admin/*").hasRole("ADMIN").antMatchers("/events/").hasRole("ADMIN").antMatchers("/**").hasRole("USER").and().exceptionHandling().accessDeniedPage("/errors/403").authenticationEntryPoint(loginUrlAuthenticationEntryPoint()).and().logout().logoutUrl("/logout").logoutSuccessUrl("/login/form?logout").permitAll().and().anonymous().and().csrf().disable().addFilterAt(domainUsernamePreplacedwordAuthenticationFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced);
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
19
Source : WebSecurityConfig.java
with MIT License
from PacktPublishing
with MIT License
from PacktPublishing
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll().anyRequest().fullyAuthenticated().and().formLogin().loginPage("/login").permitAll().defaultSuccessUrl("/privatePage", true).failureUrl("/login?error=true").and().logout().permitAll().logoutSuccessUrl("/login?logout=true");
logger.info("configure method is called to make the resources secure ...");
super.configure(http);
}
19
Source : AppSecurityModelJ.java
with MIT License
from PacktPublishing
with MIT License
from PacktPublishing
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login**", "/after**").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login.html").defaultSuccessUrl("/deptform.html").failureUrl("/login.html?error=true").successHandler(customSuccessHandler).and().logout().logoutUrl("/logout.html").logoutSuccessHandler(customLogoutHandler);
http.csrf().disable();
}
19
Source : AppSecurityModelG.java
with MIT License
from PacktPublishing
with MIT License
from PacktPublishing
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login**", "/after**").permitAll().antMatchers("/session*").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login.html").defaultSuccessUrl("/deptform.html").failureUrl("/login.html?error=true").successHandler(customSuccessHandler).and().logout().logoutUrl("/logout.html").logoutSuccessHandler(customLogoutHandler).invalidateHttpSession(true).deleteCookies("JSESSIONID").and().exceptionHandling().accessDeniedPage("/access_denied.html");
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).maximumSessions(1).maxSessionsPreventsLogin(true).expiredUrl("/session_expired.html").and().enableSessionUrlRewriting(true).invalidSessionUrl("/session_invalid.html");
http.csrf().disable();
}
19
Source : AppSecurityModelF.java
with MIT License
from PacktPublishing
with MIT License
from PacktPublishing
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/login**", "/after**").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login.html").defaultSuccessUrl("/deptform.html").failureUrl("/login.html?error=true").successHandler(customSuccessHandler).and().logout().logoutUrl("/logout.html").logoutSuccessHandler(customLogoutHandler).and().exceptionHandling().accessDeniedPage("/access_denied.html");
http.csrf().disable();
}
19
Source : SecurityConfiguration.java
with MIT License
from PacktPublishing
with MIT License
from PacktPublishing
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll().and().authorizeRequests().antMatchers("/profile/*").authenticated().and().authorizeRequests().anyRequest().authenticated().and().httpBasic().and().oauth2Login().and().csrf().disable();
// custom token exchanger for Facebook
http.oauth2Login().userInfoEndpoint().userNameAttributeName("name", URI.create(properties.getUserInfoUri())).and().tokenEndpoint().accessTokenRepository(tokenStore).authorizationCodeTokenExchanger(new FacebookAuthorizationGrantTokenExchanger());
}
19
Source : PoseidonAuthConfigAdapter.java
with Apache License 2.0
from muggle0
with Apache License 2.0
from muggle0
@Override
protected void configure(HttpSecurity http) throws Exception {
log.debug("》》》》 启动security配置");
String[] paths = new String[SecurityStore.ACCESS_PATHS.size()];
SecurityStore.ACCESS_PATHS.toArray(paths);
http.authorizeRequests().antMatchers(paths).permitAll().antMatchers("/api/**", "/poseidon/**").permitAll().antMatchers("/admin/oauth/**").hasRole("admin").anyRequest().authenticated().accessDecisionManager(accessDecisionManager()).and().csrf().disable();
http.addFilterBefore(poseidonTokenFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced);
http.exceptionHandling().authenticationEntryPoint(loginUrlAuthenticationEntryPoint()).accessDeniedHandler(new PoseidonAccessDeniedHandler());
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
}
19
Source : SecurityConfig.java
with Apache License 2.0
from mposolda
with Apache License 2.0
from mposolda
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests().antMatchers("/app", "/app/", "/app*", "/app/**").hasRole("USER").anyRequest().permitAll();
}
19
Source : WebSecurityConfig.java
with GNU General Public License v3.0
from microacup
with GNU General Public License v3.0
from microacup
@Override
protected void configure(HttpSecurity http) throws Exception {
configureHeaders(http.headers());
http.addFilterBefore(myFilterSecurityInterceptor(), FilterSecurityInterceptor.clreplaced);
http.authorizeRequests().antMatchers("/", "/static/**", "/test/**", "/500", "/404", "/oauth/**", "/oauth2/**").permitAll().anyRequest().authenticated().and().rememberMe().and().formLogin().loginPage("/login").permitAll().and().logout().logoutUrl("/logout").logoutSuccessUrl("/login").permitAll();
http.csrf().ignoringAntMatchers("/oauth2/**", "/api/**");
}
19
Source : OpenApiSecurityConfigurer.java
with Apache License 2.0
from melthaw
with Apache License 2.0
from melthaw
private void configAccess(HttpSecurity http) throws Exception {
http.headers().frameOptions().disable();
http.authorizeRequests().accessDecisionManager(accessDecisionManager()).antMatchers("/", "/static/**", "/login**", "/guest/**").permitAll().antMatchers("/api/shared/**").hasRole("USER").antMatchers("/api/_devops_/**").hasRole("ADMIN").antMatchers("/api/**").access("preplacedRbacCheck").and().exceptionHandling().authenticationEntryPoint(authenticationEntryPointImpl()).accessDeniedHandler(accessDeniedHandlerImpl());
}
19
Source : SecurityConfig.java
with Apache License 2.0
from luotuo
with Apache License 2.0
from luotuo
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().mvcMatchers("/**").permitAll().anyRequest().fullyAuthenticated().mvcMatchers("/login", "/login/wechat").permitAll().and().formLogin().successHandler(new MyAuthenticationSuccessHandler()).failureHandler(new MySimpleUrlAuthenticationFailureHandler()).and().logout().logoutSuccessHandler(new RestLogoutSuccessHandler()).and().exceptionHandling().authenticationEntryPoint(new RestAuthenticationEntryPoint());
http.addFilterAt(myFilterSecurityInterceptor, FilterSecurityInterceptor.clreplaced);
http.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.clreplaced);
// http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http.csrf().disable();
}
19
Source : SecurityConfig.java
with Apache License 2.0
from linnykoleh
with Apache License 2.0
from linnykoleh
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().regexMatchers("/chief/.*").hasRole("CHIEF").regexMatchers("/agent/.*").access("hasRole('USER') and principal.name='James Bond'").anyRequest().authenticated().and().httpBasic().and().requiresChannel().anyRequest().requiresSecure();
http.exceptionHandling().accessDeniedPage("/accessDenied");
http.formLogin().loginPage("/login").permitAll();
http.logout().logoutUrl("/customlogout");
http.addFilterBefore(securityContextPersistenceFilter(), SecurityContextPersistenceFilter.clreplaced);
http.addFilterAt(exceptionTranslationFilter(), ExceptionTranslationFilter.clreplaced);
// This ensures filter ordering by default
http.addFilter(filterSecurityInterceptor());
http.addFilterAfter(new CustomFilter(), FilterSecurityInterceptor.clreplaced);
}
19
Source : SecurityConfig.java
with Apache License 2.0
from keycloak
with Apache License 2.0
from keycloak
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests().antMatchers("/products*").hasRole("USER").anyRequest().permitAll();
}
19
Source : WebSecurityConfig.java
with Apache License 2.0
from jitwxs
with Apache License 2.0
from jitwxs
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/getVerifyCode").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login").defaultSuccessUrl("/").permitAll().failureUrl("/login/error").and().addFilterBefore(new VerifyFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced).logout().permitAll().and().rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(60).userDetailsService(userDetailsService);
// 关闭CSRF跨域
http.csrf().disable();
}
19
Source : SecurityConfig.java
with Apache License 2.0
from jgrandja
with Apache License 2.0
from jgrandja
// @formatter:off
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()).oauth2Login(oauth2Login -> oauth2Login.loginPage("/oauth2/authorization/login-client").failureUrl("/login?error").permitAll()).oauth2Client(withDefaults()).logout(AbstractHttpConfigurer::disable);
return http.build();
}
19
Source : ResourceServerConfiguration.java
with Apache License 2.0
from hello-shf
with Apache License 2.0
from hello-shf
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(EXCLUDED_AUTH_PAGES).permitAll().anyRequest().authenticated();
}
19
Source : WebSecurityConfig.java
with Apache License 2.0
from hello-shf
with Apache License 2.0
from hello-shf
@Override
public void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
http.authorizeRequests().antMatchers("/getVerifyCode").permitAll().anyRequest().authenticated().and().formLogin().loginPage(// 登录页,当未登录时会重定向到该页面
"/login_page").successHandler(// 登录成功处理
authenticationSuccessHandler()).failureHandler(// 登录失败处理
authenticationFailureHandler()).authenticationDetailsSource(// 自定义验证逻辑,增加验证码信息
authenticationDetailsSource).loginProcessingUrl(// restful登录请求地址
"/login").usernameParameter(// 默认的用户名参数
"username").preplacedwordParameter(// 默认的密码参数
"preplacedword").permitAll().and().logout().permitAll().logoutSuccessHandler(logoutSuccessHandler()).and().exceptionHandling().accessDeniedHandler(// 权限不足
accessDeniedHandler());
http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePreplacedwordAuthenticationFilter.clreplaced);
http.headers().cacheControl();
}
19
Source : WebSecurityConfig.java
with The Unlicense
from h-e-n-r-y
with The Unlicense
from h-e-n-r-y
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/register", "/img/**", "/css/**", "/js/**", "/*.js").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout().permitAll();
http.authorizeRequests().antMatchers("/public/**").permitAll();
// for h2 console
http.authorizeRequests().antMatchers("/console/**").hasRole("SA_ROLE");
http.csrf().ignoringAntMatchers("/console/**");
http.headers().frameOptions().disable();
}
19
Source : WebSecurityConfig.java
with Apache License 2.0
from Frodez
with Apache License 2.0
from Frodez
/**
* 主配置
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
// 开启https
if (serverProperties.getSsl().isEnabled()) {
http.requiresChannel().anyRequest().requiresSecure();
}
// 开启跨域共享, 跨域伪造请求限制=无效
http.cors().and().csrf().disable();
// 禁止缓存
http.headers().cacheControl();
// 无权限时处理
http.exceptionHandling().authenticationEntryPoint(authentication);
http.exceptionHandling().accessDeniedHandler(accessDenied);
// 不创建session
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// 配置token验证过滤器
http.addFilterBefore(filter, UsernamePreplacedwordAuthenticationFilter.clreplaced);
// 地址配置
var registry = http.authorizeRequests();
// 不控制的地址
registry.antMatchers(permitAllPathList()).permitAll();
registry.antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
// 在密码验证过滤器前执行jwt过滤器
registry.anyRequest().authenticated();
}
19
Source : FebsCloudResourceServerConfigure.java
with Apache License 2.0
from febsteam
with Apache License 2.0
from febsteam
private void permitAll(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().anyRequest().permitAll();
}
19
Source : BaseWebSecurityConfig.java
with Apache License 2.0
from devonfw
with Apache License 2.0
from devonfw
/**
* Configure spring security to enable a simple webform-login + a simple rest login.
*/
@Override
public void configure(HttpSecurity http) throws Exception {
String[] unsecuredResources = new String[] { "/login", "/security/**", "/services/rest/login", "/services/rest/logout" };
/**
* http
* //
* .userDetailsService(this.userDetailsService)
* // define all urls that are not to be secured
* .authorizeRequests().antMatchers(unsecuredResources).permitAll().anyRequest().authenticated().and()
*
* // activate crsf check for a selection of urls (but not for login & logout)
* .csrf().requireCsrfProtectionMatcher(new CsrfRequestMatcher()).and()
*
* // configure parameters for simple form login (and logout)
* .formLogin().successHandler(new SimpleUrlAuthenticationSuccessHandler()).defaultSuccessUrl("/")
* .failureUrl("/login.html?error").loginProcessingUrl("/j_spring_security_login").usernameParameter("username")
* .preplacedwordParameter("preplacedword").and()
* // logout via POST is possible
* .logout().logoutSuccessUrl("/login.html").and()
*
* // register login and logout filter that handles rest logins
* .addFilterAfter(getSimpleRestAuthenticationFilter(), BasicAuthenticationFilter.clreplaced)
* .addFilterAfter(getSimpleRestLogoutFilter(), LogoutFilter.clreplaced);
*/
http.authorizeRequests().anyRequest().permitAll().and().csrf().disable();
if (this.corsEnabled) {
http.addFilterBefore(getCorsFilter(), CsrfFilter.clreplaced);
}
}
19
Source : SecurityConfig.java
with GNU Lesser General Public License v3.0
from datageartech
with GNU Lesser General Public License v3.0
from datageartech
@Override
protected void configure(HttpSecurity http) throws Exception {
boolean disableAnonymous = isDisableAnonymous();
// 默认是开启CSRF的,系统目前没有提供相关支持,因此需禁用
http.csrf().disable();
// 默认"X-Frame-Options"值为"DENY",这会导致系统的图表/看板展示页面无法被其他应用嵌入iframe,因此需禁用
http.headers().frameOptions().disable();
http.authorizeRequests().antMatchers("/changeThemeData/**").permitAll().antMatchers("/replacedysis/chartPlugin/icon/*", "/replacedysis/chartPlugin/chartPluginManager.js", "/replacedysis/chart/show/**", "/replacedysis/chart/showData", "/replacedysis/dashboard/show/**", "/replacedysis/dashboard/showData", "/replacedysis/dashboard/loadChart", "/replacedysis/dashboard/heartbeat").access(AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/schema/add", "/schema/saveadd", "/schema/edit", "/schema/saveedit", "/schema/delete").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN).antMatchers("/schema/**").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/data/**").access(disableAnonymous ? AUTH_USER_ADMIN : AUTH_ANONYMOUS_USER_ADMIN).antMatchers("/dataexchange/**").access(disableAnonymous ? AUTH_USER_ADMIN : AUTH_ANONYMOUS_USER_ADMIN).antMatchers("/sqlpad/**").access(disableAnonymous ? AUTH_USER_ADMIN : AUTH_ANONYMOUS_USER_ADMIN).antMatchers("/sqlEditor/**").access(disableAnonymous ? AUTH_USER_ADMIN : AUTH_ANONYMOUS_USER_ADMIN).antMatchers("/replacedysis/dataSet/addFor*", "/replacedysis/dataSet/saveAddFor*", "/replacedysis/dataSet/edit", "/replacedysis/dataSet/saveEditFor*", "/replacedysis/dataSet/delete", "/replacedysis/dataSet/uploadFile").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN).antMatchers("/replacedysis/dataSet/**").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/replacedysis/chart/add", "/replacedysis/chart/edit", "/replacedysis/chart/save", "/replacedysis/chart/delete").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN).antMatchers("/replacedysis/chart/**").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/replacedysis/dashboard/add", "/replacedysis/dashboard/edit", "/replacedysis/dashboard/save", "/replacedysis/dashboard/saveTemplateNames", "/replacedysis/dashboard/deleteResource", "/replacedysis/dashboard/uploadResourceFile", "/replacedysis/dashboard/saveResourceFile", "/replacedysis/dashboard/import", "/replacedysis/dashboard/uploadImportFile", "/replacedysis/dashboard/saveImport", "/replacedysis/dashboard/delete").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN).antMatchers("/replacedysis/dashboard/**").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/replacedysis/project/add", "/replacedysis/project/edit", "/replacedysis/project/save", "/replacedysis/project/delete").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN).antMatchers("/replacedysis/project/**").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/replacedysis/chartPlugin/select", "/replacedysis/chartPlugin/selectData").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/replacedysis/chartPlugin/**").access(AUTH_ADMIN).antMatchers("/dataSetResDirectory/view", "/dataSetResDirectory/select", "/dataSetResDirectory/pagingQueryData", "/dataSetResDirectory/listFiles").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/dataSetResDirectory/**").access(AUTH_ADMIN).antMatchers("/authorization/**").access(AUTH_USER_ADMIN).antMatchers("/driverEnreplacedy/view", "/driverEnreplacedy/select", "/driverEnreplacedy/queryData", "/driverEnreplacedy/downloadDriverFile", "/driverEnreplacedy/listDriverFile").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/driverEnreplacedy/**").access(AUTH_ADMIN).antMatchers("/schemaUrlBuilder/buildUrl").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/schemaUrlBuilder/*").access(AUTH_ADMIN).antMatchers("/user/personalSet", "/user/savePersonalSet").access(AUTH_USER_ADMIN).antMatchers("/user/select", "/user/pagingQueryData").access(AUTH_USER_ADMIN).antMatchers("/user/**").access(AUTH_ADMIN).antMatchers("/role/select", "/role/pagingQueryData").access(AUTH_USER_ADMIN).antMatchers("/role/**").access(AUTH_ADMIN).antMatchers("/login/**", "/register/**", "/resetPreplacedword/**").access(AUTH_ANONYMOUS).antMatchers("/**").access(disableAnonymous ? AUTH_USER_ADMIN : AUTH_ANONYMOUS_USER_ADMIN).and().formLogin().loginPage("/login").loginProcessingUrl("/login/doLogin").usernameParameter("name").preplacedwordParameter("preplacedword").successHandler(getAuthenticationSuccessHandler()).and().logout().logoutUrl("/logout").invalidateHttpSession(true).logoutSuccessUrl("/").and().rememberMe().key("REMEMBER_ME_KEY").tokenValiditySeconds(60 * 60 * 24 * 365).rememberMeParameter("rememberMe").rememberMeCookieName("REMEMBER_ME");
configureAnonymous(http);
}
19
Source : SecurityConfig.java
with MIT License
from dailycodebuffer
with MIT License
from dailycodebuffer
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests().anyRequest().permitAll().and().csrf().disable();
}
19
Source : SpringSecurityConfiguration.java
with Apache License 2.0
from crnk-project
with Apache License 2.0
from crnk-project
@Override
protected void configure(HttpSecurity http) throws Exception {
// consider moving to stateless and handle token on Angular side
if (properties.isSecurityEnabled()) {
// @formatter:off
http.antMatcher("/**").authorizeRequests().antMatchers("/", "/favicon.ico", "/replacedets/**", "/login**", "/styles**", "/inline**", "/polyfills**", "/scripts***", "/main**").permitAll().anyRequest().authenticated().and().logout().logoutSuccessUrl("/").permitAll().and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and().exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)).and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.clreplaced);
// @formatter:on
} else {
http.authorizeRequests().antMatchers("/**").permitAll();
http.csrf().disable();
}
}
19
Source : SecurityConfig.java
with Apache License 2.0
from arohou
with Apache License 2.0
from arohou
private void runUnsecured(HttpSecurity http) throws Exception {
log.info("Running unsecured");
http.authorizeRequests().anyRequest().permitAll().and().csrf().disable();
}
19
Source : AtlasSecurityConfig.java
with Apache License 2.0
from apache
with Apache License 2.0
from apache
protected void configure(HttpSecurity httpSecurity) throws Exception {
// @formatter:off
httpSecurity.authorizeRequests().anyRequest().authenticated().and().headers().addHeaderWriter(new StaticHeadersWriter(HeadersUtil.CONTENT_SEC_POLICY_KEY, HeadersUtil.headerMap.get(HeadersUtil.CONTENT_SEC_POLICY_KEY))).addHeaderWriter(new StaticHeadersWriter(SERVER_KEY, HeadersUtil.headerMap.get(SERVER_KEY))).and().servletApi().and().csrf().disable().sessionManagement().enableSessionUrlRewriting(false).sessionCreationPolicy(SessionCreationPolicy.ALWAYS).sessionFixation().newSession().and().httpBasic().authenticationEntryPoint(getDelegatingAuthenticationEntryPoint()).and().formLogin().loginPage("/login.jsp").loginProcessingUrl("/j_spring_security_check").successHandler(successHandler).failureHandler(failureHandler).usernameParameter("j_username").preplacedwordParameter("j_preplacedword").and().logout().logoutSuccessUrl("/login.jsp").deleteCookies("ATLreplacedESSIONID").logoutUrl("/logout.html");
// @formatter:on
boolean configMigrationEnabled = !StringUtils.isEmpty(configuration.getString(ATLAS_MIGRATION_MODE_FILENAME));
if (configuration.getBoolean("atlas.server.ha.enabled", false) || configMigrationEnabled) {
if (configMigrationEnabled) {
LOG.info("Atlas is in Migration Mode, enabling ActiveServerFilter");
} else {
LOG.info("Atlas is in HA Mode, enabling ActiveServerFilter");
}
httpSecurity.addFilterAfter(activeServerFilter, BasicAuthenticationFilter.clreplaced);
}
httpSecurity.addFilterAfter(staleTransactionCleanupFilter, BasicAuthenticationFilter.clreplaced).addFilterBefore(ssoAuthenticationFilter, BasicAuthenticationFilter.clreplaced).addFilterAfter(atlasAuthenticationFilter, SecurityContextHolderAwareRequestFilter.clreplaced).addFilterAfter(csrfPreventionFilter, AtlasAuthenticationFilter.clreplaced);
if (keycloakEnabled) {
httpSecurity.logout().addLogoutHandler(keycloakLogoutHandler()).and().addFilterBefore(keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.clreplaced).addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.clreplaced).addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.clreplaced).addFilterAfter(keycloakAuthenticatedActionsRequestFilter(), KeycloakSecurityContextRequestFilter.clreplaced);
}
}
19
Source : WebSecurityConfig.java
with MIT License
from aiyoyoyo
with MIT License
from aiyoyoyo
private void _configure_login_(HttpSecurity _hs) throws Exception {
String login_page = "/" + CommonConfig.getString("jees.webs.login", "login");
String logout_page = "/" + CommonConfig.getString("jees.webs.logout", "logout");
_hs.authorizeRequests().and().formLogin().loginPage(login_page).successHandler(successHandler()).failureHandler(failureHandler()).permitAll().and().logout().logoutUrl(logout_page).permitAll();
}
19
Source : WebSecurityConfig.java
with MIT License
from aiyoyoyo
with MIT License
from aiyoyoyo
private void _configure_tpl_notaccess_(HttpSecurity _hs, String _url, Template _tpl, List<SuperMenu> _menus) throws Exception {
_hs.authorizeRequests().antMatchers(_url).hasAnyAuthority(ISupportEL.ROLE_SUPERMAN);
final String login_page = "/" + CommonConfig.getString("jees.webs.login", "login");
_tpl.getPages().values().forEach(p -> {
boolean finder = false;
for (SuperMenu m : _menus) {
String t = m.getTpl();
if (templateService.isDefault(t))
t = "";
String menu_url = t + m.getUrl();
if (menu_url.equalsIgnoreCase(p.getUrl())) {
finder = true;
break;
}
}
if (!finder) {
try {
String p_url = p.getUrl();
if (!p.getUrl().equalsIgnoreCase(login_page)) {
_hs.authorizeRequests().antMatchers(p_url).hasAuthority(ISupportEL.ROLE_SUPERMAN);
log.debug("--配置默认访问路径和权限:URL=[" + p_url + "], ROLE=[" + ISupportEL.ROLE_SUPERMAN + "]");
}
} catch (Exception e) {
}
}
});
}
19
Source : WebSecurityConfig.java
with MIT License
from aiyoyoyo
with MIT License
from aiyoyoyo
/**
* 通过栏目包含的权限,来决定所需要的权限
*
* @param _hs 权限管理器
* @throws Exception 错误
*/
@Override
protected void configure(HttpSecurity _hs) throws Exception {
sDB.initialize();
if (!installConfig.isInstalled()) {
_hs.authorizeRequests().antMatchers("/**").permitAll();
_configure_dwr_(_hs);
return;
}
_configure_tpl_(_hs);
_configure_dwr_(_hs);
_configure_login_(_hs);
// 其他
if (CommonConfig.getBoolean("jees.webs.header.frameOptions", false))
_hs.headers().frameOptions().disable();
_hs.sessionManagement().maximumSessions(CommonConfig.getInteger("jees.webs.maxSession", 1000)).sessionRegistry(sessionRegistry());
}
19
Source : CommonSecurityAutoConfiguration.java
with Apache License 2.0
from Activiti
with Apache License 2.0
from Activiti
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests().anyRequest().permitAll().and().csrf().disable().httpBasic().disable();
}
See More Examples