org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeRequests()

Here are the examples of the java api org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeRequests() taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

577 Examples 7

19 Source : AuthConfig.java
with MIT License
from zidoshare

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http.authorizeRequests().anyRequest().permitAll().and().formLogin().and().apply(new PhoneCodeLoginConfigurer<>()).phoneCodeService((phone, code) -> {
        System.out.printf("phone:%s,code:%s\n", phone, code);
    }).and().apply(new RestSecurityContextConfigurer<>()).jwt();
}

19 Source : CasSecurityConfig.java
with Apache License 2.0
from zhaoguhong

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    if (casProperties.isEnable()) {
        http.authorizeRequests().and().addFilterBefore(casAuthenticationFilter(), BasicAuthenticationFilter.clreplaced).addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.clreplaced).exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint());
    }
}

19 Source : SecurityCoreAutoConfigurer.java
with MIT License
from ZeroOrInfinity

private void urlAuthorizationConfigurer(HttpSecurity http, UriHttpMethodTuple[] permitAllArray, UriHttpMethodTuple[] denyAllArray, UriHttpMethodTuple[] anonymousArray, UriHttpMethodTuple[] authenticatedArray, UriHttpMethodTuple[] fullyAuthenticatedArray, UriHttpMethodTuple[] rememberMeArray, Map<UriHttpMethodTuple, String[]> accessMap, Map<UriHttpMethodTuple, String[]> hasRoleMap, Map<UriHttpMethodTuple, String[]> hasAnyRoleMap, Map<UriHttpMethodTuple, String[]> hasAuthorityMap, Map<UriHttpMethodTuple, String[]> hasAnyAuthorityMap, Map<UriHttpMethodTuple, String[]> hasIpAddressMap) throws Exception {
    final ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
    // 根据 authorizeRequestType 设置权限
    setAuthorizeRequest(registry, permitAllArray, PERMIT_ALL);
    setAuthorizeRequest(registry, denyAllArray, DENY_ALL);
    setAuthorizeRequest(registry, anonymousArray, ANONYMOUS);
    setAuthorizeRequest(registry, authenticatedArray, AUTHENTICATED);
    setAuthorizeRequest(registry, fullyAuthenticatedArray, FULLY_AUTHENTICATED);
    setAuthorizeRequest(registry, rememberMeArray, REMEMBER_ME);
    // 根据 authorizeRequestType 设置权限
    setAuthorizeRequestPlus(registry, hasRoleMap, HAS_ROLE);
    setAuthorizeRequestPlus(registry, hasAnyRoleMap, HAS_ANY_ROLE);
    setAuthorizeRequestPlus(registry, hasAuthorityMap, HAS_AUTHORITY);
    setAuthorizeRequestPlus(registry, hasAnyAuthorityMap, HAS_ANY_AUTHORITY);
    setAuthorizeRequestPlus(registry, hasIpAddressMap, HAS_IP_ADDRESS);
    // 设置 ACCESS 权限
    if (accessMap.size() > 0) {
        final StringBuilder sb = new StringBuilder();
        accessMap.values().stream().flatMap(Arrays::stream).forEach(access -> sb.append(access).append(" and "));
        int interceptLen = 5;
        if (sb.length() > interceptLen) {
            sb.setLength(sb.length() - interceptLen);
            registry.anyRequest().access(sb.toString());
            return;
        }
    }
    registry.anyRequest().authenticated();
}

19 Source : WebSecurityConfig.java
with Apache License 2.0
from Xlinlin

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    // 基于token 接口间鉴权
    // tokenConfigure(httpSecurity);
    // 基于session 适应于浏览器
    sessionConfig(httpSecurity);
    httpSecurity.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll().antMatchers(anonymousUrls.split(",")).permitAll().anyRequest().authenticated();
    // 禁用缓存
    httpSecurity.headers().cacheControl();
    // 添加JWT filter
    httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePreplacedwordAuthenticationFilter.clreplaced);
    // 设置 鉴权失败和无权的处理
    httpSecurity.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).accessDeniedHandler(accessDeniedHandler);
}

19 Source : SpringWebConfig.java
with Apache License 2.0
from WeBankPartners

protected void configureLocalAuthentication(HttpSecurity http) throws Exception {
    // 
    http.authorizeRequests().antMatchers("/index.html").permitAll().antMatchers("/workflow/**").permitAll().antMatchers("/swagger-ui.html/**", "/swagger-resources/**").permitAll().antMatchers("/webjars/**").permitAll().antMatchers("/v2/api-docs").permitAll().antMatchers("/csrf").permitAll().antMatchers("/**").permitAll().anyRequest().authenticated().and().addFilter(// 
    jwtSsoBasedAuthenticationFilter()).csrf().disable().exceptionHandling().authenticationEntryPoint(// 
    new Http401AuthenticationEntryPoint());
}

19 Source : SpringWebConfig.java
with Apache License 2.0
from WeBankPartners

protected void configureLocalAuthentication(HttpSecurity http) throws Exception {
    // 
    http.authorizeRequests().antMatchers("/swagger-ui.html/**", "/swagger-resources/**").permitAll().antMatchers("/webjars/**").permitAll().antMatchers("/v2/api-docs").permitAll().antMatchers("/csrf").permitAll().antMatchers("/v1/route-items").permitAll().antMatchers("/v1/route-items/**").permitAll().antMatchers("/v1/health-check").permitAll().antMatchers("/v1/appinfo/loggers/query").permitAll().antMatchers("/v1/appinfo/loggers/update").permitAll().antMatchers("/v1/appinfo/version").permitAll().anyRequest().authenticated().and().addFilter(// 
    jwtSsoBasedAuthenticationFilter()).csrf().disable().exceptionHandling().authenticationEntryPoint(// 
    new Http401AuthenticationEntryPoint());
}

19 Source : LocalSpringWebConfig.java
with Apache License 2.0
from WeBankPartners

protected void configureLocalAuthentication(HttpSecurity http) throws Exception {
    // 
    http.authorizeRequests().antMatchers("/**").permitAll().and().addFilter(// 
    jwtSsoBasedAuthenticationFilter()).csrf().disable().exceptionHandling().authenticationEntryPoint(// 
    new Http401AuthenticationEntryPoint());
}

19 Source : WebSecurityConfig.java
with Apache License 2.0
from V1toss

protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/**").hasAnyRole("ADMIN", "USER").and().formLogin().and().httpBasic().and().csrf().disable();
}

19 Source : SecurityConfiguration.java
with MIT License
from TrainingByPackt

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/css/**", "/webjars/**", "/login").permitAll().antMatchers("/**").permitAll().and().formLogin().loginPage("/login").and().logout().logoutSuccessUrl("/").and().httpBasic().realmName("securityintro").and().cors();
}

19 Source : SecurityConfig.java
with MIT License
from tomoyane

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/api/v1/hello", "/api/v1/auth/**").permitAll().anyRequest().authenticated().and().csrf().disable().addFilter(preAuthenticatedProcessingFilter()).exceptionHandling().authenticationEntryPoint(new AuthEntryPoint());
}

19 Source : BootWebSecurityConfigurer.java
with Apache License 2.0
from Taskana

protected void addLoginPageConfiguration(HttpSecurity http) throws Exception {
    http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin().loginPage("/login").failureUrl("/login?error").defaultSuccessUrl("/").permitAll().and().logout().invalidateHttpSession(true).clearAuthentication(true).logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID").permitAll();
}

19 Source : SecurityConfig.java
with Apache License 2.0
from spring-projects-experimental

// formatter:off
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()).oauth2Login(oauth2Login -> oauth2Login.loginPage("/oauth2/authorization/messaging-client-oidc")).oauth2Client(withDefaults());
    return http.build();
}

19 Source : DefaultSecurityConfig.java
with Apache License 2.0
from spring-projects-experimental

// formatter:off
@Bean
SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
    http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()).formLogin(withDefaults());
    return http.build();
}

19 Source : SecurityConfig.java
with MIT License
from SourceLabOrg

/**
 * Sets up HttpSecurity for standard local user authentication.
 */
private void enableUserAuth(final HttpSecurity http) throws Exception {
    logger.info("Configuring with authenticated user access.");
    http.authorizeRequests().antMatchers("/register/**", "/login/**", "/vendors/**", "/css/**", "/js/**", "/img/**").permitAll().antMatchers("/configuration/user/edit/**", "/configuration/user/update").fullyAuthenticated().antMatchers(// Configuration
    "/configuration/**", // Create topic
    "/api/cluster/*/create/**", // Modify topic
    "/api/cluster/*/modify/**", // Delete topic
    "/api/cluster/*/delete/**", // Remove consumer group
    "/api/cluster/*/consumer/remove").hasRole("ADMIN").anyRequest().fullyAuthenticated().and().formLogin().loginPage("/login").usernameParameter("email").preplacedwordParameter("preplacedword").failureUrl("/login?error=true").defaultSuccessUrl("/").permitAll().and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login").permitAll();
}

19 Source : ProResourceServerConfigurerAdapter.java
with Apache License 2.0
from pro-cloud

/**
 * 对匹配的资源进行放行
 * @param http
 * @throws Exception
 */
@Override
public void configure(HttpSecurity http) throws Exception {
    String[] urls = Convert.toStrArray(permitProps.getIgnoreUrls());
    http.headers().frameOptions().disable();
    http.authorizeRequests().antMatchers(urls).permitAll();
    http.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll();
    http.authorizeRequests().anyRequest().authenticated().and().csrf().disable();
}

19 Source : SecurityConfiguration.java
with MIT License
from PearAdmin

/**
 * Describe: 配置 Security 控制逻辑
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers(securityProperty.getOpenApi()).permitAll().anyRequest().authenticated().and().addFilterBefore(securityCaptchaSupport, // 验证码验证类
    UsernamePreplacedwordAuthenticationFilter.clreplaced).httpBasic().authenticationEntryPoint(securityAuthenticationEntryPoint).and().formLogin().loginPage("/login").loginProcessingUrl("/login").successHandler(securityAccessSuccessHander).failureHandler(securityAccessFailureHander).and().logout().deleteCookies(// 退出登录删除 cookie缓存
    "JSESSIONID").logoutSuccessHandler(// 配置用户登出自定义处理类
    securityAccessLogoutHander).and().exceptionHandling().accessDeniedHandler(// 配置没有权限自定义处理类
    securityAccessDeniedHander).and().rememberMe().rememberMeParameter("remember-me").rememberMeCookieName("rememberme-token").tokenRepository(securityUserTokenService).key(securityProperty.getRememberKey()).and().sessionManagement().sessionFixation().migrateSession().sessionCreationPolicy(// 在需要使用到session时才创建session
    SessionCreationPolicy.IF_REQUIRED).maximumSessions(// 同时登陆多个只保留一个
    1).maxSessionsPreventsLogin(false).expiredSessionStrategy(// //踢出用户操作
    securityExpiredSessionHandler).sessionRegistry(// 用于统计在线
    sessionRegistry());
    // 取消跨站请求伪造防护
    http.csrf().disable();
    // 防止iframe 造成跨域
    http.headers().frameOptions().disable();
}

19 Source : SecurityConfig.java
with MIT License
from PacktPublishing

/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests().antMatchers("/admin/h2/**").permitAll().antMatchers("/").permitAll().antMatchers("/login/*").permitAll().antMatchers("/logout").permitAll().antMatchers("/signup/*").permitAll().antMatchers("/errors/**").permitAll().antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()").antMatchers("/events/").hasRole("ADMIN").antMatchers("/**").hasRole("USER");
    // Login
    http.formLogin().loginPage("/login/form").loginProcessingUrl("/login").failureUrl("/login/form?error").usernameParameter("username").preplacedwordParameter("preplacedword").defaultSuccessUrl("/default", true).permitAll();
    // Logout
    http.logout().logoutUrl("/logout").logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true).permitAll();
    // Anonymous
    http.anonymous();
    // CSRF is enabled by default, with Java Config
    http.csrf().disable();
    // Exception Handling
    http.exceptionHandling().accessDeniedPage("/errors/403");
    // remember me configuration
    http.rememberMe().key("jbcpCalendar").rememberMeServices(rememberMeServices);
    // SSL / TLS x509 support
    http.x509().x509AuthenticationFilter(x509Filter());
    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}

19 Source : SecurityConfig.java
with MIT License
from PacktPublishing

/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests().antMatchers("/admin/h2/**").permitAll().antMatchers("/login/*").permitAll().antMatchers("/logout").permitAll().antMatchers("/signup/*").permitAll().antMatchers("/errors/**").permitAll().antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()").antMatchers("/events/").hasRole("ADMIN").antMatchers("/**").hasRole("USER");
    // Login
    http.formLogin().loginPage("/login/form").loginProcessingUrl("/login").failureUrl("/login/form?error").usernameParameter("username").preplacedwordParameter("preplacedword").defaultSuccessUrl("/default", true).permitAll();
    // Logout
    http.logout().logoutUrl("/logout").logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true).permitAll();
    // Anonymous
    http.anonymous();
    // CSRF is enabled by default, with Java Config
    http.csrf().disable();
    // Exception Handling
    http.exceptionHandling().accessDeniedPage("/errors/403");
    // remember me configuration
    http.rememberMe().key("jbcpCalendar").rememberMeServices(rememberMeServices);
    // SSL / TLS x509 support
    http.x509().x509AuthenticationFilter(x509Filter());
    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}

19 Source : SecurityConfig.java
with MIT License
from PacktPublishing

/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests().antMatchers("/admin/h2/**").permitAll().antMatchers("/").permitAll().antMatchers("/login/*").permitAll().antMatchers("/logout").permitAll().antMatchers("/signup/*").permitAll().antMatchers("/errors/**").permitAll().antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()").antMatchers("/events/").hasRole("ADMIN").antMatchers("/**").hasRole("USER");
    http.addFilterAt(casFilter, CasAuthenticationFilter.clreplaced);
    http.addFilterBefore(singleSignOutFilter, LogoutFilter.clreplaced);
    // Logout
    http.logout().logoutUrl("/logout").logoutSuccessUrl(creplacederverLogout).permitAll();
    // Anonymous
    http.anonymous();
    // CSRF is enabled by default, with Java Config
    http.csrf().disable();
    // Exception Handling
    http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint).accessDeniedPage("/errors/403");
    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}

19 Source : SecurityConfig.java
with MIT License
from PacktPublishing

/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests().antMatchers("/admin/h2/**").permitAll().antMatchers("/").permitAll().antMatchers("/login/*").permitAll().antMatchers("/logout").permitAll().antMatchers("/signup/*").permitAll().antMatchers("/errors/**").permitAll().antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()").antMatchers("/events/").hasRole("ADMIN").antMatchers("/**").hasRole("USER");
    // Login
    /*http.formLogin()
                .loginPage("/login/form")
                .loginProcessingUrl("/login")
                .failureUrl("/login/form?error")
                .usernameParameter("username")
                .preplacedwordParameter("preplacedword")
                .defaultSuccessUrl("/default", true)
                .permitAll();*/
    // Logout
    http.logout().logoutUrl("/logout").logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true).permitAll();
    // Anonymous
    http.anonymous();
    // CSRF is enabled by default, with Java Config
    http.csrf().disable();
    http.addFilterAt(casFilter, CasAuthenticationFilter.clreplaced);
    // Exception Handling
    http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint).accessDeniedPage("/errors/403");
    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}

19 Source : SecurityConfig.java
with MIT License
from PacktPublishing

/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/admin/h2/**").permitAll().antMatchers("/").permitAll().antMatchers("/login/*").permitAll().antMatchers("/logout").permitAll().antMatchers("/signup/*").permitAll().antMatchers("/errors/**").permitAll().antMatchers("/admin/*").hasRole("ADMIN").antMatchers("/events/").hasRole("ADMIN").antMatchers("/**").hasRole("USER").and().exceptionHandling().accessDeniedPage("/errors/403").authenticationEntryPoint(loginUrlAuthenticationEntryPoint()).and().logout().logoutUrl("/logout").logoutSuccessUrl("/login/form?logout").permitAll().and().anonymous().and().csrf().disable().addFilterAt(domainUsernamePreplacedwordAuthenticationFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced);
    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}

19 Source : WebSecurityConfig.java
with MIT License
from PacktPublishing

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/").permitAll().anyRequest().fullyAuthenticated().and().formLogin().loginPage("/login").permitAll().defaultSuccessUrl("/privatePage", true).failureUrl("/login?error=true").and().logout().permitAll().logoutSuccessUrl("/login?logout=true");
    logger.info("configure method is called to make the resources secure ...");
    super.configure(http);
}

19 Source : AppSecurityModelJ.java
with MIT License
from PacktPublishing

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/login**", "/after**").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login.html").defaultSuccessUrl("/deptform.html").failureUrl("/login.html?error=true").successHandler(customSuccessHandler).and().logout().logoutUrl("/logout.html").logoutSuccessHandler(customLogoutHandler);
    http.csrf().disable();
}

19 Source : AppSecurityModelG.java
with MIT License
from PacktPublishing

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/login**", "/after**").permitAll().antMatchers("/session*").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login.html").defaultSuccessUrl("/deptform.html").failureUrl("/login.html?error=true").successHandler(customSuccessHandler).and().logout().logoutUrl("/logout.html").logoutSuccessHandler(customLogoutHandler).invalidateHttpSession(true).deleteCookies("JSESSIONID").and().exceptionHandling().accessDeniedPage("/access_denied.html");
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).maximumSessions(1).maxSessionsPreventsLogin(true).expiredUrl("/session_expired.html").and().enableSessionUrlRewriting(true).invalidSessionUrl("/session_invalid.html");
    http.csrf().disable();
}

19 Source : AppSecurityModelF.java
with MIT License
from PacktPublishing

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/login**", "/after**").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login.html").defaultSuccessUrl("/deptform.html").failureUrl("/login.html?error=true").successHandler(customSuccessHandler).and().logout().logoutUrl("/logout.html").logoutSuccessHandler(customLogoutHandler).and().exceptionHandling().accessDeniedPage("/access_denied.html");
    http.csrf().disable();
}

19 Source : SecurityConfiguration.java
with MIT License
from PacktPublishing

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/").permitAll().and().authorizeRequests().antMatchers("/profile/*").authenticated().and().authorizeRequests().anyRequest().authenticated().and().httpBasic().and().oauth2Login().and().csrf().disable();
    // custom token exchanger for Facebook
    http.oauth2Login().userInfoEndpoint().userNameAttributeName("name", URI.create(properties.getUserInfoUri())).and().tokenEndpoint().accessTokenRepository(tokenStore).authorizationCodeTokenExchanger(new FacebookAuthorizationGrantTokenExchanger());
}

19 Source : PoseidonAuthConfigAdapter.java
with Apache License 2.0
from muggle0

@Override
protected void configure(HttpSecurity http) throws Exception {
    log.debug("》》》》 启动security配置");
    String[] paths = new String[SecurityStore.ACCESS_PATHS.size()];
    SecurityStore.ACCESS_PATHS.toArray(paths);
    http.authorizeRequests().antMatchers(paths).permitAll().antMatchers("/api/**", "/poseidon/**").permitAll().antMatchers("/admin/oauth/**").hasRole("admin").anyRequest().authenticated().accessDecisionManager(accessDecisionManager()).and().csrf().disable();
    http.addFilterBefore(poseidonTokenFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced);
    http.exceptionHandling().authenticationEntryPoint(loginUrlAuthenticationEntryPoint()).accessDeniedHandler(new PoseidonAccessDeniedHandler());
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
}

19 Source : SecurityConfig.java
with Apache License 2.0
from mposolda

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http.authorizeRequests().antMatchers("/app", "/app/", "/app*", "/app/**").hasRole("USER").anyRequest().permitAll();
}

19 Source : WebSecurityConfig.java
with GNU General Public License v3.0
from microacup

@Override
protected void configure(HttpSecurity http) throws Exception {
    configureHeaders(http.headers());
    http.addFilterBefore(myFilterSecurityInterceptor(), FilterSecurityInterceptor.clreplaced);
    http.authorizeRequests().antMatchers("/", "/static/**", "/test/**", "/500", "/404", "/oauth/**", "/oauth2/**").permitAll().anyRequest().authenticated().and().rememberMe().and().formLogin().loginPage("/login").permitAll().and().logout().logoutUrl("/logout").logoutSuccessUrl("/login").permitAll();
    http.csrf().ignoringAntMatchers("/oauth2/**", "/api/**");
}

19 Source : OpenApiSecurityConfigurer.java
with Apache License 2.0
from melthaw

private void configAccess(HttpSecurity http) throws Exception {
    http.headers().frameOptions().disable();
    http.authorizeRequests().accessDecisionManager(accessDecisionManager()).antMatchers("/", "/static/**", "/login**", "/guest/**").permitAll().antMatchers("/api/shared/**").hasRole("USER").antMatchers("/api/_devops_/**").hasRole("ADMIN").antMatchers("/api/**").access("preplacedRbacCheck").and().exceptionHandling().authenticationEntryPoint(authenticationEntryPointImpl()).accessDeniedHandler(accessDeniedHandlerImpl());
}

19 Source : SecurityConfig.java
with Apache License 2.0
from luotuo

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().mvcMatchers("/**").permitAll().anyRequest().fullyAuthenticated().mvcMatchers("/login", "/login/wechat").permitAll().and().formLogin().successHandler(new MyAuthenticationSuccessHandler()).failureHandler(new MySimpleUrlAuthenticationFailureHandler()).and().logout().logoutSuccessHandler(new RestLogoutSuccessHandler()).and().exceptionHandling().authenticationEntryPoint(new RestAuthenticationEntryPoint());
    http.addFilterAt(myFilterSecurityInterceptor, FilterSecurityInterceptor.clreplaced);
    http.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.clreplaced);
    // http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
    http.csrf().disable();
}

19 Source : SecurityConfig.java
with Apache License 2.0
from linnykoleh

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().regexMatchers("/chief/.*").hasRole("CHIEF").regexMatchers("/agent/.*").access("hasRole('USER') and principal.name='James Bond'").anyRequest().authenticated().and().httpBasic().and().requiresChannel().anyRequest().requiresSecure();
    http.exceptionHandling().accessDeniedPage("/accessDenied");
    http.formLogin().loginPage("/login").permitAll();
    http.logout().logoutUrl("/customlogout");
    http.addFilterBefore(securityContextPersistenceFilter(), SecurityContextPersistenceFilter.clreplaced);
    http.addFilterAt(exceptionTranslationFilter(), ExceptionTranslationFilter.clreplaced);
    // This ensures filter ordering by default
    http.addFilter(filterSecurityInterceptor());
    http.addFilterAfter(new CustomFilter(), FilterSecurityInterceptor.clreplaced);
}

19 Source : SecurityConfig.java
with Apache License 2.0
from keycloak

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http.authorizeRequests().antMatchers("/products*").hasRole("USER").anyRequest().permitAll();
}

19 Source : WebSecurityConfig.java
with Apache License 2.0
from jitwxs

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/getVerifyCode").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login").defaultSuccessUrl("/").permitAll().failureUrl("/login/error").and().addFilterBefore(new VerifyFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced).logout().permitAll().and().rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(60).userDetailsService(userDetailsService);
    // 关闭CSRF跨域
    http.csrf().disable();
}

19 Source : SecurityConfig.java
with Apache License 2.0
from jgrandja

// @formatter:off
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http.authorizeRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()).oauth2Login(oauth2Login -> oauth2Login.loginPage("/oauth2/authorization/login-client").failureUrl("/login?error").permitAll()).oauth2Client(withDefaults()).logout(AbstractHttpConfigurer::disable);
    return http.build();
}

19 Source : ResourceServerConfiguration.java
with Apache License 2.0
from hello-shf

@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers(EXCLUDED_AUTH_PAGES).permitAll().anyRequest().authenticated();
}

19 Source : WebSecurityConfig.java
with Apache License 2.0
from hello-shf

@Override
public void configure(HttpSecurity http) throws Exception {
    http.cors().and().csrf().disable();
    http.authorizeRequests().antMatchers("/getVerifyCode").permitAll().anyRequest().authenticated().and().formLogin().loginPage(// 登录页,当未登录时会重定向到该页面
    "/login_page").successHandler(// 登录成功处理
    authenticationSuccessHandler()).failureHandler(// 登录失败处理
    authenticationFailureHandler()).authenticationDetailsSource(// 自定义验证逻辑,增加验证码信息
    authenticationDetailsSource).loginProcessingUrl(// restful登录请求地址
    "/login").usernameParameter(// 默认的用户名参数
    "username").preplacedwordParameter(// 默认的密码参数
    "preplacedword").permitAll().and().logout().permitAll().logoutSuccessHandler(logoutSuccessHandler()).and().exceptionHandling().accessDeniedHandler(// 权限不足
    accessDeniedHandler());
    http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePreplacedwordAuthenticationFilter.clreplaced);
    http.headers().cacheControl();
}

19 Source : WebSecurityConfig.java
with The Unlicense
from h-e-n-r-y

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/register", "/img/**", "/css/**", "/js/**", "/*.js").permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().logout().permitAll();
    http.authorizeRequests().antMatchers("/public/**").permitAll();
    // for h2 console
    http.authorizeRequests().antMatchers("/console/**").hasRole("SA_ROLE");
    http.csrf().ignoringAntMatchers("/console/**");
    http.headers().frameOptions().disable();
}

19 Source : WebSecurityConfig.java
with Apache License 2.0
from Frodez

/**
 * 主配置
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    // 开启https
    if (serverProperties.getSsl().isEnabled()) {
        http.requiresChannel().anyRequest().requiresSecure();
    }
    // 开启跨域共享,  跨域伪造请求限制=无效
    http.cors().and().csrf().disable();
    // 禁止缓存
    http.headers().cacheControl();
    // 无权限时处理
    http.exceptionHandling().authenticationEntryPoint(authentication);
    http.exceptionHandling().accessDeniedHandler(accessDenied);
    // 不创建session
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    // 配置token验证过滤器
    http.addFilterBefore(filter, UsernamePreplacedwordAuthenticationFilter.clreplaced);
    // 地址配置
    var registry = http.authorizeRequests();
    // 不控制的地址
    registry.antMatchers(permitAllPathList()).permitAll();
    registry.antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
    // 在密码验证过滤器前执行jwt过滤器
    registry.anyRequest().authenticated();
}

19 Source : FebsCloudResourceServerConfigure.java
with Apache License 2.0
from febsteam

private void permitAll(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.authorizeRequests().anyRequest().permitAll();
}

19 Source : BaseWebSecurityConfig.java
with Apache License 2.0
from devonfw

/**
 * Configure spring security to enable a simple webform-login + a simple rest login.
 */
@Override
public void configure(HttpSecurity http) throws Exception {
    String[] unsecuredResources = new String[] { "/login", "/security/**", "/services/rest/login", "/services/rest/logout" };
    /**
     * http
     *         //
     *         .userDetailsService(this.userDetailsService)
     *         // define all urls that are not to be secured
     *         .authorizeRequests().antMatchers(unsecuredResources).permitAll().anyRequest().authenticated().and()
     *
     *         // activate crsf check for a selection of urls (but not for login & logout)
     *         .csrf().requireCsrfProtectionMatcher(new CsrfRequestMatcher()).and()
     *
     *         // configure parameters for simple form login (and logout)
     *         .formLogin().successHandler(new SimpleUrlAuthenticationSuccessHandler()).defaultSuccessUrl("/")
     *         .failureUrl("/login.html?error").loginProcessingUrl("/j_spring_security_login").usernameParameter("username")
     *         .preplacedwordParameter("preplacedword").and()
     *         // logout via POST is possible
     *         .logout().logoutSuccessUrl("/login.html").and()
     *
     *         // register login and logout filter that handles rest logins
     *         .addFilterAfter(getSimpleRestAuthenticationFilter(), BasicAuthenticationFilter.clreplaced)
     *         .addFilterAfter(getSimpleRestLogoutFilter(), LogoutFilter.clreplaced);
     */
    http.authorizeRequests().anyRequest().permitAll().and().csrf().disable();
    if (this.corsEnabled) {
        http.addFilterBefore(getCorsFilter(), CsrfFilter.clreplaced);
    }
}

19 Source : SecurityConfig.java
with GNU Lesser General Public License v3.0
from datageartech

@Override
protected void configure(HttpSecurity http) throws Exception {
    boolean disableAnonymous = isDisableAnonymous();
    // 默认是开启CSRF的,系统目前没有提供相关支持,因此需禁用
    http.csrf().disable();
    // 默认"X-Frame-Options"值为"DENY",这会导致系统的图表/看板展示页面无法被其他应用嵌入iframe,因此需禁用
    http.headers().frameOptions().disable();
    http.authorizeRequests().antMatchers("/changeThemeData/**").permitAll().antMatchers("/replacedysis/chartPlugin/icon/*", "/replacedysis/chartPlugin/chartPluginManager.js", "/replacedysis/chart/show/**", "/replacedysis/chart/showData", "/replacedysis/dashboard/show/**", "/replacedysis/dashboard/showData", "/replacedysis/dashboard/loadChart", "/replacedysis/dashboard/heartbeat").access(AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/schema/add", "/schema/saveadd", "/schema/edit", "/schema/saveedit", "/schema/delete").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN).antMatchers("/schema/**").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/data/**").access(disableAnonymous ? AUTH_USER_ADMIN : AUTH_ANONYMOUS_USER_ADMIN).antMatchers("/dataexchange/**").access(disableAnonymous ? AUTH_USER_ADMIN : AUTH_ANONYMOUS_USER_ADMIN).antMatchers("/sqlpad/**").access(disableAnonymous ? AUTH_USER_ADMIN : AUTH_ANONYMOUS_USER_ADMIN).antMatchers("/sqlEditor/**").access(disableAnonymous ? AUTH_USER_ADMIN : AUTH_ANONYMOUS_USER_ADMIN).antMatchers("/replacedysis/dataSet/addFor*", "/replacedysis/dataSet/saveAddFor*", "/replacedysis/dataSet/edit", "/replacedysis/dataSet/saveEditFor*", "/replacedysis/dataSet/delete", "/replacedysis/dataSet/uploadFile").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN).antMatchers("/replacedysis/dataSet/**").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/replacedysis/chart/add", "/replacedysis/chart/edit", "/replacedysis/chart/save", "/replacedysis/chart/delete").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN).antMatchers("/replacedysis/chart/**").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/replacedysis/dashboard/add", "/replacedysis/dashboard/edit", "/replacedysis/dashboard/save", "/replacedysis/dashboard/saveTemplateNames", "/replacedysis/dashboard/deleteResource", "/replacedysis/dashboard/uploadResourceFile", "/replacedysis/dashboard/saveResourceFile", "/replacedysis/dashboard/import", "/replacedysis/dashboard/uploadImportFile", "/replacedysis/dashboard/saveImport", "/replacedysis/dashboard/delete").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN).antMatchers("/replacedysis/dashboard/**").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/replacedysis/project/add", "/replacedysis/project/edit", "/replacedysis/project/save", "/replacedysis/project/delete").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN).antMatchers("/replacedysis/project/**").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/replacedysis/chartPlugin/select", "/replacedysis/chartPlugin/selectData").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/replacedysis/chartPlugin/**").access(AUTH_ADMIN).antMatchers("/dataSetResDirectory/view", "/dataSetResDirectory/select", "/dataSetResDirectory/pagingQueryData", "/dataSetResDirectory/listFiles").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/dataSetResDirectory/**").access(AUTH_ADMIN).antMatchers("/authorization/**").access(AUTH_USER_ADMIN).antMatchers("/driverEnreplacedy/view", "/driverEnreplacedy/select", "/driverEnreplacedy/queryData", "/driverEnreplacedy/downloadDriverFile", "/driverEnreplacedy/listDriverFile").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/driverEnreplacedy/**").access(AUTH_ADMIN).antMatchers("/schemaUrlBuilder/buildUrl").access(disableAnonymous ? AUTH_USER_ADMIN_AND_DATA_ADMIN_replacedYST : AUTH_ANONYMOUS_USER_ADMIN_AND_DATA_ADMIN_replacedYST).antMatchers("/schemaUrlBuilder/*").access(AUTH_ADMIN).antMatchers("/user/personalSet", "/user/savePersonalSet").access(AUTH_USER_ADMIN).antMatchers("/user/select", "/user/pagingQueryData").access(AUTH_USER_ADMIN).antMatchers("/user/**").access(AUTH_ADMIN).antMatchers("/role/select", "/role/pagingQueryData").access(AUTH_USER_ADMIN).antMatchers("/role/**").access(AUTH_ADMIN).antMatchers("/login/**", "/register/**", "/resetPreplacedword/**").access(AUTH_ANONYMOUS).antMatchers("/**").access(disableAnonymous ? AUTH_USER_ADMIN : AUTH_ANONYMOUS_USER_ADMIN).and().formLogin().loginPage("/login").loginProcessingUrl("/login/doLogin").usernameParameter("name").preplacedwordParameter("preplacedword").successHandler(getAuthenticationSuccessHandler()).and().logout().logoutUrl("/logout").invalidateHttpSession(true).logoutSuccessUrl("/").and().rememberMe().key("REMEMBER_ME_KEY").tokenValiditySeconds(60 * 60 * 24 * 365).rememberMeParameter("rememberMe").rememberMeCookieName("REMEMBER_ME");
    configureAnonymous(http);
}

19 Source : SecurityConfig.java
with MIT License
from dailycodebuffer

protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.authorizeRequests().anyRequest().permitAll().and().csrf().disable();
}

19 Source : SpringSecurityConfiguration.java
with Apache License 2.0
from crnk-project

@Override
protected void configure(HttpSecurity http) throws Exception {
    // consider moving to stateless and handle token on Angular side
    if (properties.isSecurityEnabled()) {
        // @formatter:off
        http.antMatcher("/**").authorizeRequests().antMatchers("/", "/favicon.ico", "/replacedets/**", "/login**", "/styles**", "/inline**", "/polyfills**", "/scripts***", "/main**").permitAll().anyRequest().authenticated().and().logout().logoutSuccessUrl("/").permitAll().and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and().exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)).and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.clreplaced);
    // @formatter:on
    } else {
        http.authorizeRequests().antMatchers("/**").permitAll();
        http.csrf().disable();
    }
}

19 Source : SecurityConfig.java
with Apache License 2.0
from arohou

private void runUnsecured(HttpSecurity http) throws Exception {
    log.info("Running unsecured");
    http.authorizeRequests().anyRequest().permitAll().and().csrf().disable();
}

19 Source : AtlasSecurityConfig.java
with Apache License 2.0
from apache

protected void configure(HttpSecurity httpSecurity) throws Exception {
    // @formatter:off
    httpSecurity.authorizeRequests().anyRequest().authenticated().and().headers().addHeaderWriter(new StaticHeadersWriter(HeadersUtil.CONTENT_SEC_POLICY_KEY, HeadersUtil.headerMap.get(HeadersUtil.CONTENT_SEC_POLICY_KEY))).addHeaderWriter(new StaticHeadersWriter(SERVER_KEY, HeadersUtil.headerMap.get(SERVER_KEY))).and().servletApi().and().csrf().disable().sessionManagement().enableSessionUrlRewriting(false).sessionCreationPolicy(SessionCreationPolicy.ALWAYS).sessionFixation().newSession().and().httpBasic().authenticationEntryPoint(getDelegatingAuthenticationEntryPoint()).and().formLogin().loginPage("/login.jsp").loginProcessingUrl("/j_spring_security_check").successHandler(successHandler).failureHandler(failureHandler).usernameParameter("j_username").preplacedwordParameter("j_preplacedword").and().logout().logoutSuccessUrl("/login.jsp").deleteCookies("ATLreplacedESSIONID").logoutUrl("/logout.html");
    // @formatter:on
    boolean configMigrationEnabled = !StringUtils.isEmpty(configuration.getString(ATLAS_MIGRATION_MODE_FILENAME));
    if (configuration.getBoolean("atlas.server.ha.enabled", false) || configMigrationEnabled) {
        if (configMigrationEnabled) {
            LOG.info("Atlas is in Migration Mode, enabling ActiveServerFilter");
        } else {
            LOG.info("Atlas is in HA Mode, enabling ActiveServerFilter");
        }
        httpSecurity.addFilterAfter(activeServerFilter, BasicAuthenticationFilter.clreplaced);
    }
    httpSecurity.addFilterAfter(staleTransactionCleanupFilter, BasicAuthenticationFilter.clreplaced).addFilterBefore(ssoAuthenticationFilter, BasicAuthenticationFilter.clreplaced).addFilterAfter(atlasAuthenticationFilter, SecurityContextHolderAwareRequestFilter.clreplaced).addFilterAfter(csrfPreventionFilter, AtlasAuthenticationFilter.clreplaced);
    if (keycloakEnabled) {
        httpSecurity.logout().addLogoutHandler(keycloakLogoutHandler()).and().addFilterBefore(keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.clreplaced).addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.clreplaced).addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.clreplaced).addFilterAfter(keycloakAuthenticatedActionsRequestFilter(), KeycloakSecurityContextRequestFilter.clreplaced);
    }
}

19 Source : WebSecurityConfig.java
with MIT License
from aiyoyoyo

private void _configure_login_(HttpSecurity _hs) throws Exception {
    String login_page = "/" + CommonConfig.getString("jees.webs.login", "login");
    String logout_page = "/" + CommonConfig.getString("jees.webs.logout", "logout");
    _hs.authorizeRequests().and().formLogin().loginPage(login_page).successHandler(successHandler()).failureHandler(failureHandler()).permitAll().and().logout().logoutUrl(logout_page).permitAll();
}

19 Source : WebSecurityConfig.java
with MIT License
from aiyoyoyo

private void _configure_tpl_notaccess_(HttpSecurity _hs, String _url, Template _tpl, List<SuperMenu> _menus) throws Exception {
    _hs.authorizeRequests().antMatchers(_url).hasAnyAuthority(ISupportEL.ROLE_SUPERMAN);
    final String login_page = "/" + CommonConfig.getString("jees.webs.login", "login");
    _tpl.getPages().values().forEach(p -> {
        boolean finder = false;
        for (SuperMenu m : _menus) {
            String t = m.getTpl();
            if (templateService.isDefault(t))
                t = "";
            String menu_url = t + m.getUrl();
            if (menu_url.equalsIgnoreCase(p.getUrl())) {
                finder = true;
                break;
            }
        }
        if (!finder) {
            try {
                String p_url = p.getUrl();
                if (!p.getUrl().equalsIgnoreCase(login_page)) {
                    _hs.authorizeRequests().antMatchers(p_url).hasAuthority(ISupportEL.ROLE_SUPERMAN);
                    log.debug("--配置默认访问路径和权限:URL=[" + p_url + "], ROLE=[" + ISupportEL.ROLE_SUPERMAN + "]");
                }
            } catch (Exception e) {
            }
        }
    });
}

19 Source : WebSecurityConfig.java
with MIT License
from aiyoyoyo

/**
 * 通过栏目包含的权限,来决定所需要的权限
 *
 * @param _hs 权限管理器
 * @throws Exception 错误
 */
@Override
protected void configure(HttpSecurity _hs) throws Exception {
    sDB.initialize();
    if (!installConfig.isInstalled()) {
        _hs.authorizeRequests().antMatchers("/**").permitAll();
        _configure_dwr_(_hs);
        return;
    }
    _configure_tpl_(_hs);
    _configure_dwr_(_hs);
    _configure_login_(_hs);
    // 其他
    if (CommonConfig.getBoolean("jees.webs.header.frameOptions", false))
        _hs.headers().frameOptions().disable();
    _hs.sessionManagement().maximumSessions(CommonConfig.getInteger("jees.webs.maxSession", 1000)).sessionRegistry(sessionRegistry());
}

19 Source : CommonSecurityAutoConfiguration.java
with Apache License 2.0
from Activiti

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http.authorizeRequests().anyRequest().permitAll().and().csrf().disable().httpBasic().disable();
}

See More Examples