org.springframework.security.config.annotation.web.builders.HttpSecurity.csrf()

Here are the examples of the java api org.springframework.security.config.annotation.web.builders.HttpSecurity.csrf() taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

503 Examples 7

18 Source : WebSecurityConfig.java
with Apache License 2.0
from ztgreat

/**
 * 匹配 "/" 路径,不需要权限即可访问
 * 匹配 "/user" 及其以下所有路径,都需要 "USER" 权限
 * 登录地址为 "/login",登录成功默认跳转到页面 "/user"
 * 退出登录的地址为 "/logout",退出成功后跳转到页面 "/login"
 * 默认启用 CSRF
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    this.urlMetadataSource.setUrlPrefix(this.getUrlPrefix());
    this.urlMetadataSource.setUrlLogout(this.getUrlLogout());
    http.csrf().disable().authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {

        @Override
        public <O extends FilterSecurityInterceptor> O postProcess(O o) {
            o.setSecurityMetadataSource(urlMetadataSource);
            o.setAccessDecisionManager(urlAccessDecisionManager);
            return o;
        }
    }).and().exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint());
    http.addFilterAt(customAuthenticationFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced);
}

18 Source : RestSecurityConfigureAdapter.java
with MIT License
from zidoshare

protected void configure(HttpSecurity http) throws Exception {
    if (!disableDefaults) {
        http.csrf(AbstractHttpConfigurer::disable).addFilter(new WebAsyncManagerIntegrationFilter()).exceptionHandling(handling -> handling.accessDeniedHandler(new RestAccessDeniedHandlerImpl())).exceptionHandling(handling -> handling.authenticationEntryPoint(new RestAuthenticationEntryPoint())).headers().and().apply(new RestSecurityContextConfigurer<>()).and().formLogin(form -> form.successHandler(new RestAuthenticationSuccessHandler()).failureHandler(new RestAuthenticationFailureHandler()).loginProcessingUrl("/users/sessions")).anonymous().and().servletApi().and().logout();
    }
}

18 Source : SecurityConfig.java
with Apache License 2.0
from ZainZhao

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    // 由于使用的是JWT,我们这里不需要csrf
    httpSecurity.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers(// 允许对于网站静态资源的无授权访问
    HttpMethod.GET, "/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js", "/swagger-resources/**", "/v2/api-docs/**").permitAll().antMatchers("/staff/login", // 对登录注册要允许匿名访问
    "/staff/register").permitAll().antMatchers(// 跨域请求会先进行一次options请求
    HttpMethod.OPTIONS).permitAll().antMatchers(// 测试时全部运行访问
    "/**").permitAll().anyRequest().authenticated();
    // 禁用缓存
    httpSecurity.headers().frameOptions().disable().cacheControl();
    // 添加JWT filter
    httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced);
    // 添加自定义未授权和未登录结果返回
    httpSecurity.exceptionHandling().accessDeniedHandler(restfulAccessDeniedHandler).authenticationEntryPoint(restAuthenticationEntryPoint);
}

18 Source : SecurityConfig.java
with Apache License 2.0
from ZainZhao

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    // 由于使用的是JWT,我们这里不需要csrf
    httpSecurity.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers(// 允许对于网站静态资源的无授权访问
    HttpMethod.GET, "/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js", "/swagger-resources/**", "/v2/api-docs/**", "/app/**").permitAll().antMatchers("/staff/login", // 对登录注册要允许匿名访问
    "/staff/register").permitAll().antMatchers(// 跨域请求会先进行一次options请求
    HttpMethod.OPTIONS).permitAll().antMatchers(// 测试时全部运行访问
    "/**").permitAll().anyRequest().authenticated();
    // 禁用缓存
    httpSecurity.headers().frameOptions().disable().cacheControl();
    // 添加JWT filter
    httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced);
    // 添加自定义未授权和未登录结果返回
    httpSecurity.exceptionHandling().accessDeniedHandler(restfulAccessDeniedHandler).authenticationEntryPoint(restAuthenticationEntryPoint);
}

18 Source : SecurityConfig.java
with MIT License
from yzsunlei

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    // 由于使用的是JWT,我们这里不需要csrf
    httpSecurity.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers(// 允许对于网站静态资源的无授权访问
    HttpMethod.GET, "/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js", "/swagger-resources/**", "/v2/api-docs/**").permitAll().antMatchers("/admin/login", // 对登录注册要允许匿名访问
    "/admin/register").permitAll().antMatchers(// 跨域请求会先进行一次options请求
    HttpMethod.OPTIONS).permitAll().antMatchers(// 测试时全部运行访问
    "/**").permitAll().anyRequest().authenticated();
    // 禁用缓存
    httpSecurity.headers().cacheControl();
    // 添加JWT filter
    httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced);
    // 添加自定义未授权和未登录结果返回
    httpSecurity.exceptionHandling().accessDeniedHandler(restfulAccessDeniedHandler).authenticationEntryPoint(restAuthenticationEntryPoint);
}

18 Source : WebSecurityConfig.java
with MIT License
from yupaits

@Override
public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().requestMatchers().antMatchers("/login", "/oauth/authorize").and().authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll();
}

18 Source : WebSecurityConfig.java
with Apache License 2.0
from XiaoMi

@Override
protected void configure(HttpSecurity http) throws Exception {
    if (ShepherConstants.LOGIN_TYPE_LDAP.equals(loginType.toUpperCase())) {
        http.csrf().disable().authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin();
    } else if (ShepherConstants.LOGIN_TYPE_CAS.equals(loginType.toUpperCase())) {
        http.csrf().disable().addFilter(new UsernamePreplacedwordAuthenticationFilter()).addFilterBefore(casAuthenticationFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced).addFilterAfter(getCas20ProxyReceivingTicketValidationFilter(), AuthenticationFilter.clreplaced);
    } else if (ShepherConstants.LOGIN_TYPE_DEMO.equals(loginType.toUpperCase())) {
        http.csrf().disable().authorizeRequests().anyRequest().hasRole("USER").and().formLogin().loginPage("/login").preplacedwordParameter("preplacedword").usernameParameter("username").permitAll().and().logout().permitAll();
    }
}

18 Source : SecurityConfiguration.java
with MIT License
from vsfexperts

@Override
protected void configure(final HttpSecurity http) throws Exception {
    super.configure(http);
    // 
    http.csrf().disable().logout().logoutSuccessUrl("/");
}

18 Source : SecurityConfig.java
with Apache License 2.0
from telstra

/*
     * (non-Javadoc)
     *
     * @see org.springframework.security.config.annotation.web.configuration.
     * WebSecurityConfigurerAdapter
     * #configure(org.springframework.security.config.annotation.web.builders.
     * HttpSecurity)
     */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    http.csrf().ignoringAntMatchers("/saml/**").csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and().authorizeRequests().antMatchers("/login", "/authenticate", "/saml/authenticate", "/forgotpreplacedword", "/401", "/saml/login/**", "/saml/metadata/**", "/saml/SSO/**").permitAll().and().addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.clreplaced).exceptionHandling().accessDeniedHandler(accessDeniedHandler).and().headers().addHeaderWriter(new StaticHeadersWriter("X-Content-Security-Policy", "default-src 'self'")).addHeaderWriter(new StaticHeadersWriter("Feature-Policy", "none")).addHeaderWriter(new StaticHeadersWriter("Referrer-Policy", "same-origin")).and().sessionManagement().invalidSessionUrl("/401");
}

18 Source : ShSecurityConfigDevelopment.java
with GNU General Public License v3.0
from ShioCMS

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.headers().frameOptions().disable().cacheControl().disable();
    http.csrf().disable();
    http.cors().disable();
}

18 Source : ResourceServerConfiguration.java
with Apache License 2.0
from RansongZ

@Override
public void configure(HttpSecurity http) throws Exception {
    // 放行路径在这写
    http.csrf().disable().exceptionHandling().authenticationEntryPoint(this.securityAuthenticationEntryPoint).accessDeniedHandler(myAccessDeniedHandler).and().authorizeRequests().antMatchers("/swagger-resources/**", "/v2/**", "/swagger/**", "/swagger**", "/webjars/**", "/backstage/**").permitAll().anyRequest().authenticated().and().httpBasic().disable();
    // ifream的跨域设置
    http.headers().frameOptions().sameOrigin();
}

18 Source : ResourceServerConfiguration.java
with Apache License 2.0
from RansongZ

@Override
public void configure(HttpSecurity http) throws Exception {
    // // 放行路径在这写
    http.csrf().disable().exceptionHandling().authenticationEntryPoint(this.securityAuthenticationEntryPoint).accessDeniedHandler(myAccessDeniedHandler).and().authorizeRequests().antMatchers("/swagger-resources/**", "/v2/**", "/swagger/**", "/swagger**", "/webjars/**", "/test/**", "/api/**", "/front/instant/**", "/home/**", "/system/**", // 开发测试
    "/strict/**").permitAll().anyRequest().authenticated().and().httpBasic().disable();
    // ifream的跨域设置
    http.headers().frameOptions().sameOrigin();
}

18 Source : SecurityConfig.java
with Apache License 2.0
from rancho00

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers(// 允许对于网站静态资源的无授权访问
    HttpMethod.GET, "/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js", "/swagger-resources/**", "/v2/api-docs/**", "/webSocket/**").permitAll().antMatchers("/admin/login").permitAll().antMatchers("/druid/**").permitAll().antMatchers("/actuator/**").permitAll().antMatchers("/log/**").permitAll().antMatchers(HttpMethod.OPTIONS).permitAll().anyRequest().authenticated();
    // 禁用缓存
    httpSecurity.headers().cacheControl();
    // 允许iframe
    httpSecurity.headers().frameOptions().disable();
    httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced);
// 添加自定义未授权和未登录结果返回
// httpSecurity.exceptionHandling()
// .accessDeniedHandler(restfulAccessDeniedHandler)
// .authenticationEntryPoint(restAuthenticationEntryPoint);
}

18 Source : SamlConfig.java
with GNU General Public License v3.0
from ran-jit

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.exceptionHandling().authenticationEntryPoint(samlEntryPoint());
    httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
    httpSecurity.csrf().disable();
    httpSecurity.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.clreplaced).addFilterAfter(samlFilter(), BasicAuthenticationFilter.clreplaced);
    httpSecurity.authorizeRequests().antMatchers(this.loginProcessingUrl).permitAll().antMatchers(this.logoutProcessingUrl).permitAll().antMatchers(this.metadataProcessingUrl).permitAll().antMatchers(this.loginFilterProcessingUrl).permitAll().antMatchers(this.logoutFilterProcessingUrl).permitAll().antMatchers("/error").permitAll().anyRequest().authenticated();
    httpSecurity.logout().deleteCookies(UrlConstants.COOKIE_JSESSIONID).invalidateHttpSession(true).logoutSuccessUrl("/");
}

18 Source : SecurityConfig.java
with MIT License
from ralscha

@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http.csrf().disable().cors().and().formLogin().successHandler((request, response, authentication) -> response.setStatus(HttpServletResponse.SC_OK)).failureHandler((request, response, exception) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED)).permitAll().and().logout().logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).deleteCookies("JSESSIONID").and().authorizeRequests().anyRequest().authenticated().and().exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
// @formatter:on
}

18 Source : ActuatorSecurity.java
with Mozilla Public License 2.0
from RadarCOVID

// ----------------------------------------------------------------------------------------------------------------------------------
// endregion
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.requestMatcher(org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.toAnyEndpoint()).authorizeRequests().requestMatchers(org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.to(HealthEndpoint.clreplaced)).permitAll().requestMatchers(org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.to(InfoEndpoint.clreplaced)).permitAll().requestMatchers(org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.to(LoggersEndpoint.clreplaced)).hasRole(PROMETHEUS_ROLE).requestMatchers(org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.to(PrometheusScrapeEndpoint.clreplaced)).hasRole(PROMETHEUS_ROLE).anyRequest().denyAll().and().httpBasic();
    http.csrf().ignoringAntMatchers("/actuator/loggers/**");
}

18 Source : SecurityConfig.java
with MIT License
from PacktPublishing

/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // http
    // .cors().and().csrf().disable()
    // .authorizeRequests()
    // .anyRequest().authenticated().and().httpBasic();
    // Matching
    http.httpBasic().and().authorizeRequests().antMatchers("/").permitAll().antMatchers("/signup/*").permitAll().antMatchers("/errors/**").permitAll().antMatchers("/events/").hasRole("ADMIN").antMatchers("/**").hasRole("USER");
    // CSRF is enabled by default, with Java Config
    http.csrf().disable();
    http.cors();
}

18 Source : AppSecurityModelC.java
with MIT License
from PacktPublishing

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.anonymous().authorities("ROLE_ANONYMOUS").and().authorizeRequests().antMatchers("/login**", "/after**").permitAll().antMatchers("/deptanon.html").anonymous().anyRequest().authenticated().and().formLogin().loginPage("/login.html").defaultSuccessUrl("/deptform.html").failureHandler(customFailureHandler).successHandler(customSuccessHandler).and().addFilterBefore(appAnonAuthFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced).addFilter(appAuthenticationFilter(authenticationManager())).logout().logoutUrl("/logout.html").logoutSuccessHandler(customLogoutHandler).and().exceptionHandling().authenticationEntryPoint(setAuthPoint());
    http.csrf().disable();
}

18 Source : OAuth2SecurityConfiguration.java
with Apache License 2.0
from OpenAPITools

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().anonymous().disable().authorizeRequests().antMatchers("/oauth/token").permitAll();
}

18 Source : OpenApiSecurityConfigurer.java
with Apache License 2.0
from melthaw

private void configLogin(HttpSecurity http) throws Exception {
    http.csrf().disable().formLogin().loginPage("/login").permitAll().successHandler(authenticationSuccessHandlerImpl()).failureHandler(authenticationFailureHandlerImpl()).loginProcessingUrl("/login").usernameParameter("username").preplacedwordParameter("preplacedword").and().logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandlerImpl()).invalidateHttpSession(true).deleteCookies("JSESSIONID").permitAll().and().rememberMe().key("SSB#EF871D0AC3C5A2B7DAF6B4DC1E9D119E");
}

18 Source : Security.java
with Apache License 2.0
from learningtcc

protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests().anyRequest().authenticated().and().httpBasic();
}

18 Source : SecurityConfig.java
with MIT License
from jonathanlermitage

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf(AbstractHttpConfigurer::disable).cors(withDefaults()).sessionManagement(httpSecurity -> httpSecurity.sessionCreationPolicy(STATELESS)).exceptionHandling(httpSecurity -> httpSecurity.authenticationEntryPoint(jwtAuthenticationEntryPointConfig)).addFilterBefore(jwtAuthenticationFilterConfig, UsernamePreplacedwordAuthenticationFilter.clreplaced).authorizeRequests(a -> a.antMatchers(API_SYS + "/**").hasRole(ADMIN).antMatchers(API_USER_ADMIN + "/**").hasRole(ADMIN).antMatchers(POST, API_USER).permitAll().antMatchers(POST, API_USER + "/auth/authorize").permitAll().antMatchers(POST, API_USER + "/auth/**").authenticated().antMatchers(API_USER + "/**").hasRole(PLAYER).antMatchers(API_BASE + "/**").authenticated().antMatchers("/actuator/health", "/actuator/prometheus").permitAll().antMatchers("/actuator").hasRole(ACTUATOR).antMatchers("/actuator/**").hasRole(ACTUATOR).antMatchers("/swagger-resources", "/swagger-resources/configuration/ui", "/swagger-resources/configuration/security", "/swagger-ui.html", "/swagger-ui/", "/swagger-ui/**", "/webjars/**", "/v2/api-docs").permitAll().anyRequest().denyAll());
}

18 Source : SecurityConfig.java
with MIT License
from jobmission

@Override
public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.logout().logoutUrl("/logout").logoutSuccessUrl("/").and().authorizeRequests().mvcMatchers("/", "/login/**", "/replacedets/**").permitAll().anyRequest().authenticated().and().oauth2Login().successHandler(customAuthenticationSuccessHandler).userInfoEndpoint().userService(oauth2UserService());
}

18 Source : WebSecurityConfig.java
with GNU General Public License v3.0
from gxing19

/**
 * 自定义请求授权
 *
 * @param httpSecurity
 * @throws Exception
 */
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    // 关闭CSRF防护
    httpSecurity.csrf().disable().cors().configurationSource(// 添加跨域配置
    corsConfig()).and().authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll().antMatchers("/admin/**", "/userInfo").hasAuthority(// 是否授权
    "ADMIN").antMatchers("/user/**").hasAnyAuthority("ADMIN", "USER").antMatchers("/", "/login").permitAll().requestMatchers(CorsUtils::isPreFlightRequest).permitAll().anyRequest().authenticated().and().formLogin().loginPage(// 自定义登录
    "/login").defaultSuccessUrl(// 登录成功后跳转url
    "/index").failureUrl(// 登录失败跳转url(无法跳转到/error路径,提示无映射,实际有映射,换其它路径正常)
    "/error").permitAll().and().rememberMe().tokenValiditySeconds(// Cookie有效期
    604800).key(// Cookie中的私钥
    "myKey").and().logout().logoutUrl(// 注销用户url
    "/logout").logoutSuccessUrl(// 注解成功后跳转url
    "/login").permitAll().and().httpBasic();
}

18 Source : WebSecurityConfig.java
with MIT License
from FAForever

@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http.csrf().requireCsrfProtectionMatcher(new RequestMatcher() {

        private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");

        private RequestMatcher matcher = new OrRequestMatcher(new AntPathRequestMatcher("/oauth/authorize"), new AntPathRequestMatcher("/login"));

        @Override
        public boolean matches(HttpServletRequest request) {
            return matcher.matches(request) && !allowedMethods.matcher(request.getMethod()).matches();
        }
    }).and().headers().cacheControl().disable().and().formLogin().loginPage("/login").permitAll().failureHandler(authenticationFailureHandler()).and().authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll().antMatchers("/swagger-ui").permitAll().antMatchers("/swagger-resources/**").permitAll().antMatchers("/v2/api-docs/**").permitAll().antMatchers("/").permitAll().antMatchers("/css/*").permitAll().antMatchers("/favicon.ico").permitAll().antMatchers("/robots.txt").permitAll();
// @formatter:on
}

18 Source : SAMLSecurityConfiguration.java
with MIT License
from epam

/**
 * Defines the web based security configuration.
 *
 * @param   http It allows configuring web based security for specific http requests.
 * @throws  Exception
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.requestMatcher(getFullRequestMatcher());
    http.headers().httpStrictTransportSecurity().disable();
    http.httpBasic().authenticationEntryPoint(samlEntryPoint());
    http.csrf().disable();
    http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.clreplaced).addFilterAfter(samlFilter(), BasicAuthenticationFilter.clreplaced);
    http.authorizeRequests().antMatchers(getUnsecuredResources()).permitAll().antMatchers(getSecuredResourcesRoot()).authenticated();
    http.logout().logoutSuccessUrl("/");
}

18 Source : JWTSecurityConfiguration.java
with MIT License
from epam

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().exceptionHandling().authenticationEntryPoint(new RestAuthenticationEntryPoint()).and().requestMatcher(getFullRequestMatcher()).authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll().antMatchers(getUnsecuredResources()).permitAll().antMatchers(getSecuredResources()).authenticated().and().headers().httpStrictTransportSecurity().disable().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and().addFilterBefore(getJwtAuthenticationFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced);
}

18 Source : HttpSecurityConfigurer.java
with Apache License 2.0
from epam

public static HttpSecurity configureCsrf(HttpSecurity http) throws Exception {
    return http.csrf().disable();
}

18 Source : SecurityConfiguration.java
with Apache License 2.0
from epam

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.requestMatcher(getFullRequestMatcher());
    http.httpBasic().authenticationEntryPoint(samlEntryPoint());
    http.csrf().disable();
    http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.clreplaced).addFilterAfter(samlFilter(), BasicAuthenticationFilter.clreplaced);
    http.authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll().antMatchers(SECURED_RESOURCES_ROOT).authenticated().antMatchers("/saml/web/**").permitAll();
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
    http.logout().logoutSuccessUrl("/");
}

18 Source : SAMLSecurityConfiguration.java
with Apache License 2.0
from epam

/**
 * Defines the web based security configuration.
 *
 * @param   http It allows configuring web based security for specific http requests.
 * @throws  Exception
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.requestMatcher(getFullRequestMatcher());
    http.httpBasic().authenticationEntryPoint(samlEntryPoint());
    http.csrf().disable();
    http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.clreplaced).addFilterAfter(samlFilter(), BasicAuthenticationFilter.clreplaced);
    http.authorizeRequests().antMatchers(getUnsecuredResources()).permitAll().antMatchers(getAnonymousResources()).hasAnyAuthority(DefaultRoles.ROLE_ADMIN.getName(), DefaultRoles.ROLE_USER.getName(), DefaultRoles.ROLE_ANONYMOUS_USER.getName()).antMatchers(getSecuredResourcesRoot()).hasAnyAuthority(DefaultRoles.ROLE_ADMIN.getName(), DefaultRoles.ROLE_USER.getName());
    http.logout().logoutSuccessUrl("/");
}

18 Source : ProxySecurityConfig.java
with Apache License 2.0
from epam

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().exceptionHandling().authenticationEntryPoint(new RestAuthenticationEntryPoint()).and().requestMatcher(new AntPathRequestMatcher(RESTAPI_PROXY)).authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll().antMatchers(RESTAPI_PROXY).hasAnyAuthority(DefaultRoles.ROLE_ADMIN.getName(), DefaultRoles.ROLE_USER.getName()).anyRequest().permitAll().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and().addFilterBefore(getSAMLProxyFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced);
}

18 Source : PrimaveraSecurityConfig.java
with Apache License 2.0
from csj4032

@Override
protected void configure(final HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests().antMatchers("/login/*").permitAll().anyRequest().authenticated().and().addFilterAfter(new PrimaveraFilter(), UsernamePreplacedwordAuthenticationFilter.clreplaced).formLogin().usernameParameter("email").preplacedwordParameter("preplacedword").loginPage("/login").loginProcessingUrl("/signin").successHandler(successHandler).defaultSuccessUrl("/index", true).failureHandler(failureHandler).failureUrl("/login?error=true").and().logout().logoutUrl("/signout").deleteCookies("JSESSIONID");
}

18 Source : SecurityConfig.java
with MIT License
from celestial-winter

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().sessionManagement().maximumSessions(1).and().sessionCreationPolicy(SessionCreationPolicy.NEVER);
}

18 Source : WebSecurityConfig.java
with MIT License
from ccfish86

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.csrf().disable().userDetailsService(userDetailsService).authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll().antMatchers("/login").permitAll().antMatchers("/error").permitAll().antMatchers("/pub/**").permitAll().antMatchers("/v2/api-docs").permitAll().antMatchers("/*.html").permitAll().antMatchers("/**/*.html").permitAll().antMatchers("/swagger-resources").permitAll().antMatchers("/swagger-resources/**").permitAll().antMatchers("/", "/admin/").permitAll().antMatchers("/admin/**", "/**/favicon.ico", "/webjars/**").permitAll().antMatchers("/**").authenticated().and().formLogin().usernameParameter("username").preplacedwordParameter("preplacedword").successHandler(authenticationSuccessHandler()).failureHandler(authenticationFailureHandler()).permitAll().and().oauth2Login().successHandler(oauth2SuccessHandler()).and().rememberMe().tokenValiditySeconds(840000).tokenRepository(tokenRepository()).and().logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler).and().headers().cacheControl();
    // httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePreplacedwordAuthenticationFilter.clreplaced);
    // authenticationEntryPoint(entryPointUnauthorizedHandler)
    RequestMatcher preferredMatcher = new AntPathRequestMatcher("/api/**");
    RequestMatcher allMatcher = new AntPathRequestMatcher("/**");
    httpSecurity.exceptionHandling().defaultAuthenticationEntryPointFor(entryPointUnauthorizedHandler, preferredMatcher).defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), allMatcher).accessDeniedHandler(restAccessDeniedHandler);
}

18 Source : WebAppSecurityConfig.java
with Apache License 2.0
from camunda

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().ignoringAntMatchers("/api/**", "/engine-rest/**").and().requestMatchers().antMatchers("/**").and().authorizeRequests(authorizeRequests -> authorizeRequests.antMatchers("/app/**", "/api/**", "/lib/**").authenticated().anyRequest().permitAll()).oauth2Login().and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/app/**/logout")).logoutSuccessHandler(keycloakLogoutHandler);
}

18 Source : RestApiSecurityConfig.java
with Apache License 2.0
from camunda

/**
 * {@inheritDoc}
 */
@Override
public void configure(final HttpSecurity http) throws Exception {
    String jwkSetUri = applicationContext.getEnvironment().getRequiredProperty("spring.security.oauth2.client.provider." + configProps.getProvider() + ".jwk-set-uri");
    http.csrf().ignoringAntMatchers("/api/**", "/engine-rest/**").and().antMatcher("/engine-rest/**").authorizeRequests().anyRequest().authenticated().and().oauth2ResourceServer().jwt().jwkSetUri(jwkSetUri);
}

18 Source : ApiBootWebSecurityConfiguration.java
with Apache License 2.0
from beihu-stack

/**
 * 禁用http basic
 *
 * @param http http安全构建对象
 * @throws Exception 异常信息
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    if (disableHttpBasic()) {
        http.httpBasic().disable();
    }
    if (disableCsrf()) {
        http.csrf().disable();
    }
    // 异常处理器配置
    http.exceptionHandling().accessDeniedHandler(getAccessDeniedHandler());
    http.exceptionHandling().authenticationEntryPoint(getAuthenticationEntryPoint());
}

18 Source : AppConfig.java
with Apache License 2.0
from andresoviedo

@Override
protected void configure(HttpSecurity http) throws Exception {
    // TODO: reenable csrf
    // TODO: frame options
    http.csrf().disable().headers().frameOptions().disable().and().authorizeRequests().antMatchers("/h2-console/**").hasAnyRole("ADMIN").antMatchers("/admin/**").hasAnyRole("ADMIN").antMatchers("/terms").hasAnyRole("USER").antMatchers("/user/**").hasAnyRole("USER").antMatchers("/account/**").hasAnyRole("USER").antMatchers("/drive-login/**").hasAnyRole("USER").antMatchers("/drive-login-oauth2callback/**").hasAnyRole("USER").antMatchers("/google-drive/**").hasAnyRole("USER").and().formLogin().loginPage("/login").defaultSuccessUrl("/login").failureUrl("/?error=auth").and().logout().logoutSuccessUrl("/?logout");
    logger.info("Http security configured");
}

18 Source : WebSecurityConfig.java
with MIT License
from aiyoyoyo

private void _configure_dwr_(HttpSecurity _hs) throws Exception {
    String dwr_url = CommonConfig.getString("jees.webs.dwr.url", "/dwr");
    String csrf_url = CommonConfig.getString("jees.webs.csrf.url", "/csrf");
    _hs.csrf().ignoringAntMatchers(dwr_url + "/**");
    _hs.csrf().ignoringAntMatchers(csrf_url + "/**");
}

18 Source : WebSecurityConfigKeycloak.java
with Apache License 2.0
from adorsys

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http.csrf().disable().cors().disable().authorizeRequests().antMatchers(APP_WHITELIST).permitAll().and().authorizeRequests().antMatchers(INDEX_WHITELIST).permitAll().and().authorizeRequests().antMatchers(SWAGGER_WHITELIST).permitAll().and().authorizeRequests().antMatchers(CONSOLE_WHITELIST).permitAll().and().authorizeRequests().antMatchers(ACTUATOR_WHITELIST).permitAll().anyRequest().authenticated();
    http.addFilterBefore(new DisableEndpointFilter(environment), BasicAuthenticationFilter.clreplaced);
}

18 Source : WebSecurityConfig.java
with Apache License 2.0
from 514840279

@Override
protected void configure(HttpSecurity http) throws Exception {
    /**
     * JWT拦截器
     */
    // JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter();
    /**
     * 将JWT拦截器添加到UsernamePreplacedwordAuthenticationFilter之前
     */
    // http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePreplacedwordAuthenticationFilter.clreplaced);
    // 允许所有用户访问"/"和"/home"
    http.csrf().disable().authorizeRequests().antMatchers("/dist/*/**", "/plugins/*/**", "/pages/*/js/**", "/register.html", "/sysUserBase/save", "/login", "/*/**.md", "/*.pdf").permitAll().anyRequest().authenticated().and().formLogin().loginProcessingUrl("/login").defaultSuccessUrl("/index").loginPage("/login").failureUrl("/login?error").permitAll().and().logout().permitAll().clearAuthentication(true).and().cors().and().rememberMe().tokenRepository(// 设置tokenRepository
    tokenRepository()).alwaysRemember(true).tokenValiditySeconds(1209600);
}

17 Source : Oauth2ClientSeurityConfig.java
with Apache License 2.0
from zhoubiao188

@Override
protected void configure(HttpSecurity http) throws Exception {
    // 关闭csrf保护
    http.csrf().disable().antMatcher(// 使用以任意开头的url
    "/**").authorizeRequests().antMatchers("/", // 控制不同的url接受不同权限的用户访问
    "/login**").permitAll().anyRequest().authenticated();
}

17 Source : WebSecurityConfig.java
with MIT License
from Zealon159

@Override
protected void configure(HttpSecurity http) throws Exception {
    // 基础配置
    http.csrf().disable().cors().configurationSource(corsConfigurationSource()).and().addFilterBefore(jwtAuthenticationTokenFilter, UsernamePreplacedwordAuthenticationFilter.clreplaced).exceptionHandling().authenticationEntryPoint(authenticationEntryPointConfig).and().authorizeRequests().antMatchers("/register", "/auth/**", "/oauth2/**").permitAll().anyRequest().authenticated().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}

17 Source : ResourceServerConfig.java
with MIT License
from yuuki80code

@Override
public void configure(HttpSecurity http) throws Exception {
    // http.csrf().disable()
    // .requestMatchers().antMatchers("/**")
    // .and()
    // .authorizeRequests()
    // //                .antMatchers(anonUrls).permitAll()
    // .antMatchers("/**").authenticated()
    // .and().httpBasic();
    // 开发阶段先都放开
    http.csrf().disable().requestMatchers().antMatchers("/**").and().authorizeRequests().anyRequest().permitAll();
}

17 Source : ResourceServerConfig.java
with MIT License
from yuuki80code

@Override
public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().requestMatchers().antMatchers("/**").and().authorizeRequests().antMatchers(PermitAllUrl.permitAllUrl(annoUrls)).permitAll().antMatchers("/**").authenticated().and().httpBasic();
}

17 Source : ResourceSecurityConfig.java
with MIT License
from yupaits

@Override
public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().exceptionHandling().authenticationEntryPoint(((request, response, authException) -> {
        response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
        objectMapper.writeValue(response.getWriter(), Result.fail(ResultCode.UNAUTHORIZED));
    })).accessDeniedHandler(((request, response, accessDeniedException) -> {
        response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
        objectMapper.writeValue(response.getWriter(), Result.fail(ResultCode.FORBIDDEN));
    })).and().authorizeRequests().antMatchers("/doc.html", "/v2/api-docs", "/swagger-resources/**", "/webjars/**").permitAll().anyRequest().authenticated().and().httpBasic();
}

17 Source : WebSecurityConfig.java
with MIT License
from yupaits

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated().and().logout().logoutSuccessUrl("http://localhost:11010/auth/oauth/logout").permitAll();
}

17 Source : ResourceSecurityConfig.java
with MIT License
from yupaits

@Override
public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().exceptionHandling().authenticationEntryPoint(((request, response, authException) -> {
        response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
        objectMapper.writeValue(response.getWriter(), Result.fail(ResultCode.UNAUTHORIZED));
    })).accessDeniedHandler(((request, response, accessDeniedException) -> {
        response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
        objectMapper.writeValue(response.getWriter(), Result.fail(ResultCode.FORBIDDEN));
    })).and().authorizeRequests().antMatchers("/doc.html", "/v2/api-docs", "/swagger-resources/**", "/webjars/**", "/oauth/logout").permitAll().anyRequest().authenticated().and().httpBasic();
}

17 Source : ResourceServerConfig.java
with Apache License 2.0
from yihonglei

@Override
public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().antMatcher("/**").exceptionHandling().authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED)).and().authorizeRequests().anyRequest().authenticated().and().httpBasic();
}

17 Source : ResourceServerConfig.java
with Apache License 2.0
from yihonglei

@Override
public void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().exceptionHandling().authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED)).and().authorizeRequests().anyRequest().authenticated().and().httpBasic();
}

See More Examples