@Override
protected void configure(HttpSecurity http) throws Exception {
HttpSessionCsrfTokenRepository csrfTokenRepository = new HttpSessionCsrfTokenRepository();
csrfTokenRepository.setHeaderName(CSRF_HEADER_NAME);
http.csrf().csrfTokenRepository(csrfTokenRepository);
http.authorizeRequests()
.antMatchers("/assets/**", "/webjars/**", "/login/**", "/api-docs/**")
.permitAll()
.antMatchers("/jsondoc/**", "/jsondoc-ui.html")
.permitAll()
.anyRequest()
.fullyAuthenticated();
http.formLogin().loginProcessingUrl("/login").loginPage("/login").failureUrl("/login?error");
http.httpBasic();
http.logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout");
http.headers()
.defaultsDisabled()
.contentTypeOptions()
.and()
.xssProtection()
.and()
.httpStrictTransportSecurity()
.and()
.addHeaderWriter(
new StaticHeadersWriter(
"Access-Control-Allow-Origin", "http://petstore.swagger.wordnik.com"))
.addHeaderWriter(new CsrfTokenCookieWriter(csrfTokenRepository, CSRF_COOKIE_NAME));
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**", "/**")
.permitAll()
.antMatchers("/", "/login", "/registration")
.permitAll()
.antMatchers("/company.*")
.hasRole(Role.ROLE_COMPANY_MANAGER.name())
.antMatchers("/unit.*")
.hasRole(Role.ROLE_COMPANY_MANAGER.name())
.antMatchers("/employee.*")
.hasAnyRole(Role.ROLE_COMPANY_MANAGER.name(), Role.ROLE_UNIT_MANAGER.name())
.antMatchers("/admin/*")
.hasRole(Role.ROLE_ADMIN.name());
http.formLogin()
.loginPage("/")
.loginProcessingUrl("/j_spring_security_check")
.failureUrl("/badlogin")
.usernameParameter("j_username")
.passwordParameter("j_password")
.permitAll();
http.logout()
.permitAll()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// .httpBasic()
// .and()
.formLogin()
.loginPage("/login")
.successHandler(successHandler)
// .usernameParameter("username")
// .passwordParameter("password")
.and()
.authorizeRequests()
.antMatchers("/")
.permitAll()
.antMatchers("/resources/**")
.permitAll()
.antMatchers("/admin/**")
.hasRole("ADMIN")
.antMatchers("/author/**")
.hasRole("AUTHOR")
.antMatchers("/login")
.hasRole("ANONYMOUS")
.and()
.csrf()
.disable();
http.exceptionHandling().accessDeniedPage("/403");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().authenticationEntryPoint(http401UnauthorizedEntryPoint);
http.formLogin()
.loginProcessingUrl("/authentication")
.successHandler(ajaxAuthenticationSuccessHandler)
.failureHandler(ajaxAuthenticationFailureHandler)
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessHandler(ajaxLogoutSuccessHandler)
.deleteCookies("JSESSIONID")
.permitAll()
.and()
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.authorizeRequests();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// ログイン認証の対象外を設定
http.authorizeRequests()
.antMatchers(
"/",
"/no_auth/**",
"/csjs/**",
"/css/**",
"/images/**",
"/apidocs/**",
"/download/**")
.permitAll()
.anyRequest()
.authenticated();
// ログイン認証の設定
http.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/login_auth", true)
.permitAll()
.and()
.logout()
.permitAll();
// javadocのiframe向けにX-Frame-Optionsヘッダーを無効化
http.headers().frameOptions().disable();
}
// J-
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/signin")
.failureUrl("/signin?error=bad_credentials")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/signin?logout=true")
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/**")
.authenticated()
.and()
.rememberMe()
.and()
.apply(new SpringSocialConfigurer())
.and()
.csrf()
.disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(
"/",
"/403",
"/404",
"/500",
"/generatedResources/**",
"/resources/**",
"/signup/**",
"/signin/**",
"/forgotMyPassword/**",
"/themes/**")
.permitAll();
http.authorizeRequests().regexMatchers("/user/.*/.*").permitAll();
http.authorizeRequests()
.antMatchers("/challenges/**", "/user")
.hasAnyRole("USER")
.antMatchers("/manage/**")
.hasRole("ADMIN")
.anyRequest()
.authenticated();
http.formLogin().loginPage("/signin").failureUrl("/signin?error").permitAll();
http.logout()
.logoutUrl("/signout")
.logoutSuccessUrl("/signin?signout")
.deleteCookies("JSESSIONID")
.permitAll();
http.rememberMe()
.tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(DateUtils.ONE_WEEK);
http.apply(new SpringSocialConfigurer().signupUrl("/signup/social"));
http.csrf().disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception { // http.formLogin() security
http.formLogin()
.loginPage("/api/login")
.defaultSuccessUrl("/api/login/success")
.permitAll()
.and()
.logout()
.logoutUrl("/api/logout")
.logoutSuccessUrl("/api/logout/success")
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/", "/index.html", "/assets/**/*", "/scripts/*.js", "/styles/*.css")
.permitAll()
.anyRequest()
.authenticated()
.and()
.csrf()
.csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
// .antMatchers("/resources/**", "/**").permitAll()
.antMatchers("/homePage", "/registrationPage")
.permitAll()
.anyRequest()
.permitAll()
.and();
http.formLogin()
// указываем страницу с формой логина
.loginPage("/login")
// указываем action с формы логина
.loginProcessingUrl("/j_spring_security_check")
.defaultSuccessUrl("/admin")
// указываем URL при неудачном логине
.failureUrl("/login?error")
// Указываем параметры логина и пароля с формы логина
.usernameParameter("j_username")
.passwordParameter("j_password")
// даем доступ к форме логина всем
.permitAll();
http.logout()
// разрешаем делать логаут всем
.permitAll()
// указываем URL логаута
.logoutUrl("/logout")
.logoutSuccessUrl("/registrationPage")
// указываем URL при удачном логауте
.logoutSuccessUrl("/login?logout")
// делаем не валидной текущую сессию
.invalidateHttpSession(true);
}
/**
* Override this method to configure the {@link
* org.springframework.security.config.annotation.web.builders.HttpSecurity}. Typically subclasses
* should not invoke this method by calling super as it may override their configuration. The
* default configuration is:
*
* <p>
*
* <pre>
* http
* .authorizeRequests()
* .anyRequest().authenticated().and()
* .formLogin().and()
* .httpBasic();
* </pre>
*
* @param http the {@link
* org.springframework.security.config.annotation.web.builders.HttpSecurity} to modify
* @throws Exception if an error occurs
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/login")
.permitAll()
.successHandler(new AuthorityBasedAuthSuccessHandler(domainService))
.and()
.logout()
.permitAll()
.and()
.authorizeRequests()
// Before having that, a request like /login?lang=uk_UA was redirected to /login and no l10n
// occurred
.antMatchers("/login*")
.permitAll()
.antMatchers("/resources/**")
.permitAll()
.antMatchers("/admin/**")
.hasAuthority(ADMIN_AUTHORITY_NAME)
.antMatchers("/domain-selection")
.hasAuthority(SPENDER_AUTHORITY_NAME)
.anyRequest()
.authenticated();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().loginPage("/login").permitAll();
http.logout().logoutSuccessUrl("/?logout").permitAll();
http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.formLogin();
}