@Override
protected void configure(HttpSecurity http) throws Exception {
HttpSessionCsrfTokenRepository csrfTokenRepository = new HttpSessionCsrfTokenRepository();
csrfTokenRepository.setHeaderName(CSRF_HEADER_NAME);
http.csrf().csrfTokenRepository(csrfTokenRepository);
http.authorizeRequests()
.antMatchers("/assets/**", "/webjars/**", "/login/**", "/api-docs/**")
.permitAll()
.antMatchers("/jsondoc/**", "/jsondoc-ui.html")
.permitAll()
.anyRequest()
.fullyAuthenticated();
http.formLogin().loginProcessingUrl("/login").loginPage("/login").failureUrl("/login?error");
http.httpBasic();
http.logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout");
http.headers()
.defaultsDisabled()
.contentTypeOptions()
.and()
.xssProtection()
.and()
.httpStrictTransportSecurity()
.and()
.addHeaderWriter(
new StaticHeadersWriter(
"Access-Control-Allow-Origin", "http://petstore.swagger.wordnik.com"))
.addHeaderWriter(new CsrfTokenCookieWriter(csrfTokenRepository, CSRF_COOKIE_NAME));
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**", "/**")
.permitAll()
.antMatchers("/", "/login", "/registration")
.permitAll()
.antMatchers("/company.*")
.hasRole(Role.ROLE_COMPANY_MANAGER.name())
.antMatchers("/unit.*")
.hasRole(Role.ROLE_COMPANY_MANAGER.name())
.antMatchers("/employee.*")
.hasAnyRole(Role.ROLE_COMPANY_MANAGER.name(), Role.ROLE_UNIT_MANAGER.name())
.antMatchers("/admin/*")
.hasRole(Role.ROLE_ADMIN.name());
http.formLogin()
.loginPage("/")
.loginProcessingUrl("/j_spring_security_check")
.failureUrl("/badlogin")
.usernameParameter("j_username")
.passwordParameter("j_password")
.permitAll();
http.logout()
.permitAll()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
// Logout
.logout()
.logoutUrl("/oauth/logout")
.logoutSuccessHandler(customLogoutSuccessHandler)
.and()
// Session management
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
// URI's to verify
.authorizeRequests()
.antMatchers("/oauth/logout")
.permitAll()
.antMatchers("/")
.permitAll()
.antMatchers("/**")
.authenticated()
// .antMatchers("/usuarios/**").hasRole("ADMIN")
.and()
.csrf()
.disable();
}
/**
* Defines the web based security configuration.
*
* @param http It allows configuring web based security for specific http requests.
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().authenticationEntryPoint(samlEntryPoint());
http.csrf().disable();
http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
http.authorizeRequests()
.antMatchers("/")
.permitAll()
.antMatchers("/error")
.permitAll()
.antMatchers("/saml/**")
.permitAll()
.anyRequest()
.authenticated();
http.logout().logoutSuccessUrl("/");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(
"/",
"/403",
"/404",
"/500",
"/generatedResources/**",
"/resources/**",
"/signup/**",
"/signin/**",
"/forgotMyPassword/**",
"/themes/**")
.permitAll();
http.authorizeRequests().regexMatchers("/user/.*/.*").permitAll();
http.authorizeRequests()
.antMatchers("/challenges/**", "/user")
.hasAnyRole("USER")
.antMatchers("/manage/**")
.hasRole("ADMIN")
.anyRequest()
.authenticated();
http.formLogin().loginPage("/signin").failureUrl("/signin?error").permitAll();
http.logout()
.logoutUrl("/signout")
.logoutSuccessUrl("/signin?signout")
.deleteCookies("JSESSIONID")
.permitAll();
http.rememberMe()
.tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(DateUtils.ONE_WEEK);
http.apply(new SpringSocialConfigurer().signupUrl("/signup/social"));
http.csrf().disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
// .antMatchers("/resources/**", "/**").permitAll()
.antMatchers("/homePage", "/registrationPage")
.permitAll()
.anyRequest()
.permitAll()
.and();
http.formLogin()
// указываем страницу с формой логина
.loginPage("/login")
// указываем action с формы логина
.loginProcessingUrl("/j_spring_security_check")
.defaultSuccessUrl("/admin")
// указываем URL при неудачном логине
.failureUrl("/login?error")
// Указываем параметры логина и пароля с формы логина
.usernameParameter("j_username")
.passwordParameter("j_password")
// даем доступ к форме логина всем
.permitAll();
http.logout()
// разрешаем делать логаут всем
.permitAll()
// указываем URL логаута
.logoutUrl("/logout")
.logoutSuccessUrl("/registrationPage")
// указываем URL при удачном логауте
.logoutSuccessUrl("/login?logout")
// делаем не валидной текущую сессию
.invalidateHttpSession(true);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin().loginPage("/login").permitAll();
http.logout().logoutSuccessUrl("/?logout").permitAll();
http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated();
}