Example #1
0
 @Override
 protected void configure(HttpSecurity http) throws Exception {
   http.headers()
       .addHeaderWriter(new StaticHeadersWriter("Server", "Spontaneous Running Backend"));
   http.requestMatchers().antMatchers("/spontaneous/**");
   http.csrf().disable();
 }
Example #2
0
 @Override
 protected void configure(HttpSecurity http) throws Exception {
   if (this.security.isRequireSsl()) {
     http.requiresChannel().anyRequest().requiresSecure();
   }
   if (!this.security.isEnableCsrf()) {
     http.csrf().disable();
   }
   // No cookies for application endpoints by default
   http.sessionManagement().sessionCreationPolicy(this.security.getSessions());
   SpringBootWebSecurityConfiguration.configureHeaders(
       http.headers(), this.security.getHeaders());
   String[] paths = getSecureApplicationPaths();
   if (paths.length > 0) {
     AuthenticationEntryPoint entryPoint = entryPoint();
     http.exceptionHandling().authenticationEntryPoint(entryPoint);
     http.httpBasic().authenticationEntryPoint(entryPoint);
     http.requestMatchers().antMatchers(paths);
     String[] roles = this.security.getUser().getRole().toArray(new String[0]);
     SecurityAuthorizeMode mode = this.security.getBasic().getAuthorizeMode();
     if (mode == null || mode == SecurityAuthorizeMode.ROLE) {
       http.authorizeRequests().anyRequest().hasAnyRole(roles);
     } else if (mode == SecurityAuthorizeMode.AUTHENTICATED) {
       http.authorizeRequests().anyRequest().authenticated();
     }
   }
 }
Example #3
0
 @Override
 public void configure(HttpSecurity http) throws Exception {
   http.requestMatchers()
       .antMatchers("/foobar")
       .and()
       .authorizeRequests()
       .anyRequest()
       .access("#oauth2.hasScope('foobar_scope')");
 }
Example #4
0
 @Override
 public void configure(HttpSecurity http) throws Exception {
   // without this block the unit tests fails, why??
   // @formatter:off
   http.requestMatchers()
       .antMatchers("/**")
       .and()
       .authorizeRequests()
       .anyRequest()
       .authenticated();
   // @formatter:on
 }
Example #5
0
  @Override
  public void configure(HttpSecurity http) throws Exception {

    http.requestMatchers()
        .antMatchers("/oauth2/v1/poll/**")
        .and()
        .authorizeRequests()
        .antMatchers("/oauth2/v1/poll/**")
        .authenticated();
    // .access("#oauth2.hasScope('read') or (!#oauth2.isOAuth() and hasRole('ROLE_USER'))");

  }
Example #6
0
 @Override
 protected void configure(HttpSecurity http) throws Exception {
   ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer();
   ResourceServerTokenServices services = resolveTokenServices();
   if (services != null) {
     resources.tokenServices(services);
   } else {
     if (tokenStore != null) {
       resources.tokenStore(tokenStore);
     } else if (endpoints != null) {
       resources.tokenStore(endpoints.getEndpointsConfigurer().getTokenStore());
     }
   }
   if (eventPublisher != null) {
     resources.eventPublisher(eventPublisher);
   }
   for (ResourceServerConfigurer configurer : configurers) {
     configurer.configure(resources);
   }
   // @formatter:off
   http
       // N.B. exceptionHandling is duplicated in resources.configure() so that
       // it works
       .exceptionHandling()
       .accessDeniedHandler(resources.getAccessDeniedHandler())
       .and()
       .sessionManagement()
       .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
       .and()
       .csrf()
       .disable();
   // @formatter:on
   http.apply(resources);
   RequestMatcherConfigurer requests = http.requestMatchers();
   if (endpoints != null) {
     // Assume we are in an Authorization Server
     requests.requestMatchers(
         new NotOAuthRequestMatcher(endpoints.oauth2EndpointHandlerMapping()));
   }
   for (ResourceServerConfigurer configurer : configurers) {
     // Delegates can add authorizeRequests() here
     configurer.configure(http);
   }
   if (configurers.isEmpty()) {
     // Add anyRequest() last as a fall back. Spring Security would
     // replace an existing anyRequest() matcher
     // with this one, so to avoid that we only add it if the user hasn't
     // configured anything.
     http.authorizeRequests().anyRequest().authenticated();
   }
 }
Example #7
0
 /** Provide security so that endpoints are only served if the request is already authenticated. */
 @Override
 public void configure(HttpSecurity http) throws Exception {
   http.requestMatchers()
       .antMatchers("/**")
       .and()
       .authorizeRequests()
       .anyRequest()
       .authenticated();
   //                .antMatchers(HttpMethod.GET, "/**").access("#oauth2.hasScope('read')")
   //                .antMatchers(HttpMethod.OPTIONS, "/**").access("#oauth2.hasScope('read')")
   //                .antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
   //                .antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
   //                .antMatchers(HttpMethod.PATCH, "/**").access("#oauth2.hasScope('write')")
   //                .antMatchers(HttpMethod.DELETE, "/**").access("#oauth2.hasScope('write')");
 }
Example #8
0
  @Override
  protected void configure(HttpSecurity http) throws Exception {

    http.requestMatchers()
        .antMatchers(HttpMethod.OPTIONS, "/**", "/oauth/token", "/psh/token")
        .and()
        .csrf()
        .disable()
        .authorizeRequests()
        .anyRequest()
        .permitAll()
        .and()
        .formLogin()
        .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
  }