Esempio n. 1
0
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .antMatchers("/resources/**", "/webjars/**", "/login/**", "/logout/**")
        .permitAll()
        .anyRequest()
        .authenticated()
        .and()
        .formLogin()
        .loginPage("/login")
        .permitAll()
        .and()
        .logout()
        .logoutSuccessUrl("/login")
        .logoutUrl("/logout")
        .permitAll();
    http.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
    // For testing purpose only, turn off csrf to allow http request without
    // protection
    //		 http.csrf().disable();

  }
Esempio n. 2
0
  @Override
  protected void configure(HttpSecurity http) throws Exception {

    CsrfTokenResponseHeaderBindingFilter csrfTokenFilter =
        new CsrfTokenResponseHeaderBindingFilter();
    http.addFilterAfter(csrfTokenFilter, CsrfFilter.class);

    http.csrf()
        .disable()
        .authorizeRequests()
        .antMatchers("/mealimages/xs/**")
        .permitAll()
        .antMatchers("/mealimages/lg/**")
        .permitAll()
        .antMatchers("/resources/public/**")
        .permitAll()
        .antMatchers("/resources/img/**")
        .permitAll()
        .antMatchers("/resources/pic/xs/**")
        .permitAll()
        .antMatchers("/resources/css/**")
        .permitAll()
        .antMatchers("/resources/pic/lg/**")
        .permitAll()
        .antMatchers("/resources/bower_components/**")
        .permitAll()
        //            .antMatchers(HttpMethod.POST, "/user").permitAll()
        //            .antMatchers(HttpMethod.GET, "/user").permitAll()
        //            .antMatchers(HttpMethod.POST, "/meal").permitAll()
        //            .antMatchers(HttpMethod.GET, "/meal").permitAll()
        .antMatchers(HttpMethod.POST, "/api/user")
        .permitAll()
        .antMatchers(HttpMethod.GET, "/api/user")
        .permitAll()
        .antMatchers(HttpMethod.POST, "/api/newmeal")
        .permitAll()
        .antMatchers(HttpMethod.POST, "/api/uploadmeal")
        .permitAll()
        .antMatchers(HttpMethod.GET, "/api/meal")
        .permitAll()
        .antMatchers(HttpMethod.GET, "/api/mymeals")
        .permitAll()
        .anyRequest()
        .authenticated()
        .and()
        .formLogin()
        .defaultSuccessUrl("/resources/meal-rank-app.html")
        .loginProcessingUrl("/authenticate")
        .usernameParameter("username")
        .passwordParameter("password")
        .successHandler(
            new AjaxAuthenticationSuccessHandler(
                new SavedRequestAwareAuthenticationSuccessHandler()))
        .loginPage("/resources/public/login.html")
        .and()
        .httpBasic()
        .and()
        .logout()
        .logoutUrl("/logout")
        .logoutSuccessUrl("/resources/public/login.html")
        .permitAll();

    if ("true".equals(System.getProperty("httpsOnly"))) {
      LOGGER.info("launching the application in HTTPS-only mode");
      http.requiresChannel().anyRequest().requiresSecure();
    }
  }