@Override protected void configure(HttpSecurity http) throws Exception { HttpSessionCsrfTokenRepository csrfTokenRepository = new HttpSessionCsrfTokenRepository(); csrfTokenRepository.setHeaderName(CSRF_HEADER_NAME); http.csrf().csrfTokenRepository(csrfTokenRepository); http.authorizeRequests() .antMatchers("/assets/**", "/webjars/**", "/login/**", "/api-docs/**") .permitAll() .antMatchers("/jsondoc/**", "/jsondoc-ui.html") .permitAll() .anyRequest() .fullyAuthenticated(); http.formLogin().loginProcessingUrl("/login").loginPage("/login").failureUrl("/login?error"); http.httpBasic(); http.logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout"); http.headers() .defaultsDisabled() .contentTypeOptions() .and() .xssProtection() .and() .httpStrictTransportSecurity() .and() .addHeaderWriter( new StaticHeadersWriter( "Access-Control-Allow-Origin", "http://petstore.swagger.wordnik.com")) .addHeaderWriter(new CsrfTokenCookieWriter(csrfTokenRepository, CSRF_COOKIE_NAME)); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/resources/**", "/**") .permitAll() .antMatchers("/", "/login", "/registration") .permitAll() .antMatchers("/company.*") .hasRole(Role.ROLE_COMPANY_MANAGER.name()) .antMatchers("/unit.*") .hasRole(Role.ROLE_COMPANY_MANAGER.name()) .antMatchers("/employee.*") .hasAnyRole(Role.ROLE_COMPANY_MANAGER.name(), Role.ROLE_UNIT_MANAGER.name()) .antMatchers("/admin/*") .hasRole(Role.ROLE_ADMIN.name()); http.formLogin() .loginPage("/") .loginProcessingUrl("/j_spring_security_check") .failureUrl("/badlogin") .usernameParameter("j_username") .passwordParameter("j_password") .permitAll(); http.logout() .permitAll() .logoutUrl("/logout") .logoutSuccessUrl("/") .invalidateHttpSession(true); }
@Override public void configure(HttpSecurity http) throws Exception { http // Logout .logout() .logoutUrl("/oauth/logout") .logoutSuccessHandler(customLogoutSuccessHandler) .and() // Session management .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() // URI's to verify .authorizeRequests() .antMatchers("/oauth/logout") .permitAll() .antMatchers("/") .permitAll() .antMatchers("/**") .authenticated() // .antMatchers("/usuarios/**").hasRole("ADMIN") .and() .csrf() .disable(); }
/** * Defines the web based security configuration. * * @param http It allows configuring web based security for specific http requests. * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().authenticationEntryPoint(samlEntryPoint()); http.csrf().disable(); http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class) .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http.authorizeRequests() .antMatchers("/") .permitAll() .antMatchers("/error") .permitAll() .antMatchers("/saml/**") .permitAll() .anyRequest() .authenticated(); http.logout().logoutSuccessUrl("/"); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers( "/", "/403", "/404", "/500", "/generatedResources/**", "/resources/**", "/signup/**", "/signin/**", "/forgotMyPassword/**", "/themes/**") .permitAll(); http.authorizeRequests().regexMatchers("/user/.*/.*").permitAll(); http.authorizeRequests() .antMatchers("/challenges/**", "/user") .hasAnyRole("USER") .antMatchers("/manage/**") .hasRole("ADMIN") .anyRequest() .authenticated(); http.formLogin().loginPage("/signin").failureUrl("/signin?error").permitAll(); http.logout() .logoutUrl("/signout") .logoutSuccessUrl("/signin?signout") .deleteCookies("JSESSIONID") .permitAll(); http.rememberMe() .tokenRepository(persistentTokenRepository()) .tokenValiditySeconds(DateUtils.ONE_WEEK); http.apply(new SpringSocialConfigurer().signupUrl("/signup/social")); http.csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf() .disable() .authorizeRequests() // .antMatchers("/resources/**", "/**").permitAll() .antMatchers("/homePage", "/registrationPage") .permitAll() .anyRequest() .permitAll() .and(); http.formLogin() // указываем страницу с формой логина .loginPage("/login") // указываем action с формы логина .loginProcessingUrl("/j_spring_security_check") .defaultSuccessUrl("/admin") // указываем URL при неудачном логине .failureUrl("/login?error") // Указываем параметры логина и пароля с формы логина .usernameParameter("j_username") .passwordParameter("j_password") // даем доступ к форме логина всем .permitAll(); http.logout() // разрешаем делать логаут всем .permitAll() // указываем URL логаута .logoutUrl("/logout") .logoutSuccessUrl("/registrationPage") // указываем URL при удачном логауте .logoutSuccessUrl("/login?logout") // делаем не валидной текущую сессию .invalidateHttpSession(true); }
@Override protected void configure(HttpSecurity http) throws Exception { http.formLogin().loginPage("/login").permitAll(); http.logout().logoutSuccessUrl("/?logout").permitAll(); http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated(); }