@Override
protected void configure(HttpSecurity http) throws Exception {
SimpleUrlLogoutSuccessHandler redirectHandler = new SimpleUrlLogoutSuccessHandler();
redirectHandler.setTargetUrlParameter("redirect_uri");
// http://stackoverflow.com/questions/22886186/how-to-setup-access-control-allow-origin-filter-problematically-in-spring-securi
// @formatter:off
http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class)
.csrf()
.ignoringAntMatchers("/logout")
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.logout()
.logoutSuccessHandler(redirectHandler)
.permitAll();
// @formatter:on
}
@Override
public void configure(HttpSecurity http) throws Exception {
// In this OAuth2 scenario with implicit flow we both login the user and obtain the token
// in the same endpoint (/oauth/authorize). User credentials will be passed as "username" and
// "password" form.
// This might be different in other scenarios, for instance if we wanted to implement
// authorization code flow to support token refresh.
http.httpBasic()
.disable()
// Test filter gives problems because is redirecting to / is not saving the request to
// redirect properly
.logout()
.logoutUrl(apiPath + oauth2LogoutEndpointPath)
.logoutSuccessHandler(oauth2LogoutHandler());
if (swagerEnabled) {
if (!swaggerCloudMode) {
// If swagger is enabled and we are not in 'cloud mode' (behind a Zuul OAuth2 enabled proxy)
// we need to permit certain URLs and resources for Swagger UI to work with OAuth2
http.authorizeRequests()
.antMatchers(swaggerOauth2AllowedUrlsAntMatchers.split(","))
.permitAll();
}
} else {
http.authorizeRequests()
.antMatchers(swaggerOauth2AllowedUrlsAntMatchers.split(","))
.denyAll();
}
http.authorizeRequests().anyRequest().authenticated();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// .httpBasic()
// .and()
.formLogin()
.loginPage("/login")
.successHandler(successHandler)
// .usernameParameter("username")
// .passwordParameter("password")
.and()
.authorizeRequests()
.antMatchers("/")
.permitAll()
.antMatchers("/resources/**")
.permitAll()
.antMatchers("/admin/**")
.hasRole("ADMIN")
.antMatchers("/author/**")
.hasRole("AUTHOR")
.antMatchers("/login")
.hasRole("ANONYMOUS")
.and()
.csrf()
.disable();
http.exceptionHandling().accessDeniedPage("/403");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().authenticationEntryPoint(http401UnauthorizedEntryPoint);
http.formLogin()
.loginProcessingUrl("/authentication")
.successHandler(ajaxAuthenticationSuccessHandler)
.failureHandler(ajaxAuthenticationFailureHandler)
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessHandler(ajaxLogoutSuccessHandler)
.deleteCookies("JSESSIONID")
.permitAll()
.and()
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.authorizeRequests();
}
@Override
public void configure(HttpSecurity http) throws Exception {
ContentNegotiationStrategy contentNegotiationStrategy =
http.getSharedObject(ContentNegotiationStrategy.class);
if (contentNegotiationStrategy == null) {
contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
}
MediaTypeRequestMatcher preferredMatcher =
new MediaTypeRequestMatcher(
contentNegotiationStrategy,
MediaType.APPLICATION_FORM_URLENCODED,
MediaType.APPLICATION_JSON,
MediaType.MULTIPART_FORM_DATA);
http.csrf()
.disable()
.authorizeRequests()
.and()
.anonymous()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.httpBasic()
.and()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.defaultAuthenticationEntryPointFor(authenticationEntryPoint, preferredMatcher)
.and()
.authorizeRequests()
.antMatchers("/api/**")
.fullyAuthenticated();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// ログイン認証の対象外を設定
http.authorizeRequests()
.antMatchers(
"/",
"/no_auth/**",
"/csjs/**",
"/css/**",
"/images/**",
"/apidocs/**",
"/download/**")
.permitAll()
.anyRequest()
.authenticated();
// ログイン認証の設定
http.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/login_auth", true)
.permitAll()
.and()
.logout()
.permitAll();
// javadocのiframe向けにX-Frame-Optionsヘッダーを無効化
http.headers().frameOptions().disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.headers()
.addHeaderWriter(new StaticHeadersWriter("Server", "Spontaneous Running Backend"));
http.requestMatchers().antMatchers("/spontaneous/**");
http.csrf().disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/resources/**", "/**")
.permitAll()
.antMatchers("/", "/login", "/registration")
.permitAll()
.antMatchers("/company.*")
.hasRole(Role.ROLE_COMPANY_MANAGER.name())
.antMatchers("/unit.*")
.hasRole(Role.ROLE_COMPANY_MANAGER.name())
.antMatchers("/employee.*")
.hasAnyRole(Role.ROLE_COMPANY_MANAGER.name(), Role.ROLE_UNIT_MANAGER.name())
.antMatchers("/admin/*")
.hasRole(Role.ROLE_ADMIN.name());
http.formLogin()
.loginPage("/")
.loginProcessingUrl("/j_spring_security_check")
.failureUrl("/badlogin")
.usernameParameter("j_username")
.passwordParameter("j_password")
.permitAll();
http.logout()
.permitAll()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.invalidateHttpSession(true);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// Authorize application specific URLs
http.authorizeRequests()
.antMatchers("/", "/student/**", "/course/**", "/students", "/courses")
.authenticated()
.and()
// Configure the login rules
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/", true)
.failureUrl("/login?error")
.permitAll()
.and()
// Configure what happens on logout
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
.permitAll()
.and()
// Disable Cross Site Request Forgery, nice feature but annoying for this demo
.csrf()
.disable();
// Disable X-Frame-Options header so the h2-console can work
http.headers().frameOptions().disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
if (this.security.isRequireSsl()) {
http.requiresChannel().anyRequest().requiresSecure();
}
if (!this.security.isEnableCsrf()) {
http.csrf().disable();
}
// No cookies for application endpoints by default
http.sessionManagement().sessionCreationPolicy(this.security.getSessions());
SpringBootWebSecurityConfiguration.configureHeaders(
http.headers(), this.security.getHeaders());
String[] paths = getSecureApplicationPaths();
if (paths.length > 0) {
AuthenticationEntryPoint entryPoint = entryPoint();
http.exceptionHandling().authenticationEntryPoint(entryPoint);
http.httpBasic().authenticationEntryPoint(entryPoint);
http.requestMatchers().antMatchers(paths);
String[] roles = this.security.getUser().getRole().toArray(new String[0]);
SecurityAuthorizeMode mode = this.security.getBasic().getAuthorizeMode();
if (mode == null || mode == SecurityAuthorizeMode.ROLE) {
http.authorizeRequests().anyRequest().hasAnyRole(roles);
} else if (mode == SecurityAuthorizeMode.AUTHENTICATED) {
http.authorizeRequests().anyRequest().authenticated();
}
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/api/filters/secured")
.hasRole(SUPER_USER_ROLE)
.antMatchers("/admin/**")
.hasRole(ADMIN)
.antMatchers("/**")
.permitAll();
http.httpBasic().and().csrf().disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
ResourceServerSecurityConfigurer resources = new ResourceServerSecurityConfigurer();
ResourceServerTokenServices services = resolveTokenServices();
if (services != null) {
resources.tokenServices(services);
} else {
if (tokenStore != null) {
resources.tokenStore(tokenStore);
} else if (endpoints != null) {
resources.tokenStore(endpoints.getEndpointsConfigurer().getTokenStore());
}
}
if (eventPublisher != null) {
resources.eventPublisher(eventPublisher);
}
for (ResourceServerConfigurer configurer : configurers) {
configurer.configure(resources);
}
// @formatter:off
http
// N.B. exceptionHandling is duplicated in resources.configure() so that
// it works
.exceptionHandling()
.accessDeniedHandler(resources.getAccessDeniedHandler())
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable();
// @formatter:on
http.apply(resources);
RequestMatcherConfigurer requests = http.requestMatchers();
if (endpoints != null) {
// Assume we are in an Authorization Server
requests.requestMatchers(
new NotOAuthRequestMatcher(endpoints.oauth2EndpointHandlerMapping()));
}
for (ResourceServerConfigurer configurer : configurers) {
// Delegates can add authorizeRequests() here
configurer.configure(http);
}
if (configurers.isEmpty()) {
// Add anyRequest() last as a fall back. Spring Security would
// replace an existing anyRequest() matcher
// with this one, so to avoid that we only add it if the user hasn't
// configured anything.
http.authorizeRequests().anyRequest().authenticated();
}
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.authorizeRequests()
.antMatchers("/")
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/console/**")
.permitAll();
// don't use in a production environment
httpSecurity.csrf().disable();
httpSecurity.headers().frameOptions().disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// secure endpoints
RequestMatcher matcher =
this.management.getSecurity().isEnabled()
? LazyEndpointPathRequestMatcher.getRequestMatcher(this.contextResolver)
: null;
if (matcher != null) {
// Always protect them if present
if (this.security.isRequireSsl()) {
http.requiresChannel().anyRequest().requiresSecure();
}
AuthenticationEntryPoint entryPoint = entryPoint();
http.exceptionHandling().authenticationEntryPoint(entryPoint);
// Match all the requests for actuator endpoints ...
http.requestMatcher(matcher);
// ... but permitAll() for the non-sensitive ones
configurePermittedRequests(http.authorizeRequests());
http.httpBasic().authenticationEntryPoint(entryPoint);
// No cookies for management endpoints by default
http.csrf().disable();
http.sessionManagement().sessionCreationPolicy(this.management.getSecurity().getSessions());
SpringBootWebSecurityConfiguration.configureHeaders(
http.headers(), this.security.getHeaders());
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.csrf()
.disable()
.authorizeRequests()
.antMatchers("/")
.permitAll()
.anyRequest()
.authenticated();
http.httpBasic();
// @formatter:on
}
@Override
protected void configure(HttpSecurity http) throws Exception {
if (this.security.isRequireSsl()) {
http.requiresChannel().anyRequest().requiresSecure();
}
if (!this.security.isEnableCsrf()) {
http.csrf().disable();
}
SpringBootWebSecurityConfiguration.configureHeaders(http.headers(), this.security.getHeaders());
http.headers()
.addHeaderWriter(new StaticHeadersWriter("X-Content-Security-Policy", "script-src 'self'"));
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
// @formatter:off
http.csrf()
.disable()
.authorizeRequests()
.antMatchers("/admin/**")
.hasRole("ADMIN")
.antMatchers("/anonymous*")
.anonymous()
.antMatchers("/login*")
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/perform_login")
.defaultSuccessUrl("/homepage.html", true)
.failureUrl("/login.html?error=true")
.and()
.logout()
.logoutUrl("/perform_logout")
.deleteCookies("JSESSIONID")
.logoutSuccessHandler(logoutSuccessHandler());
// @formatter:on
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/maga")
.anonymous()
.antMatchers("/#!main")
.access("hasRole('user')")
.antMatchers("/#!admin")
.access("hasRole('admin')")
.and()
.formLogin()
.loginPage("/")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/#!main")
.failureUrl("/error")
.usernameParameter("username")
.passwordParameter("password")
.and()
.logout()
.logoutSuccessUrl("/logout")
.and()
.exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/main"))
.and()
.csrf()
.disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/login**")
.permitAll()
.antMatchers("/admin**")
.hasRole("ADMIN")
.antMatchers("/console/**")
.permitAll()
.anyRequest()
.permitAll()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/")
.loginProcessingUrl("/j_spring_security_check")
.failureUrl("/login?error")
.usernameParameter("username")
.passwordParameter("password")
.and()
.logout()
.logoutUrl("/j_spring_security_logout")
.logoutSuccessUrl("/login?logout")
// .and()
// .csrf()
;
// @formatter:on
// http.csrf().disable();
// http.headers().frameOptions().disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.accessDecisionManager(accessDecisionManager())
.antMatchers("/ping")
.permitAll()
.antMatchers("/authn")
.fullyAuthenticated()
.antMatchers("/profiles")
.permitAll()
.antMatchers("/profiles/**")
.hasAuthority("MYPROFILE")
.anyRequest()
.denyAll()
.and()
.addFilterAfter(authFilterBean(), BasicAuthenticationFilter.class)
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(entryPointBean())
.and()
.csrf()
.disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeUrls()
.antMatchers(
"/define.kitty",
"/next_step.kitty",
"/finale.kitty",
"/error.kitty",
"/step/first.kitty")
.permitAll()
.antMatchers("/step/finale.kitty")
.authenticated()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginUrl("/define.kitty")
.permitAll()
.loginProcessingUrl("/define.kitty")
.failureUrl("/error.kitty")
.usernameParameter("email")
.passwordParameter("password")
.successHandler(authenticationSuccessHandler())
.and()
.logout()
.logoutUrl("/undefine.kitty")
.logoutSuccessUrl("/define.kitty")
.and()
.sessionManagement()
.maximumSessions(1)
.expiredUrl("/define.kitty");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/home", "/admin/**")
.permitAll()
.antMatchers("/account/**")
.access("hasRole('ACCOUNTANT') or hasRole('DIRECTOR')")
.antMatchers("/admin/**")
.access("hasRole('ADMIN')")
.antMatchers("/db/**")
.access("hasRole('DIRECTOR')")
.and()
.formLogin()
.loginPage("/login")
.successHandler(customSuccessHandler)
.usernameParameter("ssoId")
.passwordParameter("password")
.and()
.rememberMe()
.rememberMeParameter("remember-me")
.tokenRepository(persistentTokenRepository())
.and()
.exceptionHandling()
.accessDeniedPage("/Access_Denied")
.and()
.csrf()
.disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(
"/",
"/css/**",
"/js/**",
"/contact.html",
"/motdepasse.html",
"/informations.html",
"/formulaireCode.html",
"/rinitPWD.html",
"/inscription.html",
"/test.html")
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/index")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/logout")
.permitAll();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/messageList*")
.hasAnyRole("USER", "GUEST")
.antMatchers("/messagePost*")
.hasRole("USER")
.antMatchers("/messageDelete*")
.hasRole("ADMIM")
.and()
.formLogin()
.loginPage("/login.jsp")
.loginProcessingUrl("/j_spring_security_check")
.defaultSuccessUrl("/messageList")
.failureUrl("/login.jsp?error=true")
.and()
.logout()
.logoutSuccessUrl("/login.jsp")
.and()
.anonymous()
.principal("guest")
.authorities("ROLE_GUEST")
.and()
.rememberMe()
.and()
.csrf()
.disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/", "/register", "/encounters", "/search", "/error")
.permitAll()
.antMatchers("/admin/**")
.hasRole("ADMIN")
.anyRequest()
.hasAnyRole("USER", "ADMIN")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/account")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.permitAll()
.and()
.securityContext()
.securityContextRepository(securityContextRepository);
// @formatter:on
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.and()
.formLogin()
.loginProcessingUrl("/api/authentication")
.successHandler(ajaxAuthenticationSuccessHandler)
.failureHandler(ajaxAuthenticationFailureHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.permitAll()
.and()
.rememberMe()
.rememberMeServices(rememberMeServices)
.key(env.getProperty("jhipster.security.rememberme.key"))
.and()
.logout()
.logoutUrl("/api/logout")
.logoutSuccessHandler(ajaxLogoutSuccessHandler)
.deleteCookies("JSESSIONID")
.permitAll()
.and()
.exceptionHandling();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.antMatchers("/admin/**")
.hasRole("ADMIN")
.and()
.formLogin()
.loginProcessingUrl("/j_spring_security_check")
.loginPage("/login")
.defaultSuccessUrl("/protected/home/")
.failureUrl("/login")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/?logout");
//
// http.authorizeRequests().antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')").antMatchers("/dba/**")
// .access("hasRole('ROLE_ADMIN') or
// hasRole('ROLE_DBA')").and().formLogin().loginPage("/login");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.GET, "/api/**")
.access("#oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST, "/api/**")
.access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PATCH, "/api/**")
.access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.PUT, "/api/**")
.access("#oauth2.hasScope('write')")
.antMatchers(HttpMethod.DELETE, "/api/**")
.access("#oauth2.hasScope('write')")
.and()
.headers()
.addHeaderWriter(
(request, response) -> {
response.addHeader("Access-Control-Allow-Origin", "*");
if (request.getMethod().equals("OPTIONS")) {
response.setHeader(
"Access-Control-Allow-Methods",
request.getHeader("Access-Control-Request-Method"));
response.setHeader(
"Access-Control-Allow-Headers",
request.getHeader("Access-Control-Request-Headers"));
}
});
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
// Logout
.logout()
.logoutUrl("/oauth/logout")
.logoutSuccessHandler(customLogoutSuccessHandler)
.and()
// Session management
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
// URI's to verify
.authorizeRequests()
.antMatchers("/oauth/logout")
.permitAll()
.antMatchers("/")
.permitAll()
.antMatchers("/**")
.authenticated()
// .antMatchers("/usuarios/**").hasRole("ADMIN")
.and()
.csrf()
.disable();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.requireCsrfProtectionMatcher(new CSRFRequestMatcher())
.and()
.authorizeRequests()
.antMatchers("/entrar", "/registrar/**", "/jobs/**", "/css/**", "/fonts/**", "/js/**")
.permitAll()
.antMatchers("/admin/**")
.hasRole("Administrator")
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/entrar")
.loginProcessingUrl("/entrar")
.failureUrl("/entrar?error=true")
.defaultSuccessUrl("/")
.usernameParameter("nomeDeUsuario")
.passwordParameter("senha")
.and()
.logout()
.logoutUrl("/sair")
.logoutSuccessUrl("/entrar?logout=true")
.invalidateHttpSession(true);
}
