Пример #1
0
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    HttpSessionCsrfTokenRepository csrfTokenRepository = new HttpSessionCsrfTokenRepository();
    csrfTokenRepository.setHeaderName(CSRF_HEADER_NAME);
    http.csrf().csrfTokenRepository(csrfTokenRepository);

    http.authorizeRequests()
        .antMatchers("/assets/**", "/webjars/**", "/login/**", "/api-docs/**")
        .permitAll()
        .antMatchers("/jsondoc/**", "/jsondoc-ui.html")
        .permitAll()
        .anyRequest()
        .fullyAuthenticated();

    http.formLogin().loginProcessingUrl("/login").loginPage("/login").failureUrl("/login?error");

    http.httpBasic();

    http.logout().logoutUrl("/logout").logoutSuccessUrl("/login?logout");

    http.headers()
        .defaultsDisabled()
        .contentTypeOptions()
        .and()
        .xssProtection()
        .and()
        .httpStrictTransportSecurity()
        .and()
        .addHeaderWriter(
            new StaticHeadersWriter(
                "Access-Control-Allow-Origin", "http://petstore.swagger.wordnik.com"))
        .addHeaderWriter(new CsrfTokenCookieWriter(csrfTokenRepository, CSRF_COOKIE_NAME));
  }
Пример #2
0
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .antMatchers("/resources/**", "/**")
        .permitAll()
        .antMatchers("/", "/login", "/registration")
        .permitAll()
        .antMatchers("/company.*")
        .hasRole(Role.ROLE_COMPANY_MANAGER.name())
        .antMatchers("/unit.*")
        .hasRole(Role.ROLE_COMPANY_MANAGER.name())
        .antMatchers("/employee.*")
        .hasAnyRole(Role.ROLE_COMPANY_MANAGER.name(), Role.ROLE_UNIT_MANAGER.name())
        .antMatchers("/admin/*")
        .hasRole(Role.ROLE_ADMIN.name());

    http.formLogin()
        .loginPage("/")
        .loginProcessingUrl("/j_spring_security_check")
        .failureUrl("/badlogin")
        .usernameParameter("j_username")
        .passwordParameter("j_password")
        .permitAll();

    http.logout()
        .permitAll()
        .logoutUrl("/logout")
        .logoutSuccessUrl("/")
        .invalidateHttpSession(true);
  }
 @Override
 public void configure(HttpSecurity http) throws Exception {
   http
       // Logout
       .logout()
       .logoutUrl("/oauth/logout")
       .logoutSuccessHandler(customLogoutSuccessHandler)
       .and()
       // Session management
       .sessionManagement()
       .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
       .and()
       // URI's to verify
       .authorizeRequests()
       .antMatchers("/oauth/logout")
       .permitAll()
       .antMatchers("/")
       .permitAll()
       .antMatchers("/**")
       .authenticated()
       //                    .antMatchers("/usuarios/**").hasRole("ADMIN")
       .and()
       .csrf()
       .disable();
 }
 /**
  * Defines the web based security configuration.
  *
  * @param http It allows configuring web based security for specific http requests.
  * @throws Exception
  */
 @Override
 protected void configure(HttpSecurity http) throws Exception {
   http.httpBasic().authenticationEntryPoint(samlEntryPoint());
   http.csrf().disable();
   http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
       .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
   http.authorizeRequests()
       .antMatchers("/")
       .permitAll()
       .antMatchers("/error")
       .permitAll()
       .antMatchers("/saml/**")
       .permitAll()
       .anyRequest()
       .authenticated();
   http.logout().logoutSuccessUrl("/");
 }
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .antMatchers(
            "/",
            "/403",
            "/404",
            "/500",
            "/generatedResources/**",
            "/resources/**",
            "/signup/**",
            "/signin/**",
            "/forgotMyPassword/**",
            "/themes/**")
        .permitAll();

    http.authorizeRequests().regexMatchers("/user/.*/.*").permitAll();

    http.authorizeRequests()
        .antMatchers("/challenges/**", "/user")
        .hasAnyRole("USER")
        .antMatchers("/manage/**")
        .hasRole("ADMIN")
        .anyRequest()
        .authenticated();

    http.formLogin().loginPage("/signin").failureUrl("/signin?error").permitAll();

    http.logout()
        .logoutUrl("/signout")
        .logoutSuccessUrl("/signin?signout")
        .deleteCookies("JSESSIONID")
        .permitAll();
    http.rememberMe()
        .tokenRepository(persistentTokenRepository())
        .tokenValiditySeconds(DateUtils.ONE_WEEK);

    http.apply(new SpringSocialConfigurer().signupUrl("/signup/social"));

    http.csrf().disable();
  }
Пример #6
0
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf()
        .disable()
        .authorizeRequests()
        // .antMatchers("/resources/**", "/**").permitAll()
        .antMatchers("/homePage", "/registrationPage")
        .permitAll()
        .anyRequest()
        .permitAll()
        .and();

    http.formLogin()
        // указываем страницу с формой логина
        .loginPage("/login")
        // указываем action с формы логина
        .loginProcessingUrl("/j_spring_security_check")
        .defaultSuccessUrl("/admin")
        // указываем URL при неудачном логине
        .failureUrl("/login?error")
        // Указываем параметры логина и пароля с формы логина
        .usernameParameter("j_username")
        .passwordParameter("j_password")
        // даем доступ к форме логина всем
        .permitAll();

    http.logout()
        // разрешаем делать логаут всем
        .permitAll()
        // указываем URL логаута
        .logoutUrl("/logout")
        .logoutSuccessUrl("/registrationPage")
        // указываем URL при удачном логауте
        .logoutSuccessUrl("/login?logout")
        // делаем не валидной текущую сессию
        .invalidateHttpSession(true);
  }
 @Override
 protected void configure(HttpSecurity http) throws Exception {
   http.formLogin().loginPage("/login").permitAll();
   http.logout().logoutSuccessUrl("/?logout").permitAll();
   http.authorizeRequests().antMatchers("/").permitAll().anyRequest().authenticated();
 }