@Override protected void configure(HttpSecurity http) throws Exception { final Filter corsFilter = context.getBean(ICorsFilterConfig.class).corsFilter(); final AuthenticationEntryPoint basicAuthenticationEntryPoint = context.getBean( BASIC_AUTH_BEAN_NAME, AuthenticationEntryPoint.class); http .antMatcher(JwtRestServiceConfig.REST_API_URL_PREFIX + "/**") // As of Spring Security 4.0, CSRF protection is enabled by default. .csrf().disable() // Configure CORS .addFilterBefore(corsFilter, SecurityContextPersistenceFilter.class) .authorizeRequests() .antMatchers(HttpMethod.OPTIONS, "/**").permitAll() .antMatchers("/**").hasAnyAuthority(ROLE_USER) .and() .httpBasic().authenticationEntryPoint(basicAuthenticationEntryPoint); }
@Override protected final void configure(final HttpSecurity http) throws Exception { Filter jwtFilter = context.getBean(IJwtConfig.class).jwtFilter(); Filter corsFilter = context.getBean(ICorsFilterConfig.class).corsFilter(); http // As of Spring Security 4.0, CSRF protection is enabled by default. .csrf().disable() // Configure CORS .addFilterBefore(corsFilter, SecurityContextPersistenceFilter.class) // To allow authentication with JWT (Required for ActiveUI) .addFilterAfter(jwtFilter, SecurityContextPersistenceFilter.class); if (logout) { // Configure logout URL http.logout() .permitAll() .deleteCookies(cookieName) .invalidateHttpSession(true) .logoutSuccessHandler(new NoRedirectLogoutSuccessHandler()); } if (useAnonymous) { // Handle anonymous users. The granted authority ROLE_USER // will be assigned to the anonymous request http.anonymous().principal("guest").authorities(ROLE_USER); } doConfigure(http); }
@Override protected void configure(HttpSecurity http) throws Exception { Filter corsFilter = context.getBean(ICorsFilterConfig.class).corsFilter(); http .antMatcher(VersionServicesConfig.REST_API_URL_PREFIX + "/**") // As of Spring Security 4.0, CSRF protection is enabled by default. .csrf().disable() // Configure CORS .addFilterBefore(corsFilter, SecurityContextPersistenceFilter.class) .authorizeRequests() .antMatchers("/**").permitAll(); }
private List<SecurityFilterChain> filterChain() { List<SecurityFilterChain> filters = new ArrayList<SecurityFilterChain>(12); RequestMatcher req = new AntPathRequestMatcher("/**"); filters.add(new DefaultSecurityFilterChain(req, new SecurityContextPersistenceFilter(), logoutFilter(),cojAuthenticationProcessingFilter(),new SecurityContextHolderAwareRequestFilter(), rememberMeAuthenticationFilter(),anonymousAuthenticationFilter(),exceptionTranslationFilter(),filterInvocationInterceptor() )); return filters; }
@Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().permitAll().and().formLogin().loginPage("/signin").defaultSuccessUrl("/blog").and().logout().logoutUrl("/logout").logoutSuccessUrl("/blog").and().rememberMe().rememberMeParameter("remember-me").and().csrf().disable(); User admin = userRepository.findByUsername("admin"); if (admin == null) admin = new User("admin", "123456"); admin.setAdmin(true); admin.setPassword("123456"); userRepository.save(admin); http.addFilterAfter(new DevSigninFilter(userRepository), SecurityContextPersistenceFilter.class); }
/** * Gets a filter chain proxy. * * @param trustedUserAuthenticationFilter the trusted user authentication filter. * @param httpHeaderAuthenticationFilter the HTTP header authentication filter. * * @return the filter chain proxy. */ @Bean public FilterChainProxy filterChainProxy(final TrustedUserAuthenticationFilter trustedUserAuthenticationFilter, final HttpHeaderAuthenticationFilter httpHeaderAuthenticationFilter) { return new FilterChainProxy(new SecurityFilterChain() { @Override public boolean matches(HttpServletRequest request) { // Match all URLs. return true; } @Override public List<Filter> getFilters() { List<Filter> filters = new ArrayList<>(); // Required filter to store session information between HTTP requests. filters.add(new SecurityContextPersistenceFilter()); // Trusted user filter to bypass security based on SpEL expression environment property. filters.add(trustedUserAuthenticationFilter); // Filter that authenticates based on http headers. if (Boolean.valueOf(configurationHelper.getProperty(ConfigurationValue.SECURITY_HTTP_HEADER_ENABLED))) { filters.add(httpHeaderAuthenticationFilter); } // Anonymous user filter. filters.add(new AnonymousAuthenticationFilter("AnonymousFilterKey")); return filters; } }); }
@Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .antMatchers("/", "/login", "/login**", "/register.html", "/action/register", "/action/verify/*", "/js/**") .permitAll() .anyRequest() .authenticated() .and() .formLogin() .loginPage("/login.html") .loginProcessingUrl("/login") .usernameParameter("username") .passwordParameter("password") .defaultSuccessUrl("/conversation.html") .failureUrl("/login.html?error=true") .permitAll() .and() .logout() .logoutUrl("/logout.html") .logoutSuccessUrl("/login.html") .permitAll() .and() .addFilterBefore(ssoFilters(), BasicAuthenticationFilter.class) .addFilterAfter(oAuth2ClientContextFilter, SecurityContextPersistenceFilter.class); }
@Override protected Filter[] getServletFilters() { return new Filter[]{ new MDCInsertingServletFilter(), new HiddenHttpMethodFilter(), new OpenEntityManagerInViewFilter(), new RequestContextFilter(), new SecurityContextPersistenceFilter() }; }
public SecurityContextPersistenceFilter securityContextPersistenceFilterWithASCFalse() { // return new SecurityContextPersistenceFilter(new HttpSessionSecurityContextRepository());// this stores token in httpSession return new SecurityContextPersistenceFilter(statelessSecurityContextRepository()); }
public SecurityContextPersistenceFilter securityContextPersistenceFilterWithASCFalse() { logger.info("securityContextPersistenceFilterWithASCFalse"); // return new SecurityContextPersistenceFilter(new HttpSessionSecurityContextRepository());// this stores token in httpSession return new SecurityContextPersistenceFilter(statelessSecurityContextRepository()); }
private void addSecurityContextPersistenceFilter(List<Filter> filters, SecurityContextRepository contextRepository) { SecurityContextPersistenceFilter securityContextFilter = new SecurityContextPersistenceFilter(contextRepository); filters.add(securityContextFilter); }
/** * Gets the security context persistence filter. * * @return the security context persistence filter */ @Bean(name = "sif") public SecurityContextPersistenceFilter getSecurityContextPersistenceFilter() { return new SecurityContextPersistenceFilter(); }
