Java 类org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter 实例源码

项目:Spring-5.0-Cookbook    文件:AppSecurityModelC.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

        http
          .anonymous().authorities("ROLE_ANONYMOUS")
          .and()
          .authorizeRequests()
          .antMatchers("/login**", "/after**").permitAll()
          .antMatchers("/deptanon.html").anonymous()
          .anyRequest().authenticated()       
          .and()
          .formLogin()
          .loginPage("/login.html")
          .defaultSuccessUrl("/deptform.html")
          .failureHandler(customFailureHandler)
          .successHandler(customSuccessHandler)
          .and()
          .addFilterBefore(appAnonAuthFilter(), UsernamePasswordAuthenticationFilter.class)
          .addFilter(appAuthenticationFilter(authenticationManager()))
          .logout().logoutUrl("/logout.html")
          .logoutSuccessHandler(customLogoutHandler)
          .and().exceptionHandling().authenticationEntryPoint(setAuthPoint());

        http.csrf().disable();
  }
项目:Spring-5.0-Cookbook    文件:AppSecurityModelC.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

        http
          .anonymous().authorities("ROLE_ANONYMOUS")
          .and()
          .authorizeRequests()
          .antMatchers("/login**", "/after**").permitAll()
          .antMatchers("/deptanon.html").anonymous()
          .anyRequest().authenticated()       
          .and()
          .formLogin()
          .loginPage("/login.html")
          .defaultSuccessUrl("/deptform.html")
          .failureHandler(customFailureHandler)
          .successHandler(customSuccessHandler)
          .and()
          .addFilterBefore(appAnonAuthFilter(), UsernamePasswordAuthenticationFilter.class)
          .addFilter(appAuthenticationFilter(authenticationManager()))
          .logout().logoutUrl("/logout.html")
          .logoutSuccessHandler(customLogoutHandler)
          .and().exceptionHandling().authenticationEntryPoint(setAuthPoint());

        http.csrf().disable();
  }
项目:jersey-jwt-springsecurity    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

    http
        .csrf()
            .disable()
        .exceptionHandling()
            .authenticationEntryPoint(authenticationEntryPoint)
        .and()
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
            .authorizeRequests()
                .antMatchers("/api/auth", "/api/users/me", "/api/greetings/public").permitAll()
                .anyRequest().authenticated()
        .and()
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
项目:airsonic    文件:GlobalSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

    http = http.addFilter(new WebAsyncManagerIntegrationFilter());
    http = http.addFilterBefore(jwtAuthFilter(), UsernamePasswordAuthenticationFilter.class);

    http
            .antMatcher("/ext/**")
            .csrf().requireCsrfProtectionMatcher(csrfSecurityRequestMatcher).and()
            .headers().frameOptions().sameOrigin().and()
            .authorizeRequests()
            .antMatchers("/ext/stream/**", "/ext/coverArt*", "/ext/share/**", "/ext/hls/**")
            .hasAnyRole("TEMP", "USER").and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .exceptionHandling().and()
            .securityContext().and()
            .requestCache().and()
            .anonymous().and()
            .servletApi();
}
项目:fish-admin    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            // we don't need CSRF because our token is invulnerable
            .csrf().disable()
            .authorizeRequests()
            // All urls must be authenticated (filter for token always fires (/**)
            .antMatchers(HttpMethod.OPTIONS, "/login").permitAll()
            .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
            .anyRequest().authenticated()
            .and()
            // Call our errorHandler if authentication/authorisation fails
            .exceptionHandling()
            .authenticationEntryPoint((httpServletRequest, httpServletResponse, e) -> httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"))
            .and()
            // don't create session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            // 添加一个过滤器 所有访问 /login 的请求交给 JWTLoginFilter 来处理 这个类处理所有的JWT相关内容
            .and().addFilterBefore(new JwtAuthenticationTokenFilter("/login", authenticationManager()),
                    UsernamePasswordAuthenticationFilter.class)
            // 添加一个过滤器验证其他请求的Token是否合法
            .addFilterBefore(new JWTAuthenticationFilter(),
                    UsernamePasswordAuthenticationFilter.class);
    // disable page caching
    httpSecurity.headers().cacheControl();
}
项目:jwtExample    文件:WebSecurityConfiguration.java   
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        .csrf()
            .disable()
        .exceptionHandling()
            .authenticationEntryPoint(this.unauthorizedHandler)
            .and()
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
        .authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            .antMatchers("/auth/**").permitAll()
            .antMatchers("/anonymous/**").permitAll()

            .anyRequest().authenticated();

        // Custom JWT based authentication
    httpSecurity
        .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
项目:PepSIIrup-2017    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler)
            .and()
            .authorizeRequests()
            .antMatchers(HttpMethod.POST,"/**").authenticated()
            .antMatchers(HttpMethod.POST, "/login").permitAll()
            .and()
            .formLogin()
            .and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .logout()
            .and()
            .addFilterBefore(new JwtLoginFilter(urlLogin, authenticationManager(), tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class)
            .addFilterBefore(new JwtAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class)
            .headers().cacheControl();
}
项目:spring-security-firebase    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .cors()
            .and()
            // we don't need CSRF because our token is invulnerable
            .csrf().disable()
            // All urls must be authenticated (filter for token always fires (/**)
            .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS).permitAll()
                .antMatchers("/auth/**").authenticated()
            .and()
            // don't create session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); //.and()
    // Custom JWT based security filter
    httpSecurity
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);


    // disable page caching
    // httpSecurity.headers().cacheControl();
}
项目:bxbot-ui-server    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            // we don't need CSRF because our token is invulnerable
            .csrf().disable()

            .exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and()

            // no need to create session as JWT auth is stateless and per request
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()

            .authorizeRequests()
            .antMatchers("/auth").permitAll()                   // allow anyone to try and authenticate
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll() // allow CORS pre-flighting
            .anyRequest().authenticated();                      // lock down everything else

    // Add our custom JWT security filter before Spring Security's Username/Password filter
    httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

    // Disable page caching in the browser
    httpSecurity.headers().cacheControl().disable();
}
项目:kinota-server    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable() // We don't need CSRF for JWT based authentication
            .exceptionHandling()
            .authenticationEntryPoint(this.authenticationEntryPoint)
            .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll()
            .antMatchers(API_DOCS_ENTRY_POINT).permitAll()
            .antMatchers(HttpMethod.GET, TOKEN_BASED_AUTH_ENTRY_POINT).permitAll()
            .antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated()
            .anyRequest().permitAll()
            .and()
            .addFilterBefore(buildDeviceLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
            .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
}
项目:kinota-server    文件:WebSecurityConfig.java   
@Override
  protected void configure(HttpSecurity http) throws Exception {
http
        .csrf().disable()
        .exceptionHandling()
        .authenticationEntryPoint(this.authenticationEntryPoint)
        .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .authorizeRequests()
        .antMatchers(HttpMethod.POST, formBasedAuthEntry).permitAll()
        .antMatchers(HttpMethod.GET, apiAuthEntry).permitAll()
        .antMatchers(apiAuthEntry).authenticated()
        .antMatchers(dbStatusAuthEntry).access("hasIpAddress('127.0.0.1')")
        .anyRequest().permitAll()
        .and()
        .addFilterBefore(corsFilter(), SessionManagementFilter.class)
        .addFilterBefore(buildDeviceLoginProcessingFilter(),
                UsernamePasswordAuthenticationFilter.class)
        .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(),
                UsernamePasswordAuthenticationFilter.class)
        .addFilterBefore(buildJwtTokenAuthenticationProcessingFilterDbStatus(),
                UsernamePasswordAuthenticationFilter.class);
  }
项目:spring-boot-oauth2-azuread    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

    // allow loading our single page application by everyone. not required if the page is hosted somewhere else.
    http.authorizeRequests().antMatchers("/").permitAll();

    // allow logout
    http.logout().logoutSuccessUrl("/").permitAll();

    // all  other services are protected.
    http.authorizeRequests().anyRequest().authenticated();

    // we are using token based authentication. csrf is not required.
    http.csrf().disable();

    // need a filter to validate the Jwt token from AzureAD and assign roles.
    // without this, the token will not be validated and the role is always ROLE_USER.
    http.addFilterBefore(azureAdJwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
}
项目:FCat    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
  //解决Refused to display 'http://......' in a frame because it set 'X-Frame-Options' to 'DENY'. "错误
  http.headers().frameOptions().disable();

  http.authorizeRequests().antMatchers("/").permitAll()
          .antMatchers("/**/session/**").authenticated()//登录即可获取session信息
          // 其他地址的访问均需验证权限(需要登录,且有指定的权限)
          .anyRequest().access("@permissionService.hasPermission(request,authentication)").and()
          .addFilterBefore(corsFilter,UsernamePasswordAuthenticationFilter.class)
          .addFilterAt(codeUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).exceptionHandling()
          .authenticationEntryPoint((request, response, authException) -> {
            String result = JSON.toJSONString(JsonUtil.getResultJson(ResultCodeEnum.NOLOGIN));
            HttpHelper.setResponseJsonData(response,result);
          }).and()
          .addFilterBefore(corsFilter,LogoutFilter.class)
          .formLogin().loginProcessingUrl("/login").permitAll().and()
          .logout().logoutSuccessHandler(logoutSuccessHandler()).permitAll();
  http.csrf().disable();
}
项目:OpenLRW    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .csrf().disable() // We don't need CSRF for JWT based authentication
    .exceptionHandling()
    .authenticationEntryPoint(this.authenticationEntryPoint)

    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

    .and()
        .authorizeRequests()
            .antMatchers(ADMIN_LOGIN_ENTRY_POINT).permitAll()
            .antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login end-point
            .antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token refresh end-point
    .and()
        .authorizeRequests()
            .antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected API End-points
    .and()
        .addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
        .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
}
项目:SpringBootStudy    文件:JsonWebTokenSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http// disable CSRF, http basic, form login
            .csrf().disable() //
            .httpBasic().disable() //
            .formLogin().disable()
            // ReST is stateless, no sessions
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) //
            .and()
            // return 403 when not authenticated
            .exceptionHandling().authenticationEntryPoint(new NoAuthenticationEntryPoint());

    // Let child classes set up authorization paths
    setupAuthorization(http);
    http.addFilterBefore(jsonWebTokenFilter, UsernamePasswordAuthenticationFilter.class);
}
项目:spring-boot-jjwt    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        // we don't need CSRF because our token is invulnerable
        .csrf().disable()

        .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()

        // don't create session
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()

        .authorizeRequests()

        // allow auth url
        .antMatchers("/auth").permitAll()

        .anyRequest().authenticated();

    // custom JWT based security filter
    httpSecurity.addFilterBefore(authenticationFilterBean(), UsernamePasswordAuthenticationFilter.class);

    // disable page caching
    httpSecurity.headers().cacheControl();
}
项目:MicroServiceDemo    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            // 使用JWT不需要csrf
            .csrf().disable()
            // 基于token不需要session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers(HttpMethod.GET, "/info").permitAll()
            // login route is only publicly available for POST requests
            .antMatchers(HttpMethod.POST, "/register").permitAll()
            .antMatchers(HttpMethod.GET, "/login").permitAll()
            .antMatchers(HttpMethod.GET, "/refresh").permitAll()
            .anyRequest().authenticated()
            .and()
            // And filter other requests to check the presence of JWT in header
            // 集成JWT和Spring Security
            // 如果客户端请求体中包含token,在检查token之后才放行
            .addFilterBefore(authenticationFilterBean(),
                    UsernamePasswordAuthenticationFilter.class);
    // 禁用缓存
    http.headers().cacheControl();
}
项目:product-management-system    文件:SecurityConfig.java   
@Override
protected void configure(final HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/auth/login").permitAll()
            .antMatchers("/image/**").permitAll()
            .antMatchers(HttpMethod.GET, "/store/**").permitAll()
            .antMatchers(HttpMethod.POST, "/user/").permitAll()
            .antMatchers(HttpMethod.POST, "/product/**").hasAuthority(ROLE_ADMIN.name())
            .antMatchers(HttpMethod.PUT, "/product/**").hasAuthority(ROLE_ADMIN.name())
            .antMatchers(HttpMethod.DELETE, "/product/**").hasAuthority(ROLE_ADMIN.name())
            .antMatchers(HttpMethod.POST, "/stock/**").hasAnyAuthority(ROLE_ADMIN.name(), ROLE_STOCK_MANAGER.name())
            .antMatchers(HttpMethod.PUT, "/stock/**").hasAnyAuthority(ROLE_ADMIN.name(), ROLE_STOCK_MANAGER.name())
            .antMatchers(HttpMethod.DELETE, "/stock/**").hasAnyAuthority(ROLE_ADMIN.name(), ROLE_STOCK_MANAGER.name())
            .antMatchers(HttpMethod.POST, "/store/").hasAnyAuthority(ROLE_ADMIN.name(), ROLE_STORE_MANAGER.name())
            .antMatchers(HttpMethod.PUT, "/store/").hasAnyAuthority(ROLE_ADMIN.name(), ROLE_STORE_MANAGER.name())
            .antMatchers(HttpMethod.DELETE, "/store/**").hasAnyAuthority(ROLE_ADMIN.name(), ROLE_STORE_MANAGER.name())
            .anyRequest().authenticated()
            .and()
            .addFilterBefore(filter(), UsernamePasswordAuthenticationFilter.class)
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .csrf().disable();
}
项目:infotaf    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .csrf().disable() // We don't need CSRF for JWT based authentication
    .exceptionHandling()
    .authenticationEntryPoint(this.authenticationEntryPoint)

    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

    .and()
        .authorizeRequests()
            .antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login end-point
            .antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token refresh end-point
    .and()
        .authorizeRequests()
            .antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected API End-points
    .and()
        .addFilterBefore(new XSSFilter(), UsernamePasswordAuthenticationFilter.class)
        .addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class)
        .addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
        .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
}
项目:tour-of-heros-api-security-zerhusen    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            // we don't need CSRF because our token is invulnerable
            .csrf().disable()

            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()

            // don't create session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()

            .authorizeRequests()
            .antMatchers("/auth/**").permitAll()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            .anyRequest().authenticated();

    // Custom JWT based security filter
    httpSecurity
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

    // disable page caching
    httpSecurity.headers().cacheControl();
}
项目:SA-starter-kit    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.exceptionHandling().and()
            .anonymous().and()
            .servletApi().and()
            .headers().cacheControl();

    http.authorizeRequests()
            .antMatchers(HttpMethod.GET, "/api/users/**").hasRole("USER");

    http.addFilterBefore(
            new StatelessLoginFilter(
                    "/api/login",
                    tokenAuthenticationService,
                    userService,
                    authenticationManager()),
            UsernamePasswordAuthenticationFilter.class);

    http.addFilterBefore(
            new StatelessAuthenticationFilter(tokenAuthenticationService),
            UsernamePasswordAuthenticationFilter.class);
    }
项目:juiser    文件:JuiserAuthenticationFilterRegistrar.java   
@Override
public void init(HttpSecurity http) throws Exception {

    // autowire this bean
    ApplicationContext context = http.getSharedObject(ApplicationContext.class);
    context.getAutowireCapableBeanFactory().autowireBean(this);

    boolean springSecurityEnabled = forwardedHeaderConfig.getJwt() instanceof SpringSecurityJwtConfig;

    if (springSecurityEnabled) {
        String headerName = forwardedHeaderConfig.getName();
        HeaderAuthenticationFilter filter = new HeaderAuthenticationFilter(headerName, authenticationManager);
        http.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);
    } //else juiser.security.enabled is false or spring security is disabled via a property
}
项目:angular2-spring-boot    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf()
            .disable()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(http401UnauthorizedEntryPoint)
            .and()
            .authorizeRequests()
            .antMatchers("/login/**").permitAll()
            .anyRequest().authenticated()
            .and()
            .addFilterBefore(crossOriginResourceSharingFilter, ChannelProcessingFilter.class)
            .addFilterBefore(statelessAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
项目:service-integration-sdk    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/unsecured/**")
            .permitAll()
                .and()
            .antMatcher("/api/v1/**")
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
            .csrf().disable()
            .authorizeRequests().anyRequest().authenticated()
                .and()
            .addFilterBefore(oAuthSignatureCheckingFilter(), UsernamePasswordAuthenticationFilter.class)
            .addFilterBefore(requestIdFilter(), ProtectedResourceProcessingFilter.class);
}
项目:smt-spring-security-parent    文件:JwtSuccessHandlerWrapperTest.java   
@Test
public void Can_wrap_a_success_handler() {

    final UsernamePasswordAuthenticationFilter filter = mock(UsernamePasswordAuthenticationFilter.class);

    final AuthenticationSuccessHandler oldSuccessHandler = mock(AuthenticationSuccessHandler.class);
    final JwtAuthenticationSuccessHandler newSuccessHandler = mock(JwtAuthenticationSuccessHandler.class);

    // Given
    given(mutator.retrieve(filter, "successHandler", AuthenticationSuccessHandler.class))
        .willReturn(oldSuccessHandler);
    given(successHandler.withDelegate(oldSuccessHandler)).willReturn(newSuccessHandler);

    // When
    successHandlerWrapper.modify(filter);

    // Then
    verify(filter).setAuthenticationSuccessHandler(newSuccessHandler);
}
项目:meditor    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
  http
      .csrf().disable()
      .exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint).and()
      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
      .authorizeRequests()
      .antMatchers(HttpMethod.OPTIONS, "/api/**").permitAll()
      .antMatchers(HttpMethod.GET, "/",
          "/favicon.ico",
          "/**/*.css",
          "/**/*.js",
          "/**/*.woff",
          "/**/*.woff2",
          "/**/*.ttf").permitAll()
      .antMatchers("/api/auth").permitAll()
      .anyRequest().authenticated();

  http.addFilterBefore(this.jwtAuthTokenFilter,
      UsernamePasswordAuthenticationFilter.class);
  http.headers().cacheControl().disable();
}
项目:booktrackr    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .authorizeRequests()
            // allow anonymous access access to Swagger docs
            .antMatchers("/v2/api-docs", "/**/swagger-ui.html", "/webjars/**", "/swagger-resources/**", "/configuration/**").permitAll()
            // anonymous users need to be able to log in
            .antMatchers("/authenticate", "/users").permitAll()
            // home page
            .antMatchers("/", "/app/**", "/bower_components/**", "/partials/**").permitAll()
            // all other request paths are protected
            .anyRequest().authenticated()
            .and()
            .logout()
            .permitAll();

    http.addFilterBefore(new JwtLoginFilter("/authenticate", jwtUtil, userDetailsService, authenticationManager()), UsernamePasswordAuthenticationFilter.class);
    http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
项目:springboot_jwt_blog    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    // disable caching
    http.headers().cacheControl();

    http.csrf().disable() // disable csrf for our requests.
    .authorizeRequests()
    .antMatchers("/").permitAll()
    .antMatchers(HttpMethod.POST,"/login").permitAll()
    .anyRequest().authenticated()
    .and()
    // We filter the api/login requests
    .addFilterBefore(new JWTLoginFilter("/login", authenticationManager()), UsernamePasswordAuthenticationFilter.class)
    // And filter other requests to check the presence of JWT in header
    .addFilterBefore(new JWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
项目:subs    文件:SubsAAPWebSecurityConfig.java   
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    LOGGER.info("[StatelessAuthenticationEntryPoint]- " + unauthorizedHandler);

    httpSecurity
            // we don't need CSRF because our token is invulnerable
            .csrf().disable()
            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
            // don't create session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests().antMatchers("/").permitAll()
            .antMatchers("/browser/**/*").permitAll()
            .antMatchers("/docs/**/*").permitAll()
            .anyRequest().authenticated();

    httpSecurity.addFilterBefore(statelessAuthenticationFilterBean(),
            UsernamePasswordAuthenticationFilter.class);
    // disable page caching
    httpSecurity.headers().cacheControl();
}
项目:spring-oauth2-jwt-jdbc    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().ignoringAntMatchers("/login");

    http.authorizeRequests()
            .antMatchers("/login")
            .permitAll()
            .antMatchers("/oauth/token")
            .authenticated()
            .antMatchers("/oauth/authorize")
            .hasAuthority("ROLE_USER")
            .and()
            .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
            .exceptionHandling()
            .authenticationEntryPoint(jwtAuthEndPoint);
}
项目:flowable-engine    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
            .addFilterBefore(flowableCookieFilter, UsernamePasswordAuthenticationFilter.class)
            .logout()
                .logoutUrl("/app/logout")
                .logoutSuccessHandler(ajaxLogoutSuccessHandler)
                .addLogoutHandler(new ClearFlowableCookieLogoutHandler())
        .and()
            .csrf()
                .disable() // Disabled, cause enabling it will cause sessions
                .headers()
                .frameOptions()
                .sameOrigin()
                .addHeaderWriter(new XXssProtectionHeaderWriter())
        .and()
            .authorizeRequests()
            .antMatchers(REST_ENDPOINTS_PREFIX + "/**").hasAuthority(DefaultPrivileges.ACCESS_MODELER);
}
项目:flowable-engine    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .addFilterBefore(flowableCookieFilter, UsernamePasswordAuthenticationFilter.class)
            .logout()
            .logoutUrl("/app/logout")
            .logoutSuccessHandler(ajaxLogoutSuccessHandler)
            .addLogoutHandler(new ClearFlowableCookieLogoutHandler())
            .and()
            .csrf()
            .disable() // Disabled, cause enabling it will cause sessions
            .headers()
            .frameOptions()
            .sameOrigin()
            .addHeaderWriter(new XXssProtectionHeaderWriter())
            .and()
            .authorizeRequests()
            .antMatchers("/app/rest/**").hasAuthority(DefaultPrivileges.ACCESS_TASK);
}
项目:stateless-rest-jwtcookie-demo    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

    http.httpBasic().disable()
            .exceptionHandling().authenticationEntryPoint(internalConfig.authenticationEntryPoint())
            .and().authenticationProvider(internalConfig.authenticationProvider())
            .formLogin().loginProcessingUrl(SECURITY_BASE + METHOD_LOGIN).successHandler(internalConfig.successHandler()).failureHandler(internalConfig.failureHandler())
            .and().logout().logoutUrl(SECURITY_BASE + METHOD_LOGOUT).logoutSuccessHandler(internalConfig.logoutSuccessHandler()).invalidateHttpSession(true)
            .and().authorizeRequests()
            .antMatchers(API_HELLO + METHOD_HELLO_ADMIN).hasAuthority("ADMIN")
            .antMatchers(API_HELLO + METHOD_HELLO_AUTHENTICATED).authenticated()
            .antMatchers("*").permitAll()
            .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and().csrf().disable();

    http.addFilterBefore(internalConfig.authenticationTokenFilterBean(authenticationManager()), UsernamePasswordAuthenticationFilter.class);

}
项目:microservices    文件:WebSecurityConfig.java   
@Override
protected void configure(final HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .authorizeRequests()
            .antMatchers("/admin/login").permitAll()
            .anyRequest().authenticated()
            .and()
            .exceptionHandling().authenticationEntryPoint(entryPoint)
            .and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
    http
            .headers().cacheControl();
}
项目:lti-launch    文件:LtiLaunchSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    LOG.debug("configuring HttpSecurity");
    String canvasUrl = configService.getConfigValue("canvas_url");
    if (StringUtils.isBlank(canvasUrl)) {
        throw new RuntimeException("Missing canvas_url config value");
    }
    http.requestMatchers()
        .antMatchers("/launch").and()
        .addFilterBefore(configureProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
        .authorizeRequests().anyRequest().authenticated().and().csrf().disable()
        .headers().addHeaderWriter(new XFrameOptionsHeaderWriter(new StaticAllowFromStrategy(new URI(canvasUrl))))
        .addHeaderWriter(new StaticHeadersWriter("Content-Security-Policy",
                "default-src 'self' https://s.ksucloud.net https://*.instructure.com; " +
                "font-src 'self' https://s.ksucloud.net https://*.instructure.com; " +
                "script-src 'self' 'unsafe-inline' https://ajax.googleapis.com; " +
                "style-src 'self' 'unsafe-inline' https://*.instructure.com https://www.k-state.edu" ))
        .addHeaderWriter(new StaticHeadersWriter("P3P", "CP=\"This is just to make IE happy with cookies in this iframe\""));
}
项目:auth-server    文件:WebApplicationSecurity.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/login")
            .permitAll()
            .antMatchers("/oauth/**")
            .authenticated()
            .and()
            // TODO: This is a bad idea! We need CSRF at least for the `/oauth/authorize` endpoint
            .csrf().disable()
            .exceptionHandling()
            .authenticationEntryPoint(loginUrlAuthenticationEntryPoint())
            .accessDeniedPage("/login/error")
            .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
            .and()
            .addFilterBefore(loginDecisionFilter(), UsernamePasswordAuthenticationFilter.class);
}
项目:Cerberus    文件:WebSecurityConfiguration.java   
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
  httpSecurity
    .csrf()
      .disable()
    .exceptionHandling()
      .authenticationEntryPoint(this.unauthorizedHandler)
      .and()
    .sessionManagement()
      .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
      .and()
    .authorizeRequests()
      .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
      .antMatchers("/auth/**").permitAll()
      .anyRequest().authenticated();

  // Custom JWT based authentication
  httpSecurity
    .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
项目:spring-security-jwt    文件:SpringSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .exceptionHandling().and()
            .anonymous().and()
            .servletApi().and()
            .headers().cacheControl().and()
            .authorizeRequests()

            // Allow anonymous resource requests
            .antMatchers("/").permitAll()
            .antMatchers("/favicon.ico").permitAll()
            .antMatchers("/**/*.html").permitAll()
            .antMatchers("/**/*.css").permitAll()
            .antMatchers("/**/*.js").permitAll()

            // Allow anonymous logins
            .antMatchers("/auth/**").permitAll()

            // All other request need to be authenticated
            .anyRequest().authenticated().and()

            // Custom Token based authentication based on the header previously given to the client
            .addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class);
}
项目:ChangTalk    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .csrf()
            .disable()  
        .addFilterAfter(restAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class) //커스텀 인증 필터
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
        .exceptionHandling()    
            .authenticationEntryPoint(unauthorizedEntryPoint()) //예외 발생시 핸들러 등록
            .and()
    .authorizeRequests()    //use-expressions = true 를 포함함
        //위쪽부터 일치하는지 검사하므로 로그인 없이 허가 허용하고 싶을 경우 위쪽으로 배치
        .regexMatchers("/").permitAll()         //URL 허가
        .regexMatchers("/hello").permitAll()    //URL 허가
        .regexMatchers(HttpMethod.POST,"/v1/member").permitAll()    //회원 가입
        .regexMatchers("/v1/.*").fullyAuthenticated();  //Rest api를 위한 완전한 인증
}
项目:trivia-microservices    文件:JsonWebTokenSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            // disable CSRF, http basic, form login
            .csrf().disable() //
            .httpBasic().disable() //
            .formLogin().disable()

            // ReST is stateless, no sessions
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) //

            .and()

            // return 403 when not authenticated
            .exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());

    // Let child classes set up authorization paths
    setupAuthorization(http);

    http.addFilterBefore(jsonWebTokenFilter, UsernamePasswordAuthenticationFilter.class);
}