1. 包列表
  2. 类列表
  3. org.springframework.security.web.authentication.logout.LogoutFilter

Java 类org.springframework.security.web.authentication.logout.LogoutFilter 实例源码

项目:esup-ecandidat    文件:SecurityConfig.java    
/**
 * @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity)
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.exceptionHandling()
            .authenticationEntryPoint(casEntryPoint())
            .and()
        .authorizeRequests()
            .antMatchers(ConstanteUtils.SECURITY_CONNECT_PATH+"/**").authenticated()
            .antMatchers("/**").permitAll()
            .antMatchers(ConstanteUtils.SECURITY_SWITCH_PATH).hasAuthority(NomenclatureUtils.DROIT_PROFIL_ADMIN)
            .antMatchers(ConstanteUtils.SECURITY_SWITCH_BACK_PATH).hasAuthority(SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR)
            .anyRequest().authenticated()
            .and()
        .addFilterBefore(singleSignOutFilter(), LogoutFilter.class)
        .addFilter(new LogoutFilter(casUrl + ConstanteUtils.SECURITY_LOGOUT_PATH, new SecurityContextLogoutHandler()))
        .addFilter(casAuthenticationFilter())
        .addFilterAfter(switchUserFilter(), FilterSecurityInterceptor.class)
        /* La protection Spring Security contre le Cross Scripting Request Forgery est désactivée, Vaadin implémente sa propre protection */
        .csrf().disable()
        .headers()
            /* Autorise l'affichage en iFrame */
            .frameOptions().disable()
            /* Supprime la gestion du cache du navigateur, pour corriger le bug IE de chargement des polices cf. http://stackoverflow.com/questions/7748140/font-face-eot-not-loading-over-https */
            .cacheControl().disable();
}
项目:springuni-particles    文件:SecurityConfigurationSupport.java    
@Override
protected void configure(HttpSecurity http) throws Exception {
  AuthenticationEntryPoint authenticationEntryPoint = lookup("authenticationEntryPoint");

  http.csrf().disable()
      .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
      .and()
      .sessionManagement().sessionCreationPolicy(STATELESS);

  customizeRequestAuthorization(http.authorizeRequests()
      .antMatchers("/").permitAll()
      .antMatchers(POST, LOGIN_ENDPOINT).permitAll()
      .and());

  http.authorizeRequests().anyRequest().authenticated();

  JwtTokenService jwtTokenService = lookup("jwtTokenService");

  // JwtAuthenticationFilter must precede LogoutFilter, otherwise LogoutHandler wouldn't know who
  // logs out.
  customizeFilters(
      http.addFilterBefore(new JwtAuthenticationFilter(jwtTokenService), LogoutFilter.class));

  customizeRememberMe(http);
}
项目:FCat    文件:WebSecurityConfig.java    
@Override
protected void configure(HttpSecurity http) throws Exception {
  //解决Refused to display 'http://......' in a frame because it set 'X-Frame-Options' to 'DENY'. "错误
  http.headers().frameOptions().disable();

  http.authorizeRequests().antMatchers("/").permitAll()
          .antMatchers("/**/session/**").authenticated()//登录即可获取session信息
          // 其他地址的访问均需验证权限(需要登录,且有指定的权限)
          .anyRequest().access("@permissionService.hasPermission(request,authentication)").and()
          .addFilterBefore(corsFilter,UsernamePasswordAuthenticationFilter.class)
          .addFilterAt(codeUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).exceptionHandling()
          .authenticationEntryPoint((request, response, authException) -> {
            String result = JSON.toJSONString(JsonUtil.getResultJson(ResultCodeEnum.NOLOGIN));
            HttpHelper.setResponseJsonData(response,result);
          }).and()
          .addFilterBefore(corsFilter,LogoutFilter.class)
          .formLogin().loginProcessingUrl("/login").permitAll().and()
          .logout().logoutSuccessHandler(logoutSuccessHandler()).permitAll();
  http.csrf().disable();
}
项目:shootmimi    文件:CasSecurityConfig.java    
@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests() // 配置安全策略
                .antMatchers("/", "/index").permitAll() // 定义首页请求不需要验证
                .anyRequest().authenticated() // 其余的所有请求都需要验证
                .and()
                .logout()
                .permitAll() // 定义logout不需要验证
                .and()
                .formLogin(); // 使用form表单登录

        http.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint())
                .and()
                .addFilter(casAuthenticationFilter())
                .addFilterBefore(requestSingleLogoutFilter(), LogoutFilter.class)
                .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);

//        http.csrf().disable(); // 禁用CSRF
    }
项目:smt-spring-security-parent    文件:JwtLogoutHandlerAdderTest.java    
@Test
@SuppressWarnings("unchecked")
public void Can_add_a_logout_handler() {

    final LogoutFilter filter = mock(LogoutFilter.class);

    final CaptureHandlers handlers = new CaptureHandlers();

    // Given
    willAnswer(handlers).given(mutator).update(eq(filter), eq("handlers"), eq(List.class), any(Updater.class));

    // When
    logoutHandlerAdder.modify(filter);

    // Then
    assertThat(handlers, contains((LogoutHandler) logoutHandler));
}
项目:demo-spring-security-cas    文件:SecurityConfiguration.java    
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint()).and().addFilter(casAuthenticationFilter())
            .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class)
            .addFilterBefore(requestCasGlobalLogoutFilter(), LogoutFilter.class);

    http.headers().frameOptions().disable().authorizeRequests().antMatchers("/").permitAll()
            .antMatchers("/login", "/logout", "/secure").authenticated().antMatchers("/filtered")
            .hasAuthority(AuthoritiesConstants.ADMIN).anyRequest().authenticated();

    /**
     * <logout invalidate-session="true" delete-cookies="JSESSIONID" />
     */
    http.logout().logoutUrl("/logout").logoutSuccessUrl("/").invalidateHttpSession(true)
            .deleteCookies("JSESSIONID");

    // http.csrf();
}
项目:cas-security-spring-boot-starter    文件:CasSecuritySpringBootSampleApplication.java    
@Override
public void configure(HttpSecurity http) throws Exception {
    http.logout()
        .permitAll()
        .logoutSuccessUrl("/logout.html")
        .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
    String logoutUrl = UriComponentsBuilder
            .fromUri(casSecurityProperties.getServer().getBaseUrl())
            .path(casSecurityProperties.getServer().getPaths().getLogout())
            .toUriString();
    LogoutFilter filter = new LogoutFilter(logoutUrl, new SecurityContextLogoutHandler());
    filter.setFilterProcessesUrl("/cas/logout");
    http.addFilterBefore(filter, LogoutFilter.class);
}
项目:Spring-Security-Third-Edition    文件:CasConfig.java    
/**
 * Request single point exit filter
 */
@Bean
public LogoutFilter casLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(
            casServerLogout,
            new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout");
    return logoutFilter;
}
项目:Spring-Security-Third-Edition    文件:CasConfig.java    
/**
 * Request single point exit filter
 */
@Bean
public LogoutFilter casLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(
            casServerLogout,
            new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout");
    return logoutFilter;
}
项目:Spring-Security-Third-Edition    文件:CasConfig.java    
/**
 * Request single point exit filter
 */
@Bean
public LogoutFilter casLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(
            casServerLogout,
            new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout");
    return logoutFilter;
}
项目:Spring-Security-Third-Edition    文件:CasConfig.java    
/**
 * Request single point exit filter
 */
@Bean
public LogoutFilter casLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(
            casServerLogout,
            new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout");
    return logoutFilter;
}
项目:Spring-Security-Third-Edition    文件:CasConfig.java    
/**
 * Request single point exit filter
 */
@Bean
public LogoutFilter casLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(
            casServerLogout,
            new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout");
    return logoutFilter;
}
项目:oasp-tutorial-sources    文件:BaseWebSecurityConfig.java    
/**
 * Create a simple filter that allows logout on a REST Url /services/rest/logout and returns a simple HTTP status 200
 * ok.
 *
 * @return the filter.
 */
protected Filter getSimpleRestLogoutFilter() {

  LogoutFilter logoutFilter =
      new LogoutFilter(new LogoutSuccessHandlerReturningOkHttpStatusCode(), new SecurityContextLogoutHandler());

  // configure logout for rest logouts
  logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/services/rest/logout"));

  return logoutFilter;
}
项目:shootmimi    文件:CasSecurityConfig.java    
/**
 * 请求单点退出过滤器
 */
@Bean
public LogoutFilter requestSingleLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl(casProperties.getAppLogoutUrl());
    return logoutFilter;
}
项目:smt-spring-security-parent    文件:JwtLogoutHandlerAdder.java    
@SuppressWarnings("unchecked")
@Override
public void modify(final LogoutFilter filter) {
    mutator.update(filter, "handlers", List.class, new Updater<List>() {
        @Override
        public List update(List oldHandlers) {
            final List<LogoutHandler> handlers = new ArrayList<>(oldHandlers);
            handlers.add(0, logoutHandler);
            return asList(handlers.toArray(new LogoutHandler[handlers.size()]));
        }
    });
}
项目:smt-spring-security-parent    文件:SecurityFilterChainWeaverTest.java    
@Test
public void Can_weave_a_security_filter_chain() {

    // Given
    final SecurityFilterChain filterChain = mock(SecurityFilterChain.class);

    // When
    chainWeaver.weave(filterChain);

    // Then
    verify(modifier).modifyLink(filterChain, LogoutFilter.class, logoutHandlerAdder);
    verify(modifier).addBefore(filterChain, UsernamePasswordAuthenticationFilter.class, authenticationFilter);
    verify(modifier).modifyLink(filterChain, UsernamePasswordAuthenticationFilter.class, successHandlerWrapper);
}
项目:shinyproxy    文件:KeycloakAuthenticationType.java    
@Override
public void configureHttpSecurity(HttpSecurity http) throws Exception {
    http.formLogin().disable();

    http
        .sessionManagement().sessionAuthenticationStrategy(sessionAuthenticationStrategy())
        .and()
        .addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
        .addFilterBefore(keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)
        .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
        .and()
        .logout().addLogoutHandler(keycloakLogoutHandler());
}
项目:spring-boot-security-saml-samples    文件:WebSecurityConfig.java    
/**
 * Defines the web based security configuration.
 *
 * @param http It allows configuring web based security for specific http requests.
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    HttpSessionSecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();
    securityContextRepository.setSpringSecurityContextKey("SPRING_SECURITY_CONTEXT_SAML");
    http
            .securityContext()
            .securityContextRepository(securityContextRepository);
    http
            .httpBasic()
            .disable();
    http
            .csrf()
            .disable();
    http
            .addFilterAfter(metadataGeneratorFilter, BasicAuthenticationFilter.class)
            .addFilterAfter(metadataDisplayFilter, MetadataGeneratorFilter.class)
            .addFilterAfter(samlEntryPoint, MetadataDisplayFilter.class)
            .addFilterAfter(samlWebSSOProcessingFilter, SAMLEntryPoint.class)
            .addFilterAfter(samlWebSSOHoKProcessingFilter, SAMLProcessingFilter.class)
            .addFilterAfter(samlLogoutProcessingFilter, SAMLWebSSOHoKProcessingFilter.class)
            .addFilterAfter(samlIDPDiscovery, SAMLLogoutProcessingFilter.class)
            .addFilterAfter(samlLogoutFilter, LogoutFilter.class);
    http
            .authorizeRequests()
            .antMatchers("/", "/error", "/saml/**", "/idpselection").permitAll()
            .anyRequest().authenticated();
    http
            .exceptionHandling()
            .authenticationEntryPoint(samlEntryPoint);
    http
            .logout()
            .disable();
}
项目:motech    文件:SecurityRuleBuilder.java    
private void addLogoutFilter(List<Filter> filters, MotechURLSecurityRule securityRule) {
    if (securityRule.isRest()) {
        return;
    }

    LogoutHandler springLogoutHandler = new SecurityContextLogoutHandler();
    LogoutFilter logoutFilter = new LogoutFilter("/module/server/login", motechLogoutHandler, springLogoutHandler);
    logoutFilter.setFilterProcessesUrl("/module/server/j_spring_security_logout");
    filters.add(logoutFilter);
}
项目:demo-spring-security-cas    文件:SecurityConfiguration.java    
@Bean
public LogoutFilter requestCasGlobalLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(env.getRequiredProperty(CAS_URL_LOGOUT) + "?service="
            + env.getRequiredProperty(APP_SERVICE_HOME), new SecurityContextLogoutHandler());
    // logoutFilter.setFilterProcessesUrl("/logout");
    // logoutFilter.setFilterProcessesUrl("/j_spring_cas_security_logout");
    logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/logout", "POST"));
    return logoutFilter;
}
项目:arsnova-backend    文件:SecurityConfig.java    
@Bean
public LogoutFilter casLogoutFilter() {
    LogoutFilter filter = new LogoutFilter(casLogoutSuccessHandler(), logoutHandler());
    filter.setLogoutRequestMatcher(new AntPathRequestMatcher("/j_spring_cas_security_logout"));

    return filter;
}
项目:Spring-Security-Third-Edition    文件:SecurityConfig.java    
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
项目:Spring-Security-Third-Edition    文件:SecurityConfig.java    
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
项目:Spring-Security-Third-Edition    文件:SecurityConfig.java    
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
项目:Spring-Security-Third-Edition    文件:SecurityConfig.java    
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
项目:Spring-Security-Third-Edition    文件:SecurityConfig.java    
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
项目:sample-boot-micro    文件:SecurityConfigurer.java    
@Override
protected void configure(HttpSecurity http) throws Exception {
    // Target URL
    http
        .authorizeRequests()
        .antMatchers(props.auth().getExcludesPath()).permitAll();
    http
        .csrf().disable()
        .authorizeRequests()
        .antMatchers(props.auth().getPathAdmin()).hasRole("ADMIN")
        .antMatchers(props.auth().getPath()).hasRole("USER");
    // common
    http
        .exceptionHandling().authenticationEntryPoint(entryPoint);
    http
        .sessionManagement()
        .maximumSessions(props.auth().getMaximumSessions())
        .and()
        .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
    http
        .addFilterAfter(new ActorSessionFilter(actorSession), UsernamePasswordAuthenticationFilter.class);
    if (corsFilter != null) {
        http.addFilterBefore(corsFilter, LogoutFilter.class);
    }
    if (filters != null) {
        for (Filter filter : filters.filters()) {
            http.addFilterAfter(filter, ActorSessionFilter.class);
        }
    }

    // login/logout
    http
        .formLogin().loginPage(props.auth().getLoginPath())
        .usernameParameter(props.auth().getLoginKey()).passwordParameter(props.auth().getPasswordKey())
        .successHandler(loginHandler).failureHandler(loginHandler)
        .permitAll()
        .and()
        .logout().logoutUrl(props.auth().getLogoutPath())
        .logoutSuccessHandler(loginHandler)
        .permitAll();
}
项目:smt-spring-security-parent    文件:SecurityFilterChainWeaver.java    
@Override
public void weave(SecurityFilterChain filterChain) {
    modifier.modifyLink(filterChain, LogoutFilter.class, logoutHandlerAdder);
    modifier.addBefore(filterChain, UsernamePasswordAuthenticationFilter.class, authenticationFilter);
    modifier.modifyLink(filterChain, UsernamePasswordAuthenticationFilter.class, successHandlerWrapper);
}
项目:coj-web    文件:SecurityConfiguration.java    
@Bean
public LogoutFilter logoutFilter(){
    LogoutFilter bean = new LogoutFilter(logoutUrl,rememberMeServices(),new SecurityContextLogoutHandler());
    bean.setFilterProcessesUrl(logoutFilterProcessesUrl);        
    return bean;
}
项目:cfsummiteu2017    文件:CustomSecurityConfiguration.java    
@Override
protected void configure(HttpSecurity http) throws Exception {
    UaaRelyingPartyFilter uaaRelyingPartyFilter = new UaaRelyingPartyFilter(authenticationManager());
    uaaRelyingPartyFilter.setSuccessHandler(new UaaRelyingPartyAuthenticationSuccessHandler());
    uaaRelyingPartyFilter.setFailureHandler(new UaaRelyingPartyAuthenticationFailureHandler());


        http.addFilterBefore(uaaRelyingPartyFilter, LogoutFilter.class)


        .csrf().disable()

        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

        .and()

        .exceptionHandling()
            .authenticationEntryPoint(new CommonCorsAuthenticationEntryPoint())

        .and()

        .authorizeRequests()
            .antMatchers(HttpMethod.GET,"/v2/authentication/{serviceInstanceId}").permitAll()
            .antMatchers(HttpMethod.GET,"/v2/authentication/{serviceInstanceId}/confirm").permitAll()
            .antMatchers(HttpMethod.GET, "/v2/manage/**").authenticated();

}
项目:spring-rest-server    文件:SecurityConfig.java    
@Override
protected void configure(HttpSecurity http) throws Exception {

    CustomAuthenticationSuccessHandler successHandler = new CustomAuthenticationSuccessHandler();
    successHandler.headerUtil(headerUtil);

    http.
            addFilterBefore(authenticationFilter(), LogoutFilter.class).

            csrf().disable().

            formLogin().successHandler(successHandler).
            loginProcessingUrl("/login").

            and().

            logout().
            logoutSuccessUrl("/logout").

            and().

            sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).

            and().

            exceptionHandling().
            accessDeniedHandler(new CustomAccessDeniedHandler()).
            authenticationEntryPoint(new CustomAuthenticationEntryPoint()).

            and().

            authorizeRequests().
            antMatchers(HttpMethod.POST, "/login").permitAll().
            antMatchers(HttpMethod.POST, "/logout").authenticated().
            antMatchers(HttpMethod.GET, "/**").hasRole("USER").
            antMatchers(HttpMethod.POST, "/**").hasRole("ADMIN").
            antMatchers(HttpMethod.DELETE, "/**").hasRole("ADMIN").
            anyRequest().authenticated();

}
项目:psi-probe    文件:ProbeSecurityConfig.java    
/**
 * Gets the logout filter.
 *
 * @return the logout filter
 */
@Bean(name = "logoutFilter")
public LogoutFilter getLogoutFilter() {
  return new LogoutFilter("/", getSecurityContextLogoutHandler());
}