Java 类org.springframework.security.web.util.matcher.AntPathRequestMatcher 实例源码

@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
            samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
            samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
            metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
            samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
            samlWebSSOHoKProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
            samlLogoutProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
            samlIDPDiscovery()));
    return new FilterChainProxy(chains);
}

public static RequestMatcher getRequestMatcher(
        ManagementContextResolver contextResolver) {
    if (contextResolver == null) {
        return null;
    }
    ManagementServerProperties management = contextResolver
            .getApplicationContext().getBean(ManagementServerProperties.class);
    ServerProperties server = contextResolver.getApplicationContext()
            .getBean(ServerProperties.class);
    String path = management.getContextPath();
    if (StringUtils.hasText(path)) {
        AntPathRequestMatcher matcher = new AntPathRequestMatcher(
                server.getPath(path) + "/**");
        return matcher;
    }
    // Match everything, including the sensitive and non-sensitive paths
    return new LazyEndpointPathRequestMatcher(contextResolver, EndpointPaths.ALL);
}

public void execute(FilterSecurityInterceptor filterSecurityInterceptor,
        Map<String, String> resourceMap) {
    Assert.notNull(filterSecurityInterceptor);
    Assert.notNull(resourceMap);

    logger.info("refresh url resource");

    LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = null;
    requestMap = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();

    for (Map.Entry<String, String> entry : resourceMap.entrySet()) {
        String key = entry.getKey();
        String value = entry.getValue();
        requestMap.put(new AntPathRequestMatcher(key),
                SecurityConfig.createListFromCommaDelimitedString(value));
    }

    FilterInvocationSecurityMetadataSource source = new DefaultFilterInvocationSecurityMetadataSource(
            requestMap);
    filterSecurityInterceptor.setSecurityMetadataSource(source);
}

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/login", "/register")
            .permitAll()
            .anyRequest()
            .authenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/profile")
            .and()
            .logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login");
}

@Bean
public AuthenticationInterceptor authInterceptor() {
    List<RequestMatcher> matchers = ImmutableList.of(
        new AntPathRequestMatcher("/flows/**"),
        new AntPathRequestMatcher("/user/register"),
        new AntPathRequestMatcher("/user/delete"),
        new AntPathRequestMatcher("/user"),
        new AntPathRequestMatcher("/user/role/update"),
        new AntPathRequestMatcher("/jobs/**"),
        new AntPathRequestMatcher("/credentials/*"),
        new AntPathRequestMatcher("/actions/**"),
        new AntPathRequestMatcher("/message/**"),
        new AntPathRequestMatcher("/agents/create"),
        new AntPathRequestMatcher("/agents"),
        new AntPathRequestMatcher("/roles/**"),
        new AntPathRequestMatcher("/thread/config")
    );
    return new AuthenticationInterceptor(matchers);
}

@Override
protected void configure(HttpSecurity http) throws Exception{
    http.addFilterBefore(characterEncodingFilter(), CsrfFilter.class);
    http.authorizeRequests()
            .antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
            .antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
            .and()
            .formLogin()
            .loginPage("/login")
            .usernameParameter("ssoId")
            .passwordParameter("password")
            .failureHandler(new CustomAuthenticationFailureHandler())
            .defaultSuccessUrl("/")
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .and()
            .rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
            .and()
            .csrf()
            .and()
            .exceptionHandling().accessDeniedPage("/error");

    http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}

@Override
protected void configure(HttpSecurity http) throws Exception{
    http.authorizeRequests()
            .antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
            .antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
            .and()
            .formLogin()
            .loginPage("/login")
            .usernameParameter("ssoId")
            .passwordParameter("password")
            .failureHandler(new CustomAuthenticationFailureHandler())
            .defaultSuccessUrl("/")
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .and()
            .rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
            .and()
            .csrf()
            .and()
            .exceptionHandling().accessDeniedPage("/oups");

    http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}

@Override
   protected void configure(HttpSecurity http) throws Exception
   {

     // EXAMPLE OF AUTHENTICATION AND AUTHORIZATION

      http.csrf().disable().
      authorizeRequests()
      //TODO: verificar se da pra deixar um matcher só
    .antMatchers("/admin").hasRole("ADMIN")
    .antMatchers("/admin/**").hasRole("ADMIN")
    .antMatchers("/cadastro/**").permitAll()
    .antMatchers("/evaluate").permitAll()
    .antMatchers("/vQtDNoCxpCa8QIAZPWeIMt4hPuLwZ8a/").permitAll()
    .antMatchers("/modulo/cultura/missao/deliver").permitAll()
    .antMatchers("/entrega/submit").permitAll()

//      .antMatchers(HttpMethod.POST,"/specificUrl").hasRole("ADMIN")
//      .antMatchers("/url3/**").permitAll()
      .anyRequest().authenticated()
      .and()
      .formLogin().loginPage("/login"). permitAll()
      .and()
      .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"));

   }

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/produtos/form").hasRole("ADMIN")
            .antMatchers("/shopping/**").permitAll()
            .antMatchers(HttpMethod.POST, "/produtos").hasRole("ADMIN")
            .antMatchers("/produtos/**").permitAll()
            .antMatchers("/").permitAll()
            .antMatchers("/user/**").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").permitAll().successHandler(
                    new RedirectAfterLogin())
            // para definir para onde vai depois de fazer o login
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher(
                            "/logout"))
            .logoutSuccessHandler(new RedirectAfterLogout());
}

@Bean(name = "springSecurityFilterChain")
public FilterChainProxy springSecurityFilterChain() throws ServletException, Exception {

    final List<SecurityFilterChain> listOfFilterChains = new ArrayList<SecurityFilterChain>();

    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/cors")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/dump")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/validatorUrl")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-resources")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/ui")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/security")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/v2/api-docs")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-ui.html")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/webjars/**")));
    // no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/webjars/**")));// no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/*"), securityContextPersistenceFilterWithASCFalse(),
            usernamePasswordAuthenticationFilter(), sessionManagementFilter(), exceptionTranslationFilter(), filterSecurityInterceptor()));

    final FilterChainProxy filterChainProxy = new FilterChainProxy(listOfFilterChains);

    return filterChainProxy;
}

@Bean(name = "springSecurityFilterChain")
public FilterChainProxy springSecurityFilterChain() throws ServletException, Exception {

    final List<SecurityFilterChain> listOfFilterChains = new ArrayList<SecurityFilterChain>();
    // listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/login"), new NoSecurityFilter()));

    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/validatorUrl")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-resources")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/ui")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/security")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/v2/api-docs")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-ui.html")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/webjars/**")));
    // no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/webjars/**")));// no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/**"), securityContextPersistenceFilterWithASCFalse(),
            exceptionTranslationFilter(), filterSecurityInterceptor()));

    final FilterChainProxy filterChainProxy = new FilterChainProxy(listOfFilterChains);

    return filterChainProxy;
}

@Override
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected void configure(final HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .authorizeRequests()
            .antMatchers("/fonts/**").permitAll()
            .antMatchers("/register").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").permitAll()
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll()
            .and()
            .exceptionHandling().accessDeniedPage("/access?error")
            .and().headers().xssProtection().block(false).xssProtectionEnabled(false).and() // Default setting for Spring Boot to activate XSS Protection (dont fix!)
            .and().csrf().disable(); // FIXME [dh] Enabling CSRF prevents file upload, must be fixed
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    logger.debug("Configuring web security");

    http.headers().cacheControl().disable();
    http.authorizeRequests()
            // TODO (move img to images)
            // TODO (move intl to js/intl)
            .antMatchers("/intl/*", "/img/*", "/fonts/*", "/webjars/**", "/cli/**").permitAll()
            .regexMatchers("/login\\?.*").permitAll()
            .anyRequest().fullyAuthenticated()
            .and()
            .formLogin()
            .loginPage("/login").permitAll()
            .successHandler(new ShowPageAuthenticationSuccessHandler())
            .and()
            .logout().logoutSuccessUrl("/login?logout").permitAll();

    http.exceptionHandling().defaultAuthenticationEntryPointFor(new Http401AuthenticationEntryPoint("API_UNAUTHORIZED"), new AntPathRequestMatcher("/api/*"));
    http.exceptionHandling().defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), new AntPathRequestMatcher("/*"));
}

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {

    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/esparkHome").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/esparkLoginPage")
            .defaultSuccessUrl("/esparkUserPage")
            .permitAll()
            .and()
            .csrf().disable()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/esparkHome")
            .permitAll();

}

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {

    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/esparkHome").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/esparkLoginPage")
            .defaultSuccessUrl("/esparkUserPage")
            .permitAll()
            .and()
            .csrf().disable()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/esparkHome")
            .permitAll();

}

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/esparkHome").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/esparkLoginPage")
            .defaultSuccessUrl("/esparkUserPage")
            .permitAll()
            .and()
            .csrf().disable()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
             .logoutSuccessUrl("/esparkHome")
            .permitAll();

}

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/esparkHome").permitAll()
            .antMatchers("/espark/info").hasAnyRole("ADMIN","USER")
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/esparkLoginPage")
            .defaultSuccessUrl("/esparkUserPage")
            .permitAll()
            .and()
            .csrf().disable()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/esparkHome?logout=true")
            .permitAll();

}

@Override
protected void configure(HttpSecurity http) throws Exception {  
    http.authorizeRequests()
     .antMatchers("/restricted/**").authenticated() 
     .antMatchers("/web/**").authenticated()
     .and()
        .formLogin()
            .usernameParameter("j_username") // default is username
              .passwordParameter("j_password") // default is password
            .loginPage("/views/login.html").successHandler(new CustomSuccessHandler()).failureUrl("/views/login.html?failure")              
     .and()
        .logout().logoutSuccessUrl("/")
        .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))      
     .and()
        .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
        .csrf().csrfTokenRepository(csrfTokenRepository());
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/user/**").authenticated()
            .anyRequest().permitAll()
            .and().exceptionHandling()
            .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
            .and()
            .formLogin().loginPage("/login").loginProcessingUrl("/login.do").defaultSuccessUrl("/user/info")
            .failureUrl("/login?err=1")
            .permitAll()
            .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/")
            .permitAll()

            .and().addFilterBefore(githubFilter(), BasicAuthenticationFilter.class)
    ;

}

public static RequestMatcher getRequestMatcher(
        ManagementContextResolver contextResolver) {
    if (contextResolver == null) {
        return null;
    }
    ManagementServerProperties management = contextResolver
            .getApplicationContext().getBean(ManagementServerProperties.class);
    ServerProperties server = contextResolver.getApplicationContext()
            .getBean(ServerProperties.class);
    String path = management.getContextPath();
    if (StringUtils.hasText(path)) {
        AntPathRequestMatcher matcher = new AntPathRequestMatcher(
                server.getPath(path) + "/**");
        return matcher;
    }
    // Match everything, including the sensitive and non-sensitive paths
    return new LazyEndpointPathRequestMatcher(contextResolver, EndpointPaths.ALL);
}

private void addSecurityConfig(FilterInvocation filterInvocation, Collection<ConfigAttribute> guiConfigAttr,
                   String url, DisplayableValue<String>[] actions) {

     AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
     if (!matcher.matches(filterInvocation.getRequest()) || actions == null) {
         return;
     }

     for (DisplayableValue<String> action : actions) {
         String actionUri = action.getValue();
         if (StringUtils.isBlank(actionUri)) {
             continue;
         }

         //all users has permission to access these resources
         if (action.equals(AuthorizationConstants.AUTZ_UI_PERMIT_ALL_URL)) {
             return;
         }

         SecurityConfig config = new SecurityConfig(actionUri);
if (!guiConfigAttr.contains(config)) {
    guiConfigAttr.add(config);
}
     }
 }

@Override
protected void configure(HttpSecurity http) throws Exception {
    List<RequestMatcher> csrfMethods = new ArrayList<>();
    Arrays.asList( "POST", "PUT", "PATCH", "DELETE" )
            .forEach( method -> csrfMethods.add( new AntPathRequestMatcher( "/**", method ) ) );
    http
            .sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS ).and()
            .exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint ).and()
            .authorizeRequests()
            .antMatchers(
                    HttpMethod.GET,
                    "/",
                    "/webjars/**",
                    "/*.html",
                    "/favicon.ico",
                    "/**/*.html",
                    "/**/*.css",
                    "/**/*.js"
            ).permitAll()
            .antMatchers("/auth/**").permitAll()
            .anyRequest().authenticated().and()
            .addFilterBefore(new TokenAuthenticationFilter(tokenHelper, jwtUserDetailsService), BasicAuthenticationFilter.class);

    http.csrf().disable();
}

/**
 * SAML Filter.
 * @return SAMLFilter
 * @throws Exception Exception
 */
@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
        samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
        samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
        samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
        samlWebSSOHoKProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
        samlLogoutProcessingFilter()));
     return new FilterChainProxy(chains);
}

private FilterChainProxy samlFilter(SAMLEntryPoint samlEntryPoint, SAMLContextProvider contextProvider) {
    List<SecurityFilterChain> chains = new ArrayList<>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
        samlEntryPoint));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
        new MetadataDisplayFilter()));
    try {
        chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
            samlWebSSOProcessingFilter(samlAuthenticationProvider, contextProvider, samlProcessor)));
    } catch (Exception e) {
        e.printStackTrace();
    }
    SAMLDiscovery samlDiscovery = new SAMLDiscovery();
    samlDiscovery.setMetadata(cachingMetadataManager);
    samlDiscovery.setContextProvider(contextProvider);
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
        samlDiscovery));
    return new FilterChainProxy(chains);
}

/**
 * 根据路径获取访问权限的集合接口
 *
 * @param object
 * @return
 * @throws IllegalArgumentException
 */
@Override
public Collection<ConfigAttribute> getAttributes(Object object)
        throws IllegalArgumentException {
    HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
    List<ConfigAttribute> attrs = new ArrayList<>();
    try {
        List<Permission> permissions = permissionService.findAll();
        for (Permission p : permissions) {
            AntPathRequestMatcher matcher = new AntPathRequestMatcher(p.getUrl());
            if (matcher.matches(request)) {
                attrs.add(new SecurityConfig(p.getCode()));
            }
        }
    } catch (ExecutionException e) {
        e.printStackTrace();
    }

    return attrs;
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    // @formatter:off
    http
    .authorizeRequests()
        .antMatchers("/login", "/logout.do", "/api/**").permitAll()
        .antMatchers("/**").authenticated()
    .and()
        .formLogin()
        .loginProcessingUrl("/login.do")
        .usernameParameter("name")
        .loginPage("/login")
    .and()
        .logout()
        .logoutRequestMatcher(new AntPathRequestMatcher("/logout.do")) // AntPathRequestMatcher for GET request
    .and()
    .userDetailsService(mongoUserDetailsManager);
    // @formatter:on
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    // 允许访问静态资源
    http.authorizeRequests().antMatchers("/templates/**").permitAll();
    // 允许访问登陆或退出url
    http.formLogin()
            .failureUrl("/login?error")
            .defaultSuccessUrl("/home")
            .loginPage("/login")
            .permitAll()
            .and()
            .logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login")
            .permitAll();
    //http.requiresChannel().antMatchers("https");


    // 除此之外的链接都需要验证
    http.authorizeRequests().anyRequest().authenticated();

}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/tours/*/reserve", "/reservations/**")
            .authenticated();
    http.formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/login/authenticate")
            .usernameParameter("username")
            .passwordParameter("password");
    http.logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/")
            .deleteCookies("JSESSIONID")
            .invalidateHttpSession(true);
    http.csrf().disable();
    http.headers().frameOptions().disable();
}

/**
 * Gets the filter security interceptor.
 *
 * @return the filter security interceptor
 */
@Bean(name = "fsi")
public FilterSecurityInterceptor getFilterSecurityInterceptor() {
  FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
  interceptor.setAuthenticationManager(getProviderManager());
  interceptor.setAccessDecisionManager(getAffirmativeBased());

  LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
  requestMap.put(new AntPathRequestMatcher("/adm/**"),
      SecurityConfig.createListFromCommaDelimitedString("ROLE_MANAGER,ROLE_MANAGER-GUI"));
  requestMap.put(new AntPathRequestMatcher("/adm/restartvm.ajax"), SecurityConfig
      .createListFromCommaDelimitedString("ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));
  requestMap.put(new AntPathRequestMatcher("/sql/**"), SecurityConfig
      .createListFromCommaDelimitedString("ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));
  requestMap.put(new AntPathRequestMatcher("/app/**"),
      SecurityConfig.createListFromCommaDelimitedString(
          "ROLE_POWERUSER,ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));
  requestMap.put(new AntPathRequestMatcher("/**"),
      SecurityConfig.createListFromCommaDelimitedString(
          "ROLE_PROBEUSER,ROLE_POWERUSER,ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));

  interceptor
      .setSecurityMetadataSource(new DefaultFilterInvocationSecurityMetadataSource(requestMap));
  return interceptor;
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf().disable()
        .authorizeRequests()
            .antMatchers("/resources/**", "/webjars/**","/assets/**").permitAll()
            .antMatchers("/", "/register", "/forgotPwd","/resetPwd").permitAll()
            .antMatchers("/myAccount","/checkout","/orders").authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/home")
            .failureUrl("/login?error")
            .permitAll()
            .and()
        .logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .permitAll()
            .and()
        .exceptionHandling().accessDeniedPage("/403");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf().disable()
        .authorizeRequests()
            .antMatchers("/resources/**", "/webjars/**","/assets/**").permitAll()
            .antMatchers("/", "/forgotPwd","/resetPwd").permitAll()
            //.antMatchers(HttpMethod.POST,"/api","/api/**").hasRole("ROLE_ADMIN")
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/home")
            .failureUrl("/login?error")
            .permitAll()
            .and()
        .logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            //.logoutUrl("/logout")
            .permitAll()
            .and()
        .exceptionHandling().accessDeniedPage("/403");
}

@Override
public void configure(HttpSecurity http) throws Exception {

    http.exceptionHandling()
            .authenticationEntryPoint(customAuthenticationEntryPoint)
            .and()
            .logout()
            .logoutUrl("/oauth/logout")//The Logout URL
            .logoutSuccessHandler(customLogoutSuccessHandler)
            .and()
            .csrf()
            .requireCsrfProtectionMatcher(
                    new AntPathRequestMatcher("/oauth/authorize"))
            .disable().headers().frameOptions().disable()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and().authorizeRequests().antMatchers("/hello/**")
            .permitAll().antMatchers("/secure/**").authenticated();

}

@SuppressWarnings("ProhibitedExceptionDeclared")
@Override
protected void configure(final HttpSecurity http) throws Exception {
    final HttpSessionRequestCache requestCache = new HttpSessionRequestCache();
    requestCache.setRequestMatcher(new AntPathRequestMatcher(FindController.APP_PATH + "/**"));

    http
        .authorizeRequests()
            .antMatchers("/api/public/**").hasRole(FindRole.USER.name())
            .antMatchers("/api/admin/**").hasRole(FindRole.ADMIN.name())
            .antMatchers("/api/config/**").hasRole(FindRole.CONFIG.name())
            .antMatchers("/api/bi/**").hasRole(FindRole.BI.name())
            .and()
        .requestCache()
            .requestCache(requestCache)
            .and()
        .csrf()
            .disable()
        .headers()
            .defaultsDisabled()
            .frameOptions()
            .sameOrigin();
}

/**
 * Define the security filter chain in order to support SSO Auth by using SAML 2.0
 *
 * @return Filter chain proxy
 * @throws Exception
 */
@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
                                              metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
                                              samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
                                              samlWebSSOHoKProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
                                              samlLogoutProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"), samlIDPDiscovery()));
    return new FilterChainProxy(chains);
}

/**
 * Define the security filter chain in order to support SSO Auth by using SAML 2.0
 *
 * @return Filter chain proxy
 * @throws Exception
 */
@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
            new TargetStoringFilter(),
            samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
            new TargetStoringFilter(),
            samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
            metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
            samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
            samlLogoutProcessingFilter()));
    return new FilterChainProxy(chains);
}

private void addSecurityConfig(FilterInvocation filterInvocation, List<String> requiredActions,
                   String url, DisplayableValue<String>[] actions) {

     AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
     if (!matcher.matches(filterInvocation.getRequest()) || actions == null) {
         return;
     }

     for (DisplayableValue<String> action : actions) {
         String actionUri = action.getValue();
         if (StringUtils.isBlank(actionUri)) {
             continue;
         }

if (!requiredActions.contains(actionUri)) {
    requiredActions.add(actionUri);
}
     }
 }

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterAfter(new CsrfTokenFilter(), CsrfFilter.class)
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .deleteCookies("remove")
            .invalidateHttpSession(true)
            .logoutUrl("/logout")
            .logoutSuccessUrl("/logout_success")
            //http://stackoverflow.com/questions/24108585/spring-security-java-config-not-generating-logout-url
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .and()
        .authorizeRequests()
            .antMatchers("/favicon.ico").permitAll()
            .antMatchers("/logout_success").permitAll()
            .antMatchers("/**").hasRole("USER");
}

/**
* Define the security filter chain in order to support SSO Auth by using SAML 2.0
* 
* @return Filter chain proxy
* @throws Exception
*/
  @Bean
  public FilterChainProxy samlFilter() throws Exception {
      List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
              samlEntryPoint()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
              samlLogoutFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
              metadataDisplayFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
              samlWebSSOProcessingFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
              samlWebSSOHoKProcessingFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
              samlLogoutProcessingFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
              samlIDPDiscovery()));
      return new FilterChainProxy(chains);
  }

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
//          .csrf().disable()
            .authorizeRequests()                                                                
                .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")                                  
                .and()
            .formLogin()
                .loginPage("/login.do")
                .defaultSuccessUrl("/index.do")
                .loginProcessingUrl("/j_spring_security_check")
                .usernameParameter("j_username")
                .passwordParameter("j_password")
                .and()
                .logout()
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/index.do")
                .and()
            .rememberMe()
                .key("authkey");
    }

@Override
protected void configure(HttpSecurity http) throws Exception {
    //@formatter:off
    http
      .authorizeRequests()
      .anyRequest()
      .authenticated()
    .and()
      .formLogin()
      .authenticationDetailsSource(TotpWebAuthenticationDetails::new)
      .loginPage("/login").failureUrl("/login?error").permitAll()
    .and()
      .logout()
      .logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"));
    //@formatter:on
}