Java 类org.springframework.security.web.csrf.CsrfFilter 实例源码

项目:emergentmud    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/**")
            .authorizeRequests()
            .antMatchers(
                    "/",
                    "/public/**",
                    "/social/**",
                    "/login**",
                    "/webjars/**",
                    "/img/**",
                    "/css/**",
                    "/robots.txt").permitAll()
            .anyRequest().authenticated()
            .and().logout().logoutSuccessUrl("/").permitAll()
            .and().formLogin().loginPage("/")
            .and().csrf().csrfTokenRepository(csrfTokenRepository())
            .and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
            .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);

}
项目:JenkinsHue    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http// .csrf().disable()

    .headers().cacheControl().disable().and().exceptionHandling()
            .authenticationEntryPoint(new RestAuthenticationEntryPoint("/")).and()

    /* old: "/bootstrap/**", "/libraries/**", "/scripts/**", "/styles/**" */
    .authorizeRequests().antMatchers("/", "/login", "/wro/**", "/images/**", "/views/**").permitAll().and()

    .authorizeRequests().anyRequest().authenticated().and()

    .formLogin().loginProcessingUrl("/login").successHandler(authenticationSuccessHandler())
            .failureHandler(authenticationFailureHandler()).and()

    .logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler())
            .deleteCookies("JSESSIONID", "XSRF-TOKEN").invalidateHttpSession(true).and()

    .csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
项目:cloud    文件:ResourceServerConfig.java   
@Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .csrf()
                .csrfTokenRepository(csrfTokenRepository())
                .and()
                .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
//              .csrf().disable()
                .exceptionHandling()
                .authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
                .and()
                .authorizeRequests().antMatchers("/", "/home", "/oauth/authorize", "/oauth/token").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
//              .loginPage("/login")
//              .failureForwardUrl("/login?error")
                .permitAll()
                .and()
                .logout()
//              .logoutUrl("/logout")
//              .logoutSuccessUrl("/login?logout")
                .permitAll()
                .and()
                .httpBasic();
    }
项目:AntiSocial-Platform    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception{
    http.addFilterBefore(characterEncodingFilter(), CsrfFilter.class);
    http.authorizeRequests()
            .antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
            .antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
            .and()
            .formLogin()
            .loginPage("/login")
            .usernameParameter("ssoId")
            .passwordParameter("password")
            .failureHandler(new CustomAuthenticationFailureHandler())
            .defaultSuccessUrl("/")
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .and()
            .rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
            .and()
            .csrf()
            .and()
            .exceptionHandling().accessDeniedPage("/error");

    http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}
项目:complete-transaction-management    文件:MainApplication.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .authorizeRequests()
    .antMatchers("/h2-console", "/rest/isAdmin").hasRole("ADMIN")// not working for h2 console // role should not start with 'ROLE_' since it is automatically inserted
    .anyRequest().authenticated()
    .and()
    .formLogin().loginPage("/login").failureUrl("/login?error").permitAll()
    .and()
    .logout().logoutSuccessUrl("/login?logout").permitAll()
    .and()
    .httpBasic()
    .and()
    .csrf().csrfTokenRepository(csrfTokenRepository())
    .and()
    .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
项目:hojeehdiaderua    文件:SecurityConfig.java   
@Override
public void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/hojeehdiaderua/**")
            .permitAll()
            .antMatchers("/admin/**")
            .access("hasRole('ROLE_ADMIN')")
            .and()
            .httpBasic()
            .and()
            .formLogin()
            .and()
            .logout()
            .logoutUrl("/admin/logout")
            .deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .logoutSuccessUrl("/index.jsp")
            .and()
            .csrf()
            .csrfTokenRepository(csrfTokenRepository())
            .and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
项目:trueyes    文件:WebfrontUIApplication.java   
@Override
public void configure(HttpSecurity http) throws Exception {
    //@formatter:off
    http
        .logout()
        .and()
        .antMatcher("/**").authorizeRequests()
        .antMatchers(   
                "/index.html",
                "/home.html", 
                "/", 
                "/login", 
                "/**/*.html", 
                "/**/*.less", 
                "/**/*.css", 
                "/**/*.js").permitAll()
            .anyRequest().authenticated()
            .and()
            .csrf().csrfTokenRepository(csrfTokenRepository())
            .and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
    //@formatter:on
}
项目:eve-oauth2-example    文件:EveOAuth2Example.java   
@Override
protected void configure(HttpSecurity http)
  throws Exception
{
  // @formatter:off
  http.antMatcher("/**")
    .authorizeRequests()
    .antMatchers("/", "/login**", "/webjars/**").permitAll()
    .anyRequest().authenticated()
    .and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
    .and().logout().logoutSuccessUrl("/").permitAll()
    .and().csrf().csrfTokenRepository(csrfTokenRepository())
    .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
    .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
  // @formatter:on
}
项目:igsn30    文件:MultiHttpSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {  
    http.authorizeRequests()
     .antMatchers("/restricted/**").authenticated() 
     .antMatchers("/web/**").authenticated()
     .and()
        .formLogin()
            .usernameParameter("j_username") // default is username
              .passwordParameter("j_password") // default is password
            .loginPage("/views/login.html").successHandler(new CustomSuccessHandler()).failureUrl("/views/login.html?failure")              
     .and()
        .logout().logoutSuccessUrl("/")
        .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))      
     .and()
        .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
        .csrf().csrfTokenRepository(csrfTokenRepository());
}
项目:spring-security-adfs-saml2    文件:SAMLWebSecurityConfigurerAdapter.java   
/**
 * Fluent API that pre-configures HttpSecurity with SAML specific configuration.
 *
 * @param http HttpSecurity instance
 * @return Same HttpSecurity instance
 * @throws Exception Exception
 */
// CSRF must be disabled when processing /saml/** to prevent "Expected CSRF token not found" exception.
// See: http://stackoverflow.com/questions/26508835/spring-saml-extension-and-spring-security-csrf-protection-conflict/26560447
protected final HttpSecurity samlizedConfig(final HttpSecurity http) throws Exception {
    http.httpBasic().authenticationEntryPoint(samlEntryPoint())
            .and()
            .csrf().ignoringAntMatchers("/saml/**")
            .and()
            .authorizeRequests().antMatchers("/saml/**").permitAll()
            .and()
            .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
            .addFilterAfter(filterChainProxy(), BasicAuthenticationFilter.class);

    // store CSRF token in cookie
    if (samlConfigBean().getStoreCsrfTokenInCookie()) {
        http.csrf()
                .csrfTokenRepository(csrfTokenRepository())
                .and()
                .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
    }

    return http;
}
项目:mccy-engine    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

    for (String p : mccySecuritySettings.getAllowAnonymous().getGet()) {
        http
            .authorizeRequests()
            .antMatchers(HttpMethod.GET, p).permitAll();
    }

    http
            .authorizeRequests()
                .antMatchers("/**").hasRole("USER")
            .and().formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/")
                .permitAll()
            .and().logout().logoutSuccessUrl("/")
            .and().addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
            .csrf().csrfTokenRepository(csrfTokenRepository());

    if (env.acceptsProfiles(MccyConstants.PROFILE_BASIC_AUTH, MccyConstants.PROFILE_DEV)) {
        http
                .httpBasic()
                .and().csrf().ignoringAntMatchers("/**");
    }
}
项目:dick    文件:SsoSecurityAutoConfiguration.java   
@Override
public void configure(HttpSecurity http) throws Exception {
    http.requestMatchers().anyRequest().and()
            .authorizeRequests().anyRequest()
            .authenticated().and().csrf()
            .csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);

    OAuth2SsoProperties sso = this.beanFactory.getBean(OAuth2SsoProperties.class);
    // Delay the processing of the filter until we know the
    // SessionAuthenticationStrategy is available:
    http.apply(
            (SecurityConfigurerAdapter) new OAuth2ClientAuthenticationConfigurer(oauth2SsoFilter(sso))
    );
    addAuthenticationEntryPoint(http, sso);
}
项目:building-microservices    文件:SsoUiApplication.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http
        .authorizeRequests()
            .antMatchers("/index.html", "/home.html", "/")
                .permitAll()
                .anyRequest()
                    .authenticated()
        .and()
            .csrf()
            .csrfTokenRepository(csrfTokenRepository())
        .and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
    // @formatter:on
}
项目:ServiceCutter    文件:SecurityConfiguration.java   
@Override
protected void configure(final HttpSecurity http) throws Exception {
    http.csrf().ignoringAntMatchers("/websocket/**").and().addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling()
            .authenticationEntryPoint(authenticationEntryPoint).and().rememberMe().rememberMeServices(rememberMeServices).rememberMeParameter("remember-me")
            .key(env.getProperty("jhipster.security.rememberme.key")).and().formLogin().loginProcessingUrl("/api/authentication")
            .successHandler(ajaxAuthenticationSuccessHandler).failureHandler(ajaxAuthenticationFailureHandler).usernameParameter("j_username").passwordParameter("j_password")
            .permitAll().and().logout().logoutUrl("/api/logout").logoutSuccessHandler(ajaxLogoutSuccessHandler).deleteCookies("JSESSIONID").permitAll().and().headers()
            .frameOptions().disable().and().authorizeRequests().antMatchers("/api/register").permitAll().antMatchers("/api/activate").permitAll()
            .antMatchers("/api/authenticate").permitAll().antMatchers("/api/account/reset_password/init").permitAll().antMatchers("/api/account/reset_password/finish")
            .permitAll().antMatchers("/api/logs/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/api/audits/**").hasAuthority(AuthoritiesConstants.ADMIN)
            .antMatchers("/api/**").authenticated().antMatchers("/websocket/tracker").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/websocket/**").permitAll()
            .antMatchers("/metrics/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/health/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/trace/**")
            .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/dump/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/shutdown/**")
            .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/beans/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/configprops/**")
            .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/info/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/autoconfig/**")
            .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/env/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/trace/**")
            .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/mappings/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/v2/api-docs/**").permitAll()
            .antMatchers("/configuration/security").permitAll().antMatchers("/configuration/ui").permitAll().antMatchers("/swagger-ui/index.html")
            .hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/protected/**").authenticated();

}
项目:the-turbine    文件:SecuritySetup.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

  // // http://stackoverflow.com/questions/31724994/spring-data-rest-and-cors

  http
      .addFilterBefore(newCorsFilter(), ChannelProcessingFilter.class)
      .httpBasic()
      .and()
      .authorizeRequests()
      // .antMatchers("/index.html", "/home.html", "/login.html", "/", "turbine/**", "/user").permitAll()
      /* 
       * when running a local spring simple stomp broker, this is needed because
       * the credentials do not work when given to AngularStompDK in atacama
       * so we are forced to unsecure the simple stomp broker for now...
       */
      .antMatchers("/ticks/**").permitAll() 
      .anyRequest()
      .hasAnyRole("USER")
      // .authenticated()
      .and()
      .csrf().csrfTokenRepository(newCsrfTokenRepository())
      .and()
      .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);

}
项目:spring-boot-microservices    文件:OAuthConfiguration.java   
/**
 * Define the security that applies to the proxy
 */
@Override
   public void configure(HttpSecurity http) throws Exception {
       http
        .authorizeRequests()
        //Allow access to all static resources without authentication
        .antMatchers("/","/**/*.html").permitAll()
        .anyRequest().authenticated()
        .antMatchers(HttpMethod.GET, "/api/user/**","/api/task/**").access("#oauth2.hasScope('read')")
           .antMatchers(HttpMethod.OPTIONS, "/api/user/**","/api/task/**").access("#oauth2.hasScope('read')")
           .antMatchers(HttpMethod.POST, "/api/user/**","/api/task/**").access("#oauth2.hasScope('write')")
           .antMatchers(HttpMethod.PUT, "/api/user/**","/api/task/**").access("#oauth2.hasScope('write')")
           .antMatchers(HttpMethod.PATCH, "/api/user/**","/api/task/**").access("#oauth2.hasScope('write')")
           .antMatchers(HttpMethod.DELETE, "/api/user/**","/api/task/**").access("#oauth2.hasScope('write')")
           .and().csrf().csrfTokenRepository(this.getCSRFTokenRepository())
           .and().addFilterAfter(this.createCSRFHeaderFilter(), CsrfFilter.class);
   }
项目:OpenConext-pdp    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .antMatcher("/internal/**")
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
        .and()
        .csrf()
        .requireCsrfProtectionMatcher(new CsrfProtectionMatcher()).and()
        .addFilterAfter(new CsrfTokenResponseHeaderBindingFilter(), CsrfFilter.class)
        .addFilterAfter(
            new ShibbolethPreAuthenticatedProcessingFilter(authenticationManagerBean(), serviceRegistry),
            AbstractPreAuthenticatedProcessingFilter.class
        )
        .authorizeRequests()
        .antMatchers("/internal/**").hasAnyRole("PEP", "ADMIN");

    if (environment.acceptsProfiles("no-csrf")) {
        http.csrf().disable();
    }

    if (environment.acceptsProfiles("dev", "perf")) {
        //we can't use @Profile, because we need to add it before the real filter
        http.addFilterBefore(new MockShibbolethFilter(), ShibbolethPreAuthenticatedProcessingFilter.class);
    }
}
项目:spring-data-rest-mvc-react    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            // This permits access to all client-side code. This isn't an issue though because all sensitive data
            // is provided by the REST API, which IS secured.
            .antMatchers("/").permitAll()
            // Require authentication for all API calls.
            .antMatchers("/api/**").authenticated()
            .and()
        .formLogin()
            .loginPage("/#/login")
            .permitAll()
            .and()
        /*
            The bits here about CSRF I got from this reference about using spring-security with Angular.
            https://spring.io/guides/tutorials/spring-security-and-angular-js/
         */
            .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
        .csrf().csrfTokenRepository(csrfTokenRepository());
}
项目:demo-spring-security-cas    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint()).and().addFilter(casAuthenticationFilter())
            .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class)
            .addFilterBefore(requestCasGlobalLogoutFilter(), LogoutFilter.class);

    http.headers().frameOptions().disable().authorizeRequests().antMatchers("/").permitAll()
            .antMatchers("/login", "/logout", "/secure").authenticated().antMatchers("/filtered")
            .hasAuthority(AuthoritiesConstants.ADMIN).anyRequest().authenticated();

    /**
     * <logout invalidate-session="true" delete-cookies="JSESSIONID" />
     */
    http.logout().logoutUrl("/logout").logoutSuccessUrl("/").invalidateHttpSession(true)
            .deleteCookies("JSESSIONID");

    // http.csrf();
}
项目:addon-administration    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception { // NOSONAR the authorizeRequests() throws it and
                                                               // can't be omitted
    CharacterEncodingFilter filter = new CharacterEncodingFilter();
    filter.setEncoding("UTF-8");
    filter.setForceEncoding(true);

    http.addFilterBefore(filter, CsrfFilter.class);
    http.authorizeRequests()
            .accessDecisionManager(decisionManager)
            .antMatchers(AdminController.CONTROLLER_PATH + "/**")
            .authenticated()
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(getAuthenticationEntryPoint())
            .accessDeniedHandler(exceptionHandler);
}
项目:wicket-spring-security-example    文件:SpringSecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterAfter(new CsrfTokenFilter(), CsrfFilter.class)
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .deleteCookies("remove")
            .invalidateHttpSession(true)
            .logoutUrl("/logout")
            .logoutSuccessUrl("/logout_success")
            //http://stackoverflow.com/questions/24108585/spring-security-java-config-not-generating-logout-url
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .and()
        .authorizeRequests()
            .antMatchers("/favicon.ico").permitAll()
            .antMatchers("/logout_success").permitAll()
            .antMatchers("/**").hasRole("USER");
}
项目:generator-jhipster    文件:_OAuth2SsoConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
        .disable()
        .addFilterBefore(corsFilter, CsrfFilter.class)
        .headers()
        .frameOptions()
        .disable()
    .and()
        .logout()
        .logoutUrl("/api/logout")
        .logoutSuccessHandler(ajaxLogoutSuccessHandler())
    .and()
        .requestMatcher(new NegatedRequestMatcher(authorizationHeaderRequestMatcher))
        .authorizeRequests()
        .antMatchers("/api/profile-info").permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .anyRequest().permitAll();
}
项目:devops-cstack    文件:SecurityConfiguration.java   
/**
 * Protection CSRF is critical for production env only
 *
 * @param http
 * @throws Exception
 */

@Profile({ "production" })
private void activateProtectionCRSF(HttpSecurity http) throws Exception {
    // CSRF protection
    http.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(),
            CsrfFilter.class);
}
项目:mzzb-server    文件:SecurityConfig.java   
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/api/users/**").hasRole("ADMIN")
            .antMatchers("/api/session").permitAll()
            .antMatchers(HttpMethod.GET).permitAll()
            .antMatchers("/api/**").hasRole("BASIC");

    http.addFilterAfter(new CsrfTokenResponseHeaderBindingFilter(), CsrfFilter.class);

    Logger logger = LoggerFactory.getLogger(getClass());
    if (logger.isInfoEnabled()) {
        logger.info("设置安全策略");
    }
}
项目:Spring-cloud-gather    文件:CustomWebSecurityConfigurerAdapter.java   
@Override
public void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    http.authorizeRequests()
        .antMatchers(HttpMethod.POST, "/api/applications").permitAll()//
        .antMatchers("/management/health").permitAll()//
        .anyRequest().authenticated()//
    .and().csrf().ignoringAntMatchers("/api/**", "/management/**").csrfTokenRepository(csrfTokenRepository())
    .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
    // @formatter:on
}
项目:oasp-tutorial-sources    文件:BaseWebSecurityConfig.java   
/**
 * Configure spring security to enable a simple webform-login + a simple rest login.
 */
@Override
public void configure(HttpSecurity http) throws Exception {

  http.authorizeRequests().anyRequest().permitAll().and().csrf().disable();

  if (this.corsEnabled) {
    http.addFilterBefore(getCorsFilter(), CsrfFilter.class);
  }
}
项目:Book4You    文件:WebSecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.httpBasic()
            .and().authorizeRequests()
            .antMatchers(HttpMethod.POST, "/").authenticated()
            .antMatchers(HttpMethod.PATCH, "/").authenticated()
            .antMatchers(HttpMethod.DELETE, "/").authenticated()
            .and().addFilterAfter(new CORSFilter(), CsrfFilter.class)
            .csrf().disable();
}
项目:OpenViSu    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception
{
  http.formLogin().and().logout().and().authorizeRequests().antMatchers("/index.html", "/home.html", "/login.html", "/").permitAll()
      .anyRequest().authenticated().and().csrf().csrfTokenRepository(csrfTokenRepository()).and()
      .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
项目:restbucks-member    文件:WebSecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

    http.antMatcher("/**").authorizeRequests()
            .antMatchers("/", "/login**", "/webjars/**").permitAll()
            .anyRequest().authenticated()
            .and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
            .and().logout().logoutSuccessUrl("/").permitAll()
            .and().csrf().csrfTokenRepository(csrfTokenRepository())
            .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
            .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
项目:harris-de-swarm    文件:UiApplication.java   
@Override
public void configure(HttpSecurity http) throws Exception {
    http.logout().and().antMatcher("/**")
            .authorizeRequests()
            .antMatchers("/index.html", "/home.html", "/", "/login").permitAll()
            .anyRequest().authenticated()
            .and().csrf()
            .csrfTokenRepository(csrfTokenRepository())
            .and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
项目:oauth-register-broker    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .csrf()
            .csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
    if (useSsl) {
        http.requiresChannel().anyRequest().requiresSecure();
    }
}
项目:db-dumper-service    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .csrf()
            .csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
    if (useSsl) {
        http.requiresChannel().anyRequest().requiresSecure();
    }
}
项目:dick    文件:BasicSecurityAutoConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().csrfTokenRepository(csrfTokenRepository()).and()
            .httpBasic()
            .and()
            .authorizeRequests()
            .antMatchers("/index.html", "/").permitAll()
            .anyRequest().authenticated().and()
            .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
}
项目:moserp    文件:OAuthConfiguration.java   
/**
 * Define the security that applies to the proxy
 */
public void configure(HttpSecurity http) throws Exception {
    http.logout().and()
            .antMatcher("/**").authorizeRequests()
            .antMatchers("/index.html", "/home.html", "/web/**", "/uaa/oauth/**").permitAll()
            .anyRequest().authenticated().and()
            .csrf().csrfTokenRepository(getCSRFTokenRepository()).ignoringAntMatchers("/uaa/oauth/token").and()
            .addFilterAfter(createCSRFHeaderFilter(), CsrfFilter.class);
}
项目:spring-polymer-demo    文件:PolymerDemoOAuthConfig.java   
@Override
public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/index.html", "/home.html", "/", "/bower_components/**", "/elements/*")
            .permitAll().anyRequest().authenticated().and().csrf()
            .csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
项目:spring-multi-module-oauth-sso    文件:AuthClientApplication.java   
@Override
public void configure(HttpSecurity http) throws Exception {
    http.logout()
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(
                    new Http401AuthenticationEntryPoint(
                            "Session realm=\"JSESSIONID\"")).and()
            .antMatcher("/**").authorizeRequests()
            .antMatchers("/index.html", "/home.html", "/", "/login")
            .permitAll().anyRequest().authenticated().and().csrf()
            .csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
项目:spring-multi-module-oauth-sso    文件:AuthClientApplication.java   
@Override
public void configure(HttpSecurity http) throws Exception {
    http.logout()
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(
                    new Http401AuthenticationEntryPoint(
                            "Session realm=\"JSESSIONID\"")).and()
            .antMatcher("/**").authorizeRequests()
            .antMatchers("/index.html", "/home.html", "/", "/login")
            .permitAll().anyRequest().authenticated().and().csrf()
            .csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
项目:lostodos    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class)
        .exceptionHandling()
        .authenticationEntryPoint(authenticationEntryPoint)
    .and()
        .rememberMe()
        .rememberMeServices(rememberMeServices)
        .key(env.getProperty("jhipster.security.rememberme.key"))
    .and()
        .formLogin()
        .loginProcessingUrl("/api/authentication")
        .successHandler(ajaxAuthenticationSuccessHandler)
        .failureHandler(ajaxAuthenticationFailureHandler)
        .usernameParameter("j_username")
        .passwordParameter("j_password")
        .permitAll()
    .and()
        .logout()
        .logoutUrl("/api/logout")
        .logoutSuccessHandler(ajaxLogoutSuccessHandler)
        .deleteCookies("JSESSIONID")
        .permitAll()
    .and()
        .headers()
        .frameOptions()
        .disable()
        .authorizeRequests()
            .antMatchers("/api/register").permitAll()
            .antMatchers("/api/authenticate").permitAll()
            .antMatchers("/api/**").authenticated()
            .antMatchers("/rest/**").authenticated()
            .antMatchers("/protected/**").authenticated();

}
项目:eservice    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/ws/user/**").permitAll()
            .anyRequest().authenticated()
            .and().exceptionHandling().authenticationEntryPoint(this)
            .and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
            .and()
            .csrf().disable()
            .addFilterBefore(statelessCSRFFilter, CsrfFilter.class)
            .addFilterBefore(exceptionFilter, StatelessCSRFFilter.class)
            .addFilterAfter(loginFilter,StatelessCSRFFilter.class);
}
项目:egd-web    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.requiresChannel()
        .and()
        .csrf()
        .ignoringAntMatchers("/websocket/**")
        .and()
        .addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class)
        .exceptionHandling()
        .authenticationEntryPoint(authenticationEntryPoint)
        .and()
        .formLogin()
        .loginProcessingUrl("/api/authentication")
        .successHandler(ajaxAuthenticationSuccessHandler)
        .failureHandler(ajaxAuthenticationFailureHandler)
        .usernameParameter("j_username")
        .passwordParameter("j_password")
        .permitAll()
        .and()
        .logout()
        .logoutUrl("/api/logout")
        .logoutSuccessHandler(ajaxLogoutSuccessHandler)
        .deleteCookies("JSESSIONID")
        .permitAll()
        .and()
        .headers()
        .frameOptions()
        .disable()
        .and()
        .authorizeRequests()
        .antMatchers(permitAll).permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers(permitAdmin).hasAuthority(AuthoritiesConstants.ADMIN)
        .and().apply(springSocialConfigurer);
}