Java 类org.springframework.security.web.authentication.www.BasicAuthenticationFilter 实例源码

项目:emergentmud    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/**")
            .authorizeRequests()
            .antMatchers(
                    "/",
                    "/public/**",
                    "/social/**",
                    "/login**",
                    "/webjars/**",
                    "/img/**",
                    "/css/**",
                    "/robots.txt").permitAll()
            .anyRequest().authenticated()
            .and().logout().logoutSuccessUrl("/").permitAll()
            .and().formLogin().loginPage("/")
            .and().csrf().csrfTokenRepository(csrfTokenRepository())
            .and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
            .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);

}
项目:git-java-okta-saml-example    文件:SAMLConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .requiresChannel()
        .anyRequest().requiresSecure();
    http
        .httpBasic()
        .authenticationEntryPoint(samlEntryPoint());
    http
        .csrf()
        .disable();
    http
        .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
        .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);

    http
        .authorizeRequests()
        .antMatchers("/saml/**").permitAll()
        .antMatchers("/health").permitAll()
        .antMatchers("/error").permitAll()
        .anyRequest().authenticated();
}
项目:springboot-security-wechat    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            //任何访问都必须授权
            .anyRequest().fullyAuthenticated()
            //配置那些路径可以不用权限访问
            .mvcMatchers("/login", "/login/wechat").permitAll()
            .and()
            .formLogin()
            //登陆成功后的处理,因为是API的形式所以不用跳转页面
            .successHandler(new MyAuthenticationSuccessHandler())
            //登陆失败后的处理
            .failureHandler(new MySimpleUrlAuthenticationFailureHandler())
            .and()
            //登出后的处理
            .logout().logoutSuccessHandler(new RestLogoutSuccessHandler())
            .and()
            //认证不通过后的处理
            .exceptionHandling()
            .authenticationEntryPoint(new RestAuthenticationEntryPoint());
    http.addFilterAt(myFilterSecurityInterceptor, FilterSecurityInterceptor.class);
    http.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
    //http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
    http.csrf().disable();
}
项目:gamesboard    文件:RestLoginSecurityContext.java   
@Override
  protected void configure(HttpSecurity http) throws Exception {
http.addFilterBefore(tokenProcessingFilter(), BasicAuthenticationFilter.class).csrf().disable().httpBasic()
        .and().authorizeRequests()
              .antMatchers("/login/**", "/profile/**").hasRole("USER")
              .and().authorizeRequests().anyRequest().permitAll()
             /* .and()
          .apply(new SpringSocialConfigurer() 
      ) */
              .and().authorizeRequests().antMatchers(
                    "/user/**",
                    "/users/**",
                    "/contacts**",
                    "/contacts/**",
                    "/contacts",
                    "/game/**",
                    "/games/**"
                    ).hasRole("USER")
              .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
              ;
  }
项目:WebPLP    文件:OAuthSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {


    http
    .authorizeRequests()
    .antMatchers("/index.html").permitAll()
    .anyRequest().fullyAuthenticated()//
    .and()
    .logout()
    .logoutSuccessUrl("/")
    .permitAll()
    .and()
    .addFilterAt(filter(), BasicAuthenticationFilter.class)
    .csrf()
    .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());

    http.authorizeRequests().antMatchers("/CSS/**","/JS/**","/images/**").permitAll().anyRequest().permitAll();
}
项目:services-in-one    文件:AuthenticationAutoConfiguration.java   
@Override
protected void configure(final HttpSecurity http) throws Exception {
    permitUri(http
            .csrf().disable() // RESTful APIs are immune to CSRF
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() // RESTful APIs should be stateless
            .exceptionHandling().authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED)).and()
            .formLogin().disable() // not needed for RESTful APIs
            .logout().disable() // not needed for RESTful APIs
            .httpBasic().disable() // not using basic authentication
            .rememberMe().disable() // JWT do not need to remember me
            .requestCache().disable() // RESTful APIs should not require caching
            .x509().disable() // not using x509

            .addFilterAt(jwtFilter, BasicAuthenticationFilter.class)

            // add url that no need be authenticated
            .authorizeRequests())
            .anyRequest().authenticated();
}
项目:spring_boot    文件:RestMvcSecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

    http.regexMatcher("/rest/*")
            .csrf().disable()
            // never use server side sessions (stateless mode)
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers(RestAuthenticationServiceImpl.LOGIN_URL).permitAll()
            .antMatchers(ApplicationController.WELCOME_URL).hasAnyAuthority(getAllRoles())
            .antMatchers("/rest/**").authenticated()
            .and()
            .httpBasic().disable()
            .formLogin().disable()
            .rememberMe().disable()
            .requestCache().disable()
            .x509().disable()
            .logout().disable()
            //.anonymous().disable()
            // add custom authentication filter
            .addFilterBefore(this.getAuthenticationTokenProcessingFilter(), BasicAuthenticationFilter.class)
                    // register custom authentication exception handler
            .exceptionHandling().authenticationEntryPoint(this.getEntryPointBean())
            .accessDeniedHandler(this.getAccessDeniedHandler());
}
项目:spring_boot    文件:RestMvcSecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

    http.regexMatcher("/rest/*")
            .csrf().disable()
            // never use server side sessions (stateless mode)
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers(RestAuthenticationServiceImpl.LOGIN_URL).permitAll()
            .antMatchers(ApplicationController.WELCOME_URL).hasAnyAuthority(getAllRoles())
            .antMatchers("/rest/**").authenticated()
            .and()
            .httpBasic().disable()
            .formLogin().disable()
            .rememberMe().disable()
            .requestCache().disable()
            .x509().disable()
            .logout().disable()
            //.anonymous().disable()
            // add custom authentication filter
            .addFilterBefore(this.getAuthenticationTokenProcessingFilter(), BasicAuthenticationFilter.class)
                    // register custom authentication exception handler
            .exceptionHandling().authenticationEntryPoint(this.getEntryPointBean())
            .accessDeniedHandler(this.getAccessDeniedHandler());
}
项目:eve-oauth2-example    文件:EveOAuth2Example.java   
@Override
protected void configure(HttpSecurity http)
  throws Exception
{
  // @formatter:off
  http.antMatcher("/**")
    .authorizeRequests()
    .antMatchers("/", "/login**", "/webjars/**").permitAll()
    .anyRequest().authenticated()
    .and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
    .and().logout().logoutSuccessUrl("/").permitAll()
    .and().csrf().csrfTokenRepository(csrfTokenRepository())
    .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
    .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
  // @formatter:on
}
项目:spring-boot-magneto    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/user/**").authenticated()
            .anyRequest().permitAll()
            .and().exceptionHandling()
            .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
            .and()
            .formLogin().loginPage("/login").loginProcessingUrl("/login.do").defaultSuccessUrl("/user/info")
            .failureUrl("/login?err=1")
            .permitAll()
            .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/")
            .permitAll()

            .and().addFilterBefore(githubFilter(), BasicAuthenticationFilter.class)
    ;

}
项目:spring-security-adfs-saml2    文件:SAMLWebSecurityConfigurerAdapter.java   
/**
 * Fluent API that pre-configures HttpSecurity with SAML specific configuration.
 *
 * @param http HttpSecurity instance
 * @return Same HttpSecurity instance
 * @throws Exception Exception
 */
// CSRF must be disabled when processing /saml/** to prevent "Expected CSRF token not found" exception.
// See: http://stackoverflow.com/questions/26508835/spring-saml-extension-and-spring-security-csrf-protection-conflict/26560447
protected final HttpSecurity samlizedConfig(final HttpSecurity http) throws Exception {
    http.httpBasic().authenticationEntryPoint(samlEntryPoint())
            .and()
            .csrf().ignoringAntMatchers("/saml/**")
            .and()
            .authorizeRequests().antMatchers("/saml/**").permitAll()
            .and()
            .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
            .addFilterAfter(filterChainProxy(), BasicAuthenticationFilter.class);

    // store CSRF token in cookie
    if (samlConfigBean().getStoreCsrfTokenInCookie()) {
        http.csrf()
                .csrfTokenRepository(csrfTokenRepository())
                .and()
                .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
    }

    return http;
}
项目:marketplace    文件:WebSecurityConfig.java   
/**
 * Security Config, to allow following requests without authorization.
 * <ul>
 * <li>show index.html Landing page</li>
 * <li>allow loading of compiled JS and CSS</li>
 * <li>allow loading of files in assets folder, e.g. BootsTrap CSS and BootsTrap or jQuery JS</li>
 * <li>API requests</li>
 * </ul>
 *
 * @param http {@link HttpSecurity}
 * @throws Exception {@link Exception} if something goes wrong
 * @since 1.1.1-SNAPSHOT
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    http
            .antMatcher("/**")
            .authorizeRequests()
            .antMatchers(
                    "/", // allow request to root
                    "/login**", // allow login request
                    "/app/get/**",  // allow default "get" requests
                    "/app/update/product/**/download", // allow updates to product, if it gets downloaded
                    "/app/download/product/**", // allow product downloads
                    "/index.html", "/**.js", "/**.css", "/**.woff", "/**.woff2", "/**.ttf", "/assets/**", // static resources
                    "/api**").permitAll()
            .anyRequest().authenticated()
            .and().logout().logoutSuccessUrl("/").permitAll()
            .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).ignoringAntMatchers("/nocsrf", "/console/**")
            .and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
            .and().headers().frameOptions().disable()

            /**
             * limit access to amazonaws domain
             */
            //              .addHeaderWriter(new StaticHeadersWriter("X-FRAME-OPTIONS", "ALLOW-FROM amazonaws.com"))
            .and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
项目:haven-platform    文件:TokenAuthFilterConfigurer.java   
@Override
public void configure(H http) throws Exception {

    AuthenticationTokenFilter af = getAuthenticationFilter();
    if(authenticationDetailsSource != null) {
        af.setAuthenticationDetailsSource(authenticationDetailsSource);
    }
    af.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
    af.setAuthenticationSuccessHandler(new AuthenticationStubSuccessHandler());
    SessionAuthenticationStrategy sessionAuthenticationStrategy = http.getSharedObject(SessionAuthenticationStrategy.class);
    if(sessionAuthenticationStrategy != null) {
        af.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
    }
    AuthenticationTokenFilter filter = postProcess(af);
    filter.setContinueChainAfterSuccessfulAuthentication(true);
    http.addFilterBefore(filter, BasicAuthenticationFilter.class);
}
项目:springboot-jwt-starter    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    List<RequestMatcher> csrfMethods = new ArrayList<>();
    Arrays.asList( "POST", "PUT", "PATCH", "DELETE" )
            .forEach( method -> csrfMethods.add( new AntPathRequestMatcher( "/**", method ) ) );
    http
            .sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS ).and()
            .exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint ).and()
            .authorizeRequests()
            .antMatchers(
                    HttpMethod.GET,
                    "/",
                    "/webjars/**",
                    "/*.html",
                    "/favicon.ico",
                    "/**/*.html",
                    "/**/*.css",
                    "/**/*.js"
            ).permitAll()
            .antMatchers("/auth/**").permitAll()
            .anyRequest().authenticated().and()
            .addFilterBefore(new TokenAuthenticationFilter(tokenHelper, jwtUserDetailsService), BasicAuthenticationFilter.class);

    http.csrf().disable();
}
项目:spring-boot-saml2    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .httpBasic()
        .authenticationEntryPoint(samlEntryPoint());
    http
        .csrf()
        .disable();
    http
        .authorizeRequests()
        .antMatchers("/", "/saml/**").permitAll()
        .anyRequest().authenticated();
    http
        .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
        .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
    http
        .logout()
        .logoutSuccessUrl("/");

}
项目:auth-server    文件:OAuth2ClientCredentialsSecurity.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.requestMatchers()
            .antMatchers("/oauth/token", "/fb/oauth/access_token")
            .and()
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .addFilterAfter(clientCredentialsTokenEndpointFilter(), BasicAuthenticationFilter.class)
            .addFilterAfter(fbClientCredentialsTokenEndpointFilter(), BasicAuthenticationFilter.class)
            .httpBasic()
            .authenticationEntryPoint(clientAuthenticationEntryPoint())
            .and()
            .exceptionHandling()
            .accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
项目:dawg    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    JwtAuthenticationFilter jwtAuthFilter = new JwtAuthenticationFilter(jwtEncoder, super.authenticationManager());
    http
        .addFilterBefore(jwtAuthFilter, BasicAuthenticationFilter.class)
        .csrf().disable()
        .authorizeRequests()
        .antMatchers("/resources/public/**").permitAll()
        .antMatchers("/health/**").permitAll()
        .antMatchers("/admin/**").hasAnyRole("ADMIN")
        .antMatchers("/login**").permitAll()
        .antMatchers("/**").hasAnyRole("ADMIN", "HOUSE")
        .and()
        .formLogin()
            .loginPage("/login").failureUrl("/login?error")
            .successHandler(successHandler)
            .permitAll()
        .and()
        .logout().logoutSuccessHandler(successHandler).permitAll()
        .and()
        .exceptionHandling().accessDeniedPage("/login?unauthorized=");
}
项目:dawg    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    JwtAuthenticationFilter jwtAuthFilter = new JwtAuthenticationFilter(jwtEncoder, super.authenticationManager());
    http
        .addFilterBefore(jwtAuthFilter, BasicAuthenticationFilter.class)
        .csrf().disable()
        .authorizeRequests()
        .antMatchers("/public/**").permitAll()
        .antMatchers("/health/**").permitAll()
        .antMatchers("/admin/**").hasAnyRole("ADMIN")
        .antMatchers("/plugins/**").hasAnyRole("ADMIN")
        .antMatchers("/view/plugins/**").hasAnyRole("ADMIN")
        .antMatchers("/login**").permitAll()
        .antMatchers("/**").hasAnyRole("ADMIN", "SHOW")
        .and()
            .formLogin()
                .loginPage("/login").failureUrl("/login?error")
                .successHandler(successHandler)
                .permitAll()
        .and()
            .logout().logoutSuccessHandler(successHandler).permitAll()
        .and()
            .exceptionHandling().accessDeniedPage("/login?unauthorized=")
        .and()
            .headers().frameOptions().disable();
}
项目:spring-security-token-filter    文件:WebSecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
  http.csrf().disable()
    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

  http.addFilterBefore(tokenAuthenticationFilter, BasicAuthenticationFilter.class);

  http
    .authorizeRequests()

    // Authenticate endpoint can be access by anyone
    .antMatchers("/api/v1/login").anonymous()

    // All Others will be secure
    .antMatchers("/api/v1/**").hasAnyRole("USER");
}
项目:spring-security-token-filter    文件:WebSecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
  http.csrf().disable()
    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

  http.addFilterBefore(tokenAuthenticationFilter, BasicAuthenticationFilter.class);

  http
    .authorizeRequests()

    // Authenticate endpoint can be access by anyone
    .antMatchers("/login.html").anonymous()

    // Secure the endpoints
    .antMatchers("/api/v1/*").hasAnyRole("USER");
}
项目:come2help    文件:OAuth2ClientConfigurer.java   
/**
 * Configure HttpSecurity. This includes:<br>
 * - resources requiring authorized <br>
 * - resources that are free to access <br>
 * - csrf token mapping <br>
 * - construction of the security filter chain
 *
 * @param httpSecurity
 * @throws Exception
 */
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .csrf().disable().headers().frameOptions().disable().and()
            .antMatcher("/**").authorizeRequests()
            .antMatchers("/login/**").permitAll()
            .antMatchers("/abilities/**").permitAll()
            .antMatchers("/jsondoc/**").permitAll()
            .antMatchers("/jsondoc-ui.html").permitAll()
            .antMatchers("/webjars/jsondoc-ui-webjar/**").permitAll()
            .anyRequest().authenticated().and()
            .exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()).and();

    httpSecurity.addFilterBefore(statelessJwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    httpSecurity.addFilterBefore(createOAuth2Filter(), BasicAuthenticationFilter.class);
}
项目:motech    文件:SecurityRuleBuilder.java   
private void addAuthenticationFilters(List<Filter> filters, MotechURLSecurityRule securityRule) {
    List<Scheme> supportedSchemes = securityRule.getSupportedSchemes();

    if (securityRule.isRest()) {
        if (supportedSchemes.contains(Scheme.BASIC)) {
            MotechRestBasicAuthenticationEntryPoint restAuthPoint = new MotechRestBasicAuthenticationEntryPoint(settingsFacade);
            BasicAuthenticationFilter basicAuthFilter = new BasicAuthenticationFilter(authenticationManager, restAuthPoint);
            filters.add(basicAuthFilter);
        }
    } else {
        if (supportedSchemes.contains(Scheme.USERNAME_PASSWORD)) {
            filters.add(usernamePasswordAuthenticationFilter);
        }
        if (supportedSchemes.contains(Scheme.OPEN_ID)) {
            filters.add(openIDAuthenticationFilter);
        }
    }
}
项目:websec-saml2sp    文件:SamlSpringSecurityConfig.java   
/**
 * Defines the web based security configuration.
 *
 * @param http
 *         It allows configuring web based security for specific http requests.
 * @throws Exception
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.httpBasic().authenticationEntryPoint(samlEntryPoint());
    http.csrf().disable();
    http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
            .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
    http.authorizeRequests()
            .antMatchers(PW_LOGIN_PAGE_PATH).denyAll() // don't offer local login form in SAML SSO scenario
            .antMatchers(START_PAGE_PATH).permitAll() //
            .antMatchers(ERROR_PAGE_PATH).permitAll() //
            .antMatchers("/saml/**").permitAll() //
            .antMatchers(AUTHENTICATED_PAGE_PATH).authenticated() //
            .antMatchers(ANONYMOUS_PAGE_PATH).anonymous() //
            .antMatchers(USER_ROLE_PAGE_PATH).hasAuthority(RoleId.USER_ROLE_ID.getId()) //
            .antMatchers(ADMIN_ROLE_PAGE_PATH).hasAuthority(RoleId.ADMIN_ROLE_ID.getId()) //
            .anyRequest().authenticated();
    http.logout().logoutSuccessUrl("/");
}
项目:kansalaisaloite    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .httpBasic()
            .authenticationEntryPoint(samlEntryPoint());
    http
            .anonymous()
            .disable();
    http
            .csrf()
            .disable();
    http
            .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
            .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);

    http.regexMatcher("^((?!" + Urls.IFRAME_FI_BASE + "|" + Urls.IFRAME_SV_BASE + ").)*$").headers().frameOptions().sameOrigin();
}
项目:spring-boot-security-saml-sample    文件:WebSecurityConfig.java   
/**
 * Defines the web based security configuration.
 * 
 * @param   http It allows configuring web based security for specific http requests.
 * @throws  Exception 
 */
@Override  
protected void configure(HttpSecurity http) throws Exception {
    http
        .httpBasic()
            .authenticationEntryPoint(samlEntryPoint());
    http
        .csrf()
            .disable();
    http
        .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
        .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
    http        
        .authorizeRequests()
        .antMatchers("/").permitAll()
        .antMatchers("/error").permitAll()
        .antMatchers("/saml/**").permitAll()
        .anyRequest().authenticated();
    http
        .logout()
            .logoutSuccessUrl("/");
}
项目:codekvast    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    //@formatter:off
    http
        .antMatcher("/**")
        .authorizeRequests()
            .antMatchers("/", "/login**", "/webjars/**").permitAll()
            .anyRequest().authenticated()
        .and()
            .exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
        .and()
            .logout().logoutSuccessUrl("/").permitAll()
        .and()
            .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
        .and()
            .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
    //@formatter:on
}
项目:spring-time    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/hello/secure/**")
                .authorizeRequests()
                .antMatchers("/hello/secure/**").hasRole("USER")
            .and()
                .antMatcher("/secure/**").authorizeRequests()
                .antMatchers("/secure/**").hasRole("USER")
            .and()
                .httpBasic()
            .and()
            .addFilterBefore(
                new BasicAuthenticationFilter(authenticationManager(), new BasicJsonEntryPoint()),
                BasicAuthenticationFilter.class)
            //todo: check the csrf capability with angularjs
            .csrf().disable();
}
项目:saos    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .requestMatchers().antMatchers("/api/enrichment/tags")
        .and()
            .authorizeRequests()
            .anyRequest().authenticated()
        .and()    
            .authenticationProvider(enricherAuthenticationProvider())
            .httpBasic().authenticationEntryPoint(serviceBasicAuthenticationEntryPoint())
        .and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
            .csrf().disable()
        .addFilterBefore(localeSettingFilter, BasicAuthenticationFilter.class)

        ;
}
项目:cims-server    文件:SecurityConfig.java   
protected void configure(HttpSecurity http) throws Exception {
    http
            .antMatcher("/api/**")
            .headers().disable()
            .csrf().disable()
            .exceptionHandling()
            .authenticationEntryPoint(digestAuthEndpoint)
            .and()
            .sessionManagement()
            .sessionCreationPolicy(STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers("/api/rest/mobiledb/export").hasAuthority("MOBILE_DB_EXPORT")
            .antMatchers("/api/rest/mobiledb").hasAuthority("MOBILE_DB_SYNC")
            .anyRequest().authenticated()
            .and()
            .httpBasic()
            .and()
            .addFilterAfter(digestFilter, BasicAuthenticationFilter.class);
}
项目:oauth-client-master    文件:OAuth2AuthorizationServerConfigurer.java   
@Override
@SuppressWarnings("unchecked")
public void configure(HttpSecurity http) throws Exception {
    AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManager.class);
    clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter();
    clientCredentialsTokenEndpointFilter.setAuthenticationManager(authenticationManager);
    clientCredentialsTokenEndpointFilter = postProcess(clientCredentialsTokenEndpointFilter);

    this.tokenGranter = tokenGranter(http);
    this.consumerTokenServices = consumerTokenServices(http);
    this.userApprovalHandler = userApprovalHandler();

    // @formatter:off
       http
           .addFilterBefore(clientCredentialsTokenEndpointFilter, BasicAuthenticationFilter.class)
           .getConfigurer(ExceptionHandlingConfigurer.class)
               .accessDeniedHandler(accessDeniedHandler);
       // @formatter:on

}
项目:spring-boot-security-example    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.
            csrf().disable().
            sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).
            and().
            authorizeRequests().
            antMatchers(actuatorEndpoints()).hasRole(backendAdminRole).
            anyRequest().authenticated().
            and().
            anonymous().disable().
            exceptionHandling().authenticationEntryPoint(unauthorizedEntryPoint());

    http.addFilterBefore(new AuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class).
            addFilterBefore(new ManagementEndpointAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class);
}
项目:kontempl    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .userDetailsService(customUserDetailsService)
            .exceptionHandling().authenticationEntryPoint(unauthorizedEntryPoint)
            .and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .addFilterBefore(authenticationTokenProcessingFilter, BasicAuthenticationFilter.class)
            .authorizeRequests()
            .antMatchers("/resources/**", "/public/**", "/pv/**", "/api/browse/**").permitAll()
            .antMatchers("/env/**", "/info/**", "/metrics/**", "/health/**").permitAll()
            .antMatchers("/api/user/authenticate").permitAll()
            .antMatchers("/api/users/**").hasRole("admin")
            .antMatchers("/api/sites/**", "/api/pages/**", "/api/images/**", "/api/sitemap/**").hasRole("editor")
            .antMatchers("/api/dataformrecords/**", "/api/dataforms/**").hasRole("editor")
            .anyRequest().authenticated()
            .and().httpBasic()
    ;

}
项目:devicehive-java-server    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers("/css/**", "/server/**", "/scripts/**", "/webjars/**", "/templates/**").permitAll()
            .antMatchers("/*/swagger.json", "/*/swagger.yaml").permitAll()
            .and()
            .anonymous().disable()
            .exceptionHandling()
            .authenticationEntryPoint(unauthorizedEntryPoint());

    http
            .addFilterBefore(new HttpAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class)
            .addFilterAfter(new SimpleCORSFilter(), HttpAuthenticationFilter.class);
}
项目:devicehive-java-server    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers("/css/**", "/server/**", "/scripts/**", "/webjars/**", "/templates/**").permitAll()
            .antMatchers("/*/swagger.json", "/*/swagger.yaml").permitAll()
            .and()
            .anonymous().disable()
            .exceptionHandling()
            .authenticationEntryPoint(unauthorizedEntryPoint());

    http
            .addFilterBefore(new HttpAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class)
            .addFilterAfter(new SimpleCORSFilter(), HttpAuthenticationFilter.class);
}
项目:devicehive-java-server    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers("/css/**", "/server/**", "/scripts/**", "/webjars/**", "/templates/**").permitAll()
            .antMatchers("/*/swagger.json", "/*/swagger.yaml").permitAll()
            .and()
            .anonymous().disable()
            .exceptionHandling()
            .authenticationEntryPoint(unauthorizedEntryPoint());

    http
            .addFilterBefore(new HttpAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class)
            .addFilterAfter(new SimpleCORSFilter(), HttpAuthenticationFilter.class);
}
项目:spring-cloud-skipper    文件:SkipperOAuthSecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {

    final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
    basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm());
    basicAuthenticationEntryPoint.afterPropertiesSet();
    final Filter oauthFilter = oauthFilter();
    final BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(
            providerManager(), basicAuthenticationEntryPoint);
    http.addFilterAfter(oauthFilter, basicAuthenticationFilter.getClass());
    http.addFilterBefore(basicAuthenticationFilter, oauthFilter.getClass());
    http.addFilterBefore(oAuth2AuthenticationProcessingFilter(), basicAuthenticationFilter.getClass());
    this.authorizationProperties.getAuthenticatedPaths().add(dashboard("/**"));
    this.authorizationProperties.getAuthenticatedPaths().add(dashboard(""));

    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security =
        http.authorizeRequests()
                .antMatchers(this.authorizationProperties.getPermitAllPaths().toArray(new String[0]))
                .permitAll()
                .antMatchers(this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0]))
                .authenticated();

    security = SecurityConfigUtils.configureSimpleSecurity(security, this.authorizationProperties);
    security.anyRequest().denyAll();
    this.securityStateBean.setAuthorizationEnabled(true);

    http.httpBasic().and()
            .logout()
            .logoutSuccessUrl(dashboard("/logout-success-oauth.html"))
            .and().csrf().disable()
            .exceptionHandling()
            .defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/api/**"))
            .defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/actuator/**"))
            .defaultAuthenticationEntryPointFor(
                    new LoginUrlAuthenticationEntryPoint(this.authorizationProperties.getLoginProcessingUrl()),
                    AnyRequestMatcher.INSTANCE);
    this.securityStateBean.setAuthenticationEnabled(true);
}
项目:movie-db-java-on-azure    文件:SecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    boolean usingFacebookAuthentication = facebook().getClientId() != null && !facebook().getClientId().isEmpty();
    if (usingFacebookAuthentication) {
        // @formatter:off
        http.antMatcher("/**").authorizeRequests().antMatchers("/**").permitAll().anyRequest()
                .authenticated().and().exceptionHandling()
                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).and().logout()
                .logoutSuccessUrl("/").permitAll().and().csrf()
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
                .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
        // @formatter:on
    } else {
        http.antMatcher("/**").authorizeRequests().anyRequest().permitAll();
    }
}
项目:loafer    文件:SecurityConfiguration.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
    //@formatter:off
    http
            .csrf().disable()
            .httpBasic()
                .authenticationEntryPoint(unauthorisedEntryPoint)
                .and()
            .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
            .formLogin()
                .loginProcessingUrl("/api/auth")
                .usernameParameter("username")
                .passwordParameter("password")
                .successHandler(authenticationSuccessHandler())
                .failureHandler(authenticationFailureHandler())
                .and()
            .logout()
                .logoutSuccessHandler(logoutSuccessHandler())
                .invalidateHttpSession(true)
                .deleteCookies("JSESSIONID")
                .and()
            .authorizeRequests()
                .antMatchers("/**").permitAll()
                .and()
            .addFilterBefore(tokenAuthenticationFilter, BasicAuthenticationFilter.class)
    ;
    //@formatter:on
}
项目:gamesboard    文件:RestLoginSecurityContext.java   
private Filter tokenProcessingFilter() {
    return new BasicAuthenticationFilter(new AuthenticationManager() {

        @Override
        public Authentication authenticate(Authentication authentication)
                throws AuthenticationException {
            User user = userRepository.findByEmail(authentication.getName());
            if (user == null || user.getUsr() == null) {
                throw new BadCredentialsException("Invalid credentials! \n\n Please, login again.");
            }
            String token = user.getUsr().getDeviceToken();
            String credentials = (String) authentication.getCredentials();
            try {
                if(!BCrypt.checkpw(token, credentials)) {
                    throw new BadCredentialsException("Invalid credentials! \n\n Please, login again.");
                }
            } catch (IllegalArgumentException e) {
                throw new BadCredentialsException("Invalid credentials! \n\n Please, login again.");
            }
            Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
            authorities.add(new SimpleGrantedAuthority(user.getRole().name()));
            Authentication ret = new PreAuthenticatedAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), authorities );
            return ret;
        }
    }) {
        @Override
        protected boolean isIgnoreFailure() {
            return true;
        }
    };
}
项目:angular-spring-starter    文件:WebSecurityConfig.java   
@Override
protected void configure(HttpSecurity http) throws Exception {
  http.csrf().ignoringAntMatchers("/api/login", "/api/signup")
      .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
      .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint).and()
      .addFilterBefore(jwtAuthenticationTokenFilter(), BasicAuthenticationFilter.class)
      .authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage("/api/login")
      .successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler)
      .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/api/logout"))
      .logoutSuccessHandler(logoutSuccess).deleteCookies(TOKEN_COOKIE);

}