@Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .disable(); http .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class) .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class); http .authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/error").permitAll() .antMatchers("/saml/**").permitAll() .antMatchers("/css/**").permitAll() .anyRequest().authenticated(); http .exceptionHandling().accessDeniedHandler(new AccessDeniedHandlerImpl()) .authenticationEntryPoint(getAuthEntryPoint()) .and() .formLogin() .loginProcessingUrl("/authenticate") .usernameParameter("username") .passwordParameter("password") .successHandler(new FormAuthSuccessHandler()) .failureHandler(new SimpleUrlAuthenticationFailureHandler()) .and() .logout() .logoutUrl("/logout") .logoutSuccessUrl("/") .permitAll(); }
@Bean public ExceptionTranslationFilter exceptionTranslationFilter(){ LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/index.xhtml"); entryPoint.setForceHttps(false); AccessDeniedHandlerImpl handler = new AccessDeniedHandlerImpl(); handler.setErrorPage("/index.xhtml"); ExceptionTranslationFilter bean = new ExceptionTranslationFilter(entryPoint); bean.setAccessDeniedHandler(handler); return bean; }
@Bean public AccessDeniedHandler nonRedirectingAccessDeniedHandler(){ return new AccessDeniedHandlerImpl(); }
private AdminRequestedAccessDeniedHandler(AuthenticationEntryPoint entryPoint) { AccessDeniedHandlerImpl deniedHandler = new AccessDeniedHandlerImpl(); deniedHandler.setErrorPage("/error/403"); this.deniedHandler = deniedHandler; this.entryPoint = entryPoint; }
public AjaxSupportedAccessDeniedHandler(){ delegateAccessDeniedHandler = new AccessDeniedHandlerImpl(); }
@Override public void afterPropertiesSet() throws Exception { AccessDeniedHandlerImpl adh = new AccessDeniedHandlerImpl(); adh.setErrorPage(errorPage); this.delegateAccessDeniedHandler = adh; }
@Bean public AccessDeniedHandler accessDeniedHandler() { LinkedHashMap<Class<? extends AccessDeniedException>, AccessDeniedHandler> handlers = new LinkedHashMap<>(); handlers.put(CsrfException.class, new CsrfTokenExceptionHandler()); return new DelegatingAccessDeniedHandler(handlers, new AccessDeniedHandlerImpl()); }
public BeanDefinition parse(Element element, ParserContext parserContext) { BeanDefinitionBuilder consumerContextFilterBean = BeanDefinitionBuilder.rootBeanDefinition(OAuthConsumerContextFilter.class); String failureHandlerRef = element.getAttribute("failure-handler-ref"); if (StringUtils.hasText(failureHandlerRef)) { consumerContextFilterBean.addPropertyReference("OAuthFailureHandler", failureHandlerRef); } else { String failurePage = element.getAttribute("oauth-failure-page"); if (StringUtils.hasText(failurePage)) { AccessDeniedHandlerImpl failureHandler = new AccessDeniedHandlerImpl(); failureHandler.setErrorPage(failurePage); consumerContextFilterBean.addPropertyValue("OAuthFailureHandler", failureHandler); } } String resourceDetailsRef = element.getAttribute("resource-details-service-ref"); String supportRef = element.getAttribute("support-ref"); if (!StringUtils.hasText(supportRef)) { BeanDefinitionBuilder consumerSupportBean = BeanDefinitionBuilder.rootBeanDefinition(CoreOAuthConsumerSupport.class); if (StringUtils.hasText(resourceDetailsRef)) { consumerSupportBean.addPropertyReference("protectedResourceDetailsService", resourceDetailsRef); } parserContext.getRegistry().registerBeanDefinition("oauthConsumerSupport", consumerSupportBean.getBeanDefinition()); supportRef = "oauthConsumerSupport"; } consumerContextFilterBean.addPropertyReference("consumerSupport", supportRef); String tokenServicesFactoryRef = element.getAttribute("token-services-ref"); if (StringUtils.hasText(tokenServicesFactoryRef)) { consumerContextFilterBean.addPropertyReference("tokenServices", tokenServicesFactoryRef); } String rememberMeServicesRef = element.getAttribute("remember-me-services-ref"); if (StringUtils.hasText(rememberMeServicesRef)) { consumerContextFilterBean.addPropertyReference("rememberMeServices", rememberMeServicesRef); } String redirectStrategyRef = element.getAttribute("redirect-strategy-ref"); if (StringUtils.hasText(redirectStrategyRef)) { consumerContextFilterBean.addPropertyReference("redirectStrategy", redirectStrategyRef); } parserContext.getRegistry().registerBeanDefinition("oauthConsumerContextFilter", consumerContextFilterBean.getBeanDefinition()); List<BeanMetadataElement> filterChain = ConfigUtils.findFilterChain(parserContext, element.getAttribute("filter-chain-ref")); filterChain.add(filterChain.size(), new RuntimeBeanReference("oauthConsumerContextFilter")); BeanDefinition fids = ConfigUtils.createSecurityMetadataSource(element, parserContext); if (fids != null) { BeanDefinitionBuilder consumerAccessFilterBean = BeanDefinitionBuilder.rootBeanDefinition(OAuthConsumerProcessingFilter.class); if (StringUtils.hasText(resourceDetailsRef)) { consumerAccessFilterBean.addPropertyReference("protectedResourceDetailsService", resourceDetailsRef); } String requireAuthenticated = element.getAttribute("requireAuthenticated"); if (StringUtils.hasText(requireAuthenticated)) { consumerAccessFilterBean.addPropertyValue("requireAuthenticated", requireAuthenticated); } consumerAccessFilterBean.addPropertyValue("objectDefinitionSource", fids); parserContext.getRegistry().registerBeanDefinition("oauthConsumerFilter", consumerAccessFilterBean.getBeanDefinition()); filterChain.add(filterChain.size(), new RuntimeBeanReference("oauthConsumerFilter")); } return null; }