@Override protected void configure(HttpSecurity http) throws Exception { http.requiresChannel() .anyRequest() .requiresSecure() .and() .headers() .frameOptions() .sameOrigin() .and() .csrf().disable() .authorizeRequests() .anyRequest() .authenticated() .and() .formLogin().permitAll().loginPage("/login") .and() .logout() .logoutRequestMatcher(new RegexRequestMatcher("/.*logout\\?{0,1}.*", HttpMethod.GET.name())) .logoutSuccessUrl("/"); }
public CsrfSecurityRequestMatcher() { Collection<RegexRequestMatcher> whiteListedMatchers = new ArrayList<>(); whiteListedMatchers.add(new RegexRequestMatcher("/dwr/.*\\.dwr", "POST")); whiteListedMatchers.add(new RegexRequestMatcher("/rest/.*\\.view(\\?.*)?", "POST")); whiteListedMatchers.add(new RegexRequestMatcher("/search(?:\\.view)?", "POST")); this.whiteListedMatchers = whiteListedMatchers; }
private Map<RequestMatcher, Collection<ConfigAttribute>> processMap() { Map<RequestMatcher, Collection<ConfigAttribute>> requestToExpressionAttributesMap = new LinkedHashMap<>(); List<AuthResource> resources=authResourceServ.findAll(); if(resources!=null&&resources.size()>0) { // Sort by priority // Jdk8 only resources.stream().sorted((a, b) -> a.getPriority().compareTo(b.getPriority())).forEach(x->{ RequestMatcher request = new RegexRequestMatcher(x.getPath(), null); Set<AuthRole> roles = x.getRoles(); List<ConfigAttribute> attrs = new ArrayList<>(roles.size()); roles.forEach(y -> attrs.add(new SecurityConfig(y.getName().trim()))); requestToExpressionAttributesMap.put(request, attrs); }); } return requestToExpressionAttributesMap; }
