Java 类org.springframework.security.web.header.writers.DelegatingRequestMatcherHeaderWriter 实例源码

项目:springsecuredthymeleafapp    文件:SecurityConfiguration.java   
/** {@inheritDoc} */
    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {

        RequestMatcher matcher = new AntPathRequestMatcher("/login");
        DelegatingRequestMatcherHeaderWriter headerWriter =
            new DelegatingRequestMatcherHeaderWriter(matcher,new XFrameOptionsHeaderWriter());

        //to disable loading application back button after logout
        httpSecurity
            .headers()
                .defaultsDisabled()
                    .cacheControl().and()
                .contentTypeOptions().and().addHeaderWriter(headerWriter)
                .httpStrictTransportSecurity()
                    .includeSubDomains(true)
                    .maxAgeInSeconds(31536000).and()
                .frameOptions().sameOrigin().xssProtection().block(false);

//        httpSecurity.requestCache().requestCache(new NullRequestCache());

        httpSecurity
            /*.csrf()
                .disable()*/
            .authorizeRequests()
                .expressionHandler(webExpressionHandler())
                .antMatchers("/forgotPwd", "/resetPwd*", "/successRegister*",
                        "/invalidSession.html", "/registrationConfirm*",
                        "/registration.html", "/user/registration", "/login*")
                .permitAll()
                // .antMatchers(HttpMethod.POST,"/api","/api/**").hasRole("ROLE_ADMIN")
                .anyRequest().fullyAuthenticated()
                .and()
            .formLogin()
                .loginPage("/login.html")
                .defaultSuccessUrl("/home.html")
                .usernameParameter("username")
                .passwordParameter("password")
                .failureUrl("/login.html?error=true")
                // .successHandler(myAuthenticationSuccessHandler)
//                .failureHandler(authenticationFailureHandler)
                .permitAll()
                .and()
            .sessionManagement()
                .invalidSessionUrl("/invalidSession.html")
                .sessionFixation().none()
                .and()
            .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/login.html")
                .invalidateHttpSession(true)
                .deleteCookies("remember-me", "SESSION")
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .permitAll()
                .and()
            .rememberMe()
                .rememberMeServices(rememberMeServices())
                .tokenValiditySeconds(86400)
                .rememberMeCookieName("remember-me")
                .and()
            .exceptionHandling().accessDeniedPage("/403");
    }