org.springframework.security.config.annotation.web.builders.HttpSecurity java code examples

Refine search

Official Spring framework guide

@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest()
      .authenticated().and().logout().logoutSuccessUrl("/").permitAll().and().csrf()
      .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
  // @formatter:on
}

Official Spring framework guide

@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest()
      .authenticated().and().logout().logoutSuccessUrl("/").permitAll().and().csrf()
      .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
  // @formatter:on
}

Official Spring framework guide

@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest()
      .authenticated().and().exceptionHandling()
      .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
      .logoutSuccessUrl("/").permitAll().and().csrf()
      .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
      .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
  // @formatter:on
}

Official Spring framework guide

@Override
protected void configure(HttpSecurity http) throws Exception {
  http
    .authorizeRequests()
      .antMatchers("/built/**", "/main.css").permitAll()
      .anyRequest().authenticated()
      .and()
    .formLogin()
      .defaultSuccessUrl("/", true)
      .permitAll()
      .and()
    .httpBasic()
      .and()
    .csrf().disable()
    .logout()
      .logoutSuccessUrl("/");
}

Official Spring framework guide

@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest()
      .authenticated().and().exceptionHandling()
      .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
      .logoutSuccessUrl("/").permitAll().and().csrf()
      .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
      .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
  // @formatter:on
}

Official Spring framework guide

@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest()
      .authenticated().and().exceptionHandling()
      .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
      .logoutSuccessUrl("/").permitAll().and().csrf()
      .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
      .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
  // @formatter:on
}

@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http.anonymous().disable()
    .antMatcher("/oauth/token")
    .authorizeRequests().anyRequest().authenticated()
  .and()
    .httpBasic().authenticationEntryPoint(authenticationEntryPoint())
  .and()
    .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/token")).disable()
    .exceptionHandling().accessDeniedHandler(accessDeniedHandler())
  .and()
    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
  // @formatter:on
}

@Override
protected void configure(HttpSecurity http) throws Exception {
 http.csrf().disable();
 http.headers().frameOptions().sameOrigin();
 http.authorizeRequests()
   .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll()
   .antMatchers("/**").authenticated();
 http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic();
 SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler();
 urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout");
 http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true)
   .logoutSuccessHandler(urlLogoutHandler);
 http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));
}

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http
      .authorizeRequests()
        .antMatchers("/actuator/**").permitAll()
        .anyRequest().authenticated()
      .and()
        .httpBasic()
        ;
  }
}

@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
      .authorizeRequests().anyRequest().authenticated()
      .and()
      .csrf().disable();
  // @formatter:on
}

@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off	
  http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class)
    .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**")))
    .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler())
  .and()
    .anonymous().disable()
    .csrf().disable()
    .exceptionHandling()
      .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint())
      .accessDeniedHandler(new OAuth2AccessDeniedHandler());
  // @formatter:on
}

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()//配置权限
//                .antMatchers("/").access("hasRole('TEST')")//该路径需要TEST角色
        .antMatchers("/").authenticated()//该路径需要登录认证
//                .antMatchers("/brand/list").hasAuthority("TEST")//该路径需要TEST权限
        .antMatchers("/**").permitAll()
        .and()//启用基于http的认证
        .httpBasic()
        .realmName("/")
        .and()//配置登录页面
        .formLogin()
        .loginPage("/login")
        .failureUrl("/login?error=true")
        .and()//配置退出路径
        .logout()
        .logoutSuccessUrl("/")
//                .and()//记住密码功能
//                .rememberMe()
//                .tokenValiditySeconds(60*60*24)
//                .key("rememberMeKey")
        .and()//关闭跨域伪造
        .csrf()
        .disable()
        .headers()//去除X-Frame-Options
        .frameOptions()
        .disable();
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setTargetUrlParameter( "redirectTo" );

    http.authorizeRequests()
        .antMatchers( adminContextPath + "/assets/**" ).permitAll()
        .antMatchers( adminContextPath + "/login" ).permitAll()
        .anyRequest().authenticated()
        .and()
        .formLogin().loginPage( adminContextPath + "/login" ).successHandler( successHandler ).and()
        .logout().logoutUrl( adminContextPath + "/logout" ).and()
        .httpBasic().and()
        .csrf().disable();
    // @formatter:on
  }
}

@Override
protected void configure(HttpSecurity http) throws Exception {
  http
    .authorizeRequests()
    .anyRequest().authenticated().and()
    // custom token authorize exception handler
    .exceptionHandling()
    .authenticationEntryPoint(unauthorizedHandler).and()
    // since we use jwt, session is not necessary
    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
    // since we use jwt, csrf is not necessary
    .csrf().disable();
  http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class);
  // disable cache
  http.headers().cacheControl();
}

@Override
protected void configure(HttpSecurity http) throws Exception {
  http
      .authorizeRequests()
      .antMatchers("/resources/**").permitAll()
      .anyRequest().authenticated()
      .and()
      .formLogin()
      .loginPage("/login")
      .permitAll()
      .and()
      .logout()
      .permitAll()
      .and()
      .csrf().disable();
}

@Override
protected void configure(HttpSecurity http) throws Exception {
  http
      .authorizeRequests()
      .antMatchers("/user/**").authenticated()
      .anyRequest().permitAll()
      .and()
      .formLogin()
      .loginPage("/login")
      .defaultSuccessUrl("/user", true)
      .permitAll()
      .and()
      .logout()
      .permitAll()
      .and().portMapper().http(port).mapsTo(sslPort)
      .and().csrf().disable();
  http.rememberMe().alwaysRemember(true);
  http.addFilterAt(qqAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
  http.addFilterAt(githubAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}

    .authorizeRequests();
  registry.antMatchers(url).permitAll();
registry.and()
    .formLogin()
    .loginPage("/xboot/common/needLogin")
    .headers().frameOptions().disable()
    .and()
    .logout()
    .permitAll()
    .and()
    .authorizeRequests()
    .csrf().disable()
    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
    .exceptionHandling().accessDeniedHandler(accessDeniedHandler)
    .and()
    .addFilterBefore(myFilterSecurityInterceptor, FilterSecurityInterceptor.class)
    .addFilter(new JWTAuthenticationFilter(authenticationManager(), tokenRedis, tokenExpireTime, redisTemplate));

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    // Page with login form is served as /login.html and does a POST on /login
    http.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll();
    // The UI does a POST on /logout on logout
    http.logout().logoutUrl("/logout");
    // The ui currently doesn't support csrf
    http.csrf().disable();
    // Requests for the login page and the static assets are allowed
    http.authorizeRequests()
        .antMatchers("/login.html", "/**/*.css", "/img/**", "/third-party/**")
        .permitAll();
    // ... and any other request needs to be authorized
    http.authorizeRequests().antMatchers("/**").authenticated();
    // Enable so that the clients can authenticate via HTTP basic for registering
    http.httpBasic();
  }
}

@Override
protected void configure(HttpSecurity http) throws Exception {
  http.authorizeRequests()
      .antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
          "/",
          "/*.html",
          "/v2/api-docs/**"
      .permitAll()
      .exceptionHandling()
      .accessDeniedHandler(new GoAccessDeniedHandler())
      .authenticationEntryPoint(new GoAuthenticationEntryPoint())
      .and()
      .formLogin()
      .loginPage("/sso/login")
      .successHandler(new GoAuthenticationSuccessHandler())
      .failureHandler(new GoAuthenticationFailureHandler())
      .and()
      .logout()
      .logoutUrl("/sso/logout")
      .logoutSuccessHandler(new GoLogoutSuccessHandler())
      .invalidateHttpSession(true)
      .csrf()
      .disable();//开启basic认证登录后可以调用需要认证的接口

  /**
   * Configure.
   *
   * @param http the http
   *
   * @throws Exception the exception
   */
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.headers().frameOptions().disable()
        .and()
        .formLogin()
        .loginPage("/login.html")
        .loginProcessingUrl("/login")
        .and()
        .logout().logoutUrl("/logout")
        .and()
        .csrf().disable()
        .authorizeRequests()
        .antMatchers("/api/**", "/applications/**", "/api/applications/**", "/login.html", "/**/*.css", "/img/**", "/third-party/**")
        .permitAll()
        .anyRequest().authenticated();
  }
}

Javadoc

A HttpSecurity is similar to Spring Security's XML <http> element in the namespace configuration. It allows configuring web based security for specific http requests. By default it will be applied to all requests, but can be restricted using #requestMatcher(RequestMatcher) or other similar methods. Example Usage The most basic form based configuration can be seen below. The configuration will require that any URL that is requested will require a User with the role "ROLE_USER". It also defines an in memory authentication scheme with a user that has the username "user", the password "password", and the role "ROLE_USER". For additional examples, refer to the Java Doc of individual methods on HttpSecurity.

 
@Configuration 
@EnableWebSecurity 
public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter { 
@Override 
protected void configure(HttpSecurity http) throws Exception { 
http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin(); 
} 
@Override 
protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER"); 
} 
}

Most used methods

authorizeRequests
Allows restricting access based upon the HttpServletRequest usingEXAMPLE CONFIGURATIONS The most bas
csrf
Adds CSRF support. This is activated by default when using WebSecurityConfigurerAdapter's default co
logout
Provides logout support. This is automatically applied when using WebSecurityConfigurerAdapter. The
formLogin
Specifies to support form based authentication. If FormLoginConfigurer#loginPage(String) is not spec
httpBasic
Configures HTTP Basic authentication.EXAMPLE CONFIGURATION The example below demonstrates how to con
exceptionHandling
Allows configuring exception handling. This is automatically applied when using WebSecurityConfigure
sessionManagement
Allows configuring of Session Management.EXAMPLE CONFIGURATION The following configuration demonstra
addFilterBefore
headers
Adds the Security headers to the response. This is activated by default when using WebSecurityConfig
requestMatchers
Allows specifying which HttpServletRequest instances this HttpSecurity will be invoked on. This meth
addFilterAfter
antMatcher
Allows configuring the HttpSecurity to only be invoked when matching the provided ant pattern. If mo

Popular in Java

Creating JSON documents from java classes using gson
startActivity (Activity)
getSupportFragmentManager (FragmentActivity)
scheduleAtFixedRate (ScheduledExecutorService)
UnknownHostException (java.net)
Thrown when a hostname can not be resolved.
Date (java.util)
A specific moment in time, with millisecond precision. Values typically come from System#currentTime
PriorityQueue (java.util)
A PriorityQueue holds elements on a priority heap, which orders the elements according to their natu
Scanner (java.util)
A parser that parses a text string of primitive types and strings with the help of regular expressio
JTable (javax.swing)
Table (org.hibernate.mapping)
A relational table
Top Sublime Text plugins

How to useHttpSecurity in org.springframework.security.config.annotation.web.builders

Best Java code snippets using org.springframework.security.config.annotation.web.builders.HttpSecurity (Showing top 20 results out of 4,878)

Refine search

How to use
HttpSecurity
in
org.springframework.security.config.annotation.web.builders