@Override protected void configure(HttpSecurity http) throws Exception { AuthorizationServerSecurityConfigurer configurer = new AuthorizationServerSecurityConfigurer(); FrameworkEndpointHandlerMapping handlerMapping = endpoints.oauth2EndpointHandlerMapping(); http.setSharedObject(FrameworkEndpointHandlerMapping.class, handlerMapping); configure(configurer); http.apply(configurer); String tokenEndpointPath = handlerMapping.getServletPath("/oauth/token"); String tokenKeyPath = handlerMapping.getServletPath("/oauth/token_key"); String checkTokenPath = handlerMapping.getServletPath("/oauth/check_token"); if (!endpoints.getEndpointsConfigurer().isUserDetailsServiceOverride()) { UserDetailsService userDetailsService = http.getSharedObject(UserDetailsService.class); endpoints.getEndpointsConfigurer().userDetailsService(userDetailsService); } // @formatter:off http .authorizeRequests() .antMatchers(tokenEndpointPath).fullyAuthenticated() .antMatchers(tokenKeyPath).access(configurer.getTokenKeyAccess()) .antMatchers(checkTokenPath).access(configurer.getCheckTokenAccess()) .and() .requestMatchers() .antMatchers(tokenEndpointPath, tokenKeyPath, checkTokenPath) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER); // @formatter:on http.setSharedObject(ClientDetailsService.class, clientDetailsService); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .requestMatchers() .mvcMatchers("/path").servletPath("/spring") .mvcMatchers("/never-match") .and() .httpBasic().and() .authorizeRequests() .anyRequest().denyAll(); // @formatter:on }
/** * Creates a new instance * @param objectPostProcessor the {@link ObjectPostProcessor} that should be used * @param authenticationBuilder the {@link AuthenticationManagerBuilder} to use for * additional updates * @param sharedObjects the shared Objects to initialize the {@link HttpSecurity} with * @see WebSecurityConfiguration */ @SuppressWarnings("unchecked") public HttpSecurity(ObjectPostProcessor<Object> objectPostProcessor, AuthenticationManagerBuilder authenticationBuilder, Map<Class<? extends Object>, Object> sharedObjects) { super(objectPostProcessor); Assert.notNull(authenticationBuilder, "authenticationBuilder cannot be null"); setSharedObject(AuthenticationManagerBuilder.class, authenticationBuilder); for (Map.Entry<Class<? extends Object>, Object> entry : sharedObjects .entrySet()) { setSharedObject((Class<Object>) entry.getKey(), entry.getValue()); } ApplicationContext context = (ApplicationContext) sharedObjects .get(ApplicationContext.class); this.requestMatcherConfigurer = new RequestMatcherConfigurer(context); }
return new RequestMatcherConfigurer();
.and() .requestMatchers() .antMatchers( "/ws/**", "/stomp/**",
Arrays.asList(new SimpleGrantedAuthority(SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS))); anoymousFilter.setAuthenticationDetailsSource(authenticationDetailsSource); httpSec.requestMatchers().antMatchers(DDI_DL_ANT_MATCHER).and().securityContext().disable().anonymous() .authenticationFilter(anoymousFilter); } else { .requestMatchers().antMatchers(DDI_DL_ANT_MATCHER).and().anonymous().disable() .authorizeRequests().anyRequest().authenticated().and().exceptionHandling() .authenticationEntryPoint((request, response, authException) -> response
Arrays.asList(new SimpleGrantedAuthority(SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS))); anoymousFilter.setAuthenticationDetailsSource(authenticationDetailsSource); httpSec.requestMatchers().antMatchers(DDI_DL_ANT_MATCHER).and().securityContext().disable().anonymous() .authenticationFilter(anoymousFilter); } else { .requestMatchers().antMatchers(DDI_DL_ANT_MATCHER).and().anonymous().disable() .authorizeRequests().anyRequest().authenticated().and().exceptionHandling() .authenticationEntryPoint((request, response, authException) -> response
Arrays.asList(new SimpleGrantedAuthority(SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS))); anoymousFilter.setAuthenticationDetailsSource(authenticationDetailsSource); httpSec.requestMatchers().antMatchers(DDI_ANT_MATCHERS).and().securityContext().disable().anonymous() .authenticationFilter(anoymousFilter); } else { .addFilter(gatewaySecurityTokenFilter).requestMatchers().antMatchers(DDI_ANT_MATCHERS).and() .anonymous().disable().authorizeRequests().anyRequest().authenticated().and() .exceptionHandling()
Arrays.asList(new SimpleGrantedAuthority(SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS))); anoymousFilter.setAuthenticationDetailsSource(authenticationDetailsSource); httpSec.requestMatchers().antMatchers(DDI_ANT_MATCHERS).and().securityContext().disable().anonymous() .authenticationFilter(anoymousFilter); } else { .addFilter(gatewaySecurityTokenFilter).requestMatchers().antMatchers(DDI_ANT_MATCHERS).and() .anonymous().disable().authorizeRequests().anyRequest().authenticated().and() .exceptionHandling()
.requestMatchers().requestMatchers() .antMatchers(method, antPatterns).and() .authorizeRequests() .antMatchers(method, antPatterns).fullyAuthenticated();
@Override protected void configure(HttpSecurity http) throws Exception { http .requestMatchers() .antMatchers("/authorize", "/login", "/login/callback", "/logout") .and() .authorizeRequests() .antMatchers("/login").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .successHandler(authenticationSuccessHandler()) .failureHandler(authenticationFailureHandler()) .permitAll() .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessHandler(new CustomLogoutSuccessHandler()) .invalidateHttpSession(true) .addLogoutHandler(cookieClearingLogoutHandler()) .and() .exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")) .and() .addFilterBefore(clientOAuth2Filter(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterBefore(checkAuthCookieFilter(), AbstractPreAuthenticatedProcessingFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { AuthorizationServerSecurityConfigurer configurer = new AuthorizationServerSecurityConfigurer(); FrameworkEndpointHandlerMapping handlerMapping = endpoints.oauth2EndpointHandlerMapping(); http.setSharedObject(FrameworkEndpointHandlerMapping.class, handlerMapping); configure(configurer); http.apply(configurer); String tokenEndpointPath = handlerMapping.getServletPath("/oauth/token"); String tokenKeyPath = handlerMapping.getServletPath("/oauth/token_key"); String checkTokenPath = handlerMapping.getServletPath("/oauth/check_token"); if (!endpoints.getEndpointsConfigurer().isUserDetailsServiceOverride()) { UserDetailsService userDetailsService = http.getSharedObject(UserDetailsService.class); endpoints.getEndpointsConfigurer().userDetailsService(userDetailsService); } // @formatter:off http .authorizeRequests() .antMatchers(tokenEndpointPath).fullyAuthenticated() .antMatchers(tokenKeyPath).access(configurer.getTokenKeyAccess()) .antMatchers(checkTokenPath).access(configurer.getCheckTokenAccess()) .and() .requestMatchers() .antMatchers(tokenEndpointPath, tokenKeyPath, checkTokenPath) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER); // @formatter:on http.setSharedObject(ClientDetailsService.class, clientDetailsService); }
/** * Creates a new instance * @param objectPostProcessor the {@link ObjectPostProcessor} that should be used * @param authenticationBuilder the {@link AuthenticationManagerBuilder} to use for * additional updates * @param sharedObjects the shared Objects to initialize the {@link HttpSecurity} with * @see WebSecurityConfiguration */ @SuppressWarnings("unchecked") public HttpSecurity(ObjectPostProcessor<Object> objectPostProcessor, AuthenticationManagerBuilder authenticationBuilder, Map<Class<? extends Object>, Object> sharedObjects) { super(objectPostProcessor); Assert.notNull(authenticationBuilder, "authenticationBuilder cannot be null"); setSharedObject(AuthenticationManagerBuilder.class, authenticationBuilder); for (Map.Entry<Class<? extends Object>, Object> entry : sharedObjects .entrySet()) { setSharedObject((Class<Object>) entry.getKey(), entry.getValue()); } ApplicationContext context = (ApplicationContext) sharedObjects .get(ApplicationContext.class); this.requestMatcherConfigurer = new RequestMatcherConfigurer(context); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http. requestMatchers() // /oauth/authorize link org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint // 必须登录过的用户才可以进行 oauth2 的授权码申请 .antMatchers("/", "/home","/login","/oauth/authorize") .and() .authorizeRequests() .anyRequest().permitAll() .and() .formLogin() .loginPage("/login") .and() .httpBasic() .disable() .exceptionHandling() .accessDeniedPage("/login?authorization_error=true") .and() // TODO: put CSRF protection back into this endpoint .csrf() .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")) .disable(); // .loginPage("/login") // .failureUrl("/login?authentication_error=true") // .httpBasic(); // @formatter:on } }
@Override public void configure(HttpSecurity http) throws Exception { http.requestMatchers().and().authorizeRequests().antMatchers(HttpMethod.GET, "/products/**") .access("#oauth2.hasScope('read_catalog') and (hasRole('ROLE_ADMIN') or hasRole('ROLE_USER'))") .antMatchers(HttpMethod.GET, "/categories/**") .access("#oauth2.hasScope('read_catalog') and (hasRole('ROLE_ADMIN') or hasRole('ROLE_USER'))") .antMatchers(HttpMethod.POST, "/**") .access("#oauth2.hasScope('write_catalog') and hasRole('ROLE_ADMIN')") .antMatchers(HttpMethod.PUT, "/**") .access("#oauth2.hasScope('write_catalog') and hasRole('ROLE_ADMIN')") .antMatchers(HttpMethod.DELETE, "/**") .access("#oauth2.hasScope('write_catalog') and hasRole('ROLE_ADMIN')") // .antMatchers("/health/**").anonymous() // .antMatchers("/info/**").anonymous() // .antMatchers("/metrics/**").access("#oauth2.hasScope('metrics')") // .antMatchers("/trace/**").access("#oauth2.hasScope('trace')") // .antMatchers("/dump/**").access("#oauth2.hasScope('dump')") // .antMatchers("/shutdown/**").access("#oauth2.hasScope('shutdown')") // .antMatchers("/beans/**").access("#oauth2.hasScope('beans')") // .antMatchers("/autoconfig/**").access("#oauth2.hasScope('autoconfig')") // .antMatchers("/configprops/**").access("#oauth2.hasScope('configprops')") // .antMatchers("/env/**").access("#oauth2.hasScope('env')") // .antMatchers("/mappings/**").access("#oauth2.hasScope('mappings')") ; }
@Override protected void configure(HttpSecurity http) throws Exception { AuthorizationServerSecurityConfigurer configurer = new AuthorizationServerSecurityConfigurer(); FrameworkEndpointHandlerMapping handlerMapping = endpoints.oauth2EndpointHandlerMapping(); http.setSharedObject(FrameworkEndpointHandlerMapping.class, handlerMapping); configure(configurer); http.apply(configurer); String tokenEndpointPath = handlerMapping.getServletPath("/oauth/token"); String tokenKeyPath = handlerMapping.getServletPath("/oauth/token_key"); String checkTokenPath = handlerMapping.getServletPath("/oauth/check_token"); if (!endpoints.getEndpointsConfigurer().isUserDetailsServiceOverride()) { UserDetailsService userDetailsService = http.getSharedObject(UserDetailsService.class); endpoints.getEndpointsConfigurer().userDetailsService(userDetailsService); } // @formatter:off http .authorizeRequests() .antMatchers(tokenEndpointPath).fullyAuthenticated() .antMatchers(tokenKeyPath).access(configurer.getTokenKeyAccess()) .antMatchers(checkTokenPath).access(configurer.getCheckTokenAccess()) .and() .requestMatchers() .antMatchers(tokenEndpointPath, tokenKeyPath, checkTokenPath) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER); // @formatter:on http.setSharedObject(ClientDetailsService.class, clientDetailsService); }
@Override public void configure(HttpSecurity http) throws Exception { http.requestMatchers().and().authorizeRequests().antMatchers(HttpMethod.GET, "/recommendations/**") .access("#oauth2.hasScope('read_recommendations') and (hasRole('ROLE_ADMIN') or hasRole('ROLE_USER'))") .antMatchers(HttpMethod.GET, "/products/**") .access("#oauth2.hasScope('read_recommendations') and (hasRole('ROLE_ADMIN') or hasRole('ROLE_USER'))") .antMatchers(HttpMethod.POST, "/**") .access("#oauth2.hasScope('write_recommendations') and hasRole('ROLE_ADMIN')") .antMatchers(HttpMethod.PUT, "/**") .access("#oauth2.hasScope('write_recommendations') and hasRole('ROLE_ADMIN')") .antMatchers(HttpMethod.DELETE, "/**") .access("#oauth2.hasScope('write_recommendations') and hasRole('ROLE_ADMIN')") // .antMatchers("/health/**").anonymous() // .antMatchers("/info/**").anonymous() .antMatchers("/metrics/**").access("#oauth2.hasScope('metrics')").antMatchers("/trace/**") .access("#oauth2.hasScope('trace')").antMatchers("/dump/**").access("#oauth2.hasScope('dump')") .antMatchers("/shutdown/**").access("#oauth2.hasScope('shutdown')").antMatchers("/beans/**") .access("#oauth2.hasScope('beans')").antMatchers("/autoconfig/**") .access("#oauth2.hasScope('autoconfig')").antMatchers("/configprops/**") .access("#oauth2.hasScope('configprops')").antMatchers("/env/**").access("#oauth2.hasScope('env')") .antMatchers("/mappings/**").access("#oauth2.hasScope('mappings')"); }
@Override public void configure(HttpSecurity http) throws Exception { http.requestMatchers().and().authorizeRequests().antMatchers(HttpMethod.GET, "/reviews/**") .access("#oauth2.hasScope('read_reviews') and (hasRole('ROLE_ADMIN') or hasRole('ROLE_USER'))") .antMatchers(HttpMethod.POST, "/**") .access("#oauth2.hasScope('write_reviews') and hasRole('ROLE_ADMIN')") .antMatchers(HttpMethod.PUT, "/**") .access("#oauth2.hasScope('write_reviews') and hasRole('ROLE_ADMIN')") .antMatchers(HttpMethod.DELETE, "/**") .access("#oauth2.hasScope('write_reviews') and hasRole('ROLE_ADMIN')") // .antMatchers("/health/**").anonymous() // .antMatchers("/info/**").anonymous() .antMatchers("/metrics/**").access("#oauth2.hasScope('metrics')").antMatchers("/trace/**") .access("#oauth2.hasScope('trace')").antMatchers("/dump/**").access("#oauth2.hasScope('dump')") .antMatchers("/shutdown/**").access("#oauth2.hasScope('shutdown')").antMatchers("/beans/**") .access("#oauth2.hasScope('beans')").antMatchers("/autoconfig/**") .access("#oauth2.hasScope('autoconfig')").antMatchers("/configprops/**") .access("#oauth2.hasScope('configprops')").antMatchers("/env/**").access("#oauth2.hasScope('env')") .antMatchers("/mappings/**").access("#oauth2.hasScope('mappings')"); }
@Override public void configure(HttpSecurity http) throws Exception { super.configure(http); // @formatter:off http .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER) .and() .requestMatchers() .antMatchers("/**") .and() .authorizeRequests() .antMatchers(HttpMethod.OPTIONS, "/api/**").permitAll() .antMatchers(HttpMethod.GET, "/api/**").access("#oauth2.hasScope('read')") .antMatchers(HttpMethod.PATCH, "/api/**").access("#oauth2.hasScope('write')") .antMatchers(HttpMethod.POST, "/api/**").access("#oauth2.hasScope('write')") .antMatchers(HttpMethod.PUT, "/api/**").access("#oauth2.hasScope('write')") .antMatchers(HttpMethod.DELETE, "/api/**").access("#oauth2.hasScope('write')") .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')"); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .formLogin() .loginPage("/login").defaultSuccessUrl("http://localhost:8888/index.html").permitAll() .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/signout")) .logoutSuccessUrl("/login") //.and().logout().invalidateHttpSession(true).deleteCookies("JSESSION") .and() .requestMatchers() .antMatchers("/","/login","/logout","/signout", "/oauth/authorize", "/oauth/confirm_access","/images/**") .and() .authorizeRequests().anyRequest().authenticated(); // @formatter:on }