@Override public void init(HttpSecurity http) throws Exception { registerDefaultAuthenticationEntryPoint(http); if (passwordEncoder != null) { ClientDetailsUserDetailsService clientDetailsUserDetailsService = new ClientDetailsUserDetailsService(clientDetailsService()); clientDetailsUserDetailsService.setPasswordEncoder(passwordEncoder()); http.getSharedObject(AuthenticationManagerBuilder.class) .userDetailsService(clientDetailsUserDetailsService) .passwordEncoder(passwordEncoder()); } else { http.userDetailsService(new ClientDetailsUserDetailsService(clientDetailsService())); } http.securityContext().securityContextRepository(new NullSecurityContextRepository()).and().csrf().disable() .httpBasic().realmName(realm); if (sslOnly) { http.requiresChannel().anyRequest().requiresSecure(); } }
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
.anyRequest().requiresSecure();
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
@Override protected void configure(final HttpSecurity http) throws Exception { // workaround regex: we need to exclude the URL /UI/HEARTBEAT here // because we bound the vaadin application to /UI and not to root, // described in vaadin-forum: // https://vaadin.com/forum#!/thread/3200565. HttpSecurity httpSec = http.regexMatcher("(?!.*HEARTBEAT)^.*\\/UI.*$") // disable as CSRF is handled by Vaadin .csrf().disable(); if (hawkbitSecurityProperties.isRequireSsl()) { httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and(); } else { LOG.info( "\"******************\\n** Requires HTTPS Security has been disabled for UI, should only be used for developing purposes **\\n******************\""); } if (!StringUtils.isEmpty(hawkbitSecurityProperties.getContentSecurityPolicy())) { httpSec.headers().contentSecurityPolicy(hawkbitSecurityProperties.getContentSecurityPolicy()); } final SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); simpleUrlLogoutSuccessHandler.setTargetUrlParameter("login"); httpSec // UI .authorizeRequests().antMatchers("/UI/login/**").permitAll().antMatchers("/UI/UIDL/**").permitAll() .anyRequest().authenticated().and() // UI login / logout .exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/UI/login/#/")) .and().logout().logoutUrl("/UI/logout").logoutSuccessHandler(simpleUrlLogoutSuccessHandler); }
@Override protected void configure(final HttpSecurity http) throws Exception { // workaround regex: we need to exclude the URL /UI/HEARTBEAT here // because we bound the vaadin application to /UI and not to root, // described in vaadin-forum: // https://vaadin.com/forum#!/thread/3200565. HttpSecurity httpSec = http.regexMatcher("(?!.*HEARTBEAT)^.*\\/UI.*$") // disable as CSRF is handled by Vaadin .csrf().disable(); if (springSecurityProperties.isRequireSsl()) { httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and(); } else { LOG.info( "\"******************\\n** Requires HTTPS Security has been disabled for UI, should only be used for developing purposes **\\n******************\""); } if (!StringUtils.isEmpty(hawkbitSecurityProperties.getContentSecurityPolicy())) { httpSec.headers().contentSecurityPolicy(hawkbitSecurityProperties.getContentSecurityPolicy()); } final SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); simpleUrlLogoutSuccessHandler.setTargetUrlParameter("login"); httpSec // UI .authorizeRequests().antMatchers("/UI/login/**").permitAll().antMatchers("/UI/UIDL/**").permitAll() .anyRequest().authenticated().and() // UI login / logout .exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/UI/login/#/")) .and().logout().logoutUrl("/UI/logout").logoutSuccessHandler(simpleUrlLogoutSuccessHandler); }
@Override public void init(HttpSecurity http) throws Exception { CasAuthenticationFilter filter = new CasAuthenticationFilter(); filter.setAuthenticationManager(authenticationManager()); filter.setRequiresAuthenticationRequestMatcher(getAuthenticationRequestMatcher()); filter.setServiceProperties(serviceProperties); filterConfigurer.configure(filter); SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter(); singleSignOutFilterConfigurer.configure(singleSignOutFilter); if (securityProperties.isRequireSsl()) { http.requiresChannel().anyRequest().requiresSecure(); } if (!securityProperties.isEnableCsrf()) { http.csrf().disable(); } SpringBootWebSecurityConfiguration.configureHeaders(http.headers(), securityProperties.getHeaders()); http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint) .and() .addFilterBefore(singleSignOutFilter, CsrfFilter.class) .addFilter(filter); if (securityProperties.getBasic().isEnabled()) { BasicAuthenticationFilter basicAuthFilter = new BasicAuthenticationFilter( http.getSharedObject(ApplicationContext.class).getBean(AuthenticationManager.class)); http.addFilterBefore(basicAuthFilter, CasAuthenticationFilter.class); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.regexMatcher(getContext().getPathRegex()) .requiresChannel() .anyRequest() .requiresSecure() .and() .headers() .frameOptions() .sameOrigin() .and() .csrf().disable() .authorizeRequests() .anyRequest() .authenticated() .and() .formLogin().permitAll().loginPage(getContext().getUrlPath() + "/login") .and() .logout() .logoutRequestMatcher(new RegexRequestMatcher("/.*logout\\?{0,1}.*", HttpMethod.GET.name())) .logoutSuccessUrl("/"); }
@Override protected void configure(final HttpSecurity http) throws Exception { // CSRF Enabled http .csrf(); // If user auth is enabled if (appProperties.isUserAuthEnabled()) { // Set it up. enableUserAuth(http); } else { disableUserAuth(http); } // If require SSL is enabled if (appProperties.isRequireSsl()) { // Ensure its enabled. http .requiresChannel() .anyRequest() .requiresSecure(); } }
@Override public void init(HttpSecurity http) throws Exception { registerDefaultAuthenticationEntryPoint(http); if (passwordEncoder != null) { ClientDetailsUserDetailsService clientDetailsUserDetailsService = new ClientDetailsUserDetailsService(clientDetailsService()); clientDetailsUserDetailsService.setPasswordEncoder(passwordEncoder()); http.getSharedObject(AuthenticationManagerBuilder.class) .userDetailsService(clientDetailsUserDetailsService) .passwordEncoder(passwordEncoder()); } else { http.userDetailsService(new ClientDetailsUserDetailsService(clientDetailsService())); } http.securityContext().securityContextRepository(new NullSecurityContextRepository()).and().csrf().disable() .httpBasic().realmName(realm); if (sslOnly) { http.requiresChannel().anyRequest().requiresSecure(); } }
@Override protected void configure(final HttpSecurity http) throws Exception { http.csrf().disable() .headers().disable() .logout() .disable() .requiresChannel() .requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null) .requiresSecure(); val requests = http.authorizeRequests(); configureEndpointAccessToDenyUndefined(http, requests); configureEndpointAccessForStaticResources(requests); val endpoints = casProperties.getMonitor().getEndpoints().getEndpoint(); endpoints.forEach(Unchecked.biConsumer((k, v) -> { val endpoint = EndpointRequest.to(k); v.getAccess().forEach(Unchecked.consumer(access -> configureEndpointAccess(http, requests, access, v, endpoint))); })); }
private void configureHSTS(HttpSecurity http) throws Exception { HeadersConfigurer<HttpSecurity>.HstsConfig hsts = http.headers().httpStrictTransportSecurity(); // If using SSL then enable the hsts and secure forwarding if (sslOn && sslHstsEnabled) { // only enable "requiresSecure" for browser requests (not for XHR/REST requests) // this options sets the REQUIRES_SECURE_CHANNEL attribute and causes ChannelProcessingFilter // to perform a 302 redirect to https:// http.portMapper().http(webPort).mapsTo(sslPort); http.requiresChannel().requestMatchers(browserHtmlRequestMatcher).requiresSecure(); hsts.maxAgeInSeconds(sslHstsMaxAge).includeSubDomains(sslHstsIncludeSubDomains); } else { hsts.disable(); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.portMapper().http(80).mapsTo(443); http.exceptionHandling().authenticationEntryPoint(customAuthenticationEntryPoint); http.headers().frameOptions().disable(); http.logout().logoutSuccessHandler(logoutSuccessHandler()).permitAll() .and() .antMatcher("/**").authorizeRequests() .antMatchers("/webjars/**", "/", "/index.html", "/empty.html", "/login.html").permitAll() .antMatchers("/authserver/uaa/login", "/authserver/uaa/register", "/authserver/uaa/activate").permitAll() .antMatchers("/ui/VAADIN/**").permitAll() .anyRequest().authenticated() .and().csrf().disable().requiresChannel().anyRequest().requiresSecure(); }
/** * Creates a new instance * @see HttpSecurity#requiresChannel() */ public ChannelSecurityConfigurer(ApplicationContext context) { this.REGISTRY = new ChannelRequestMatcherRegistry(context); }
/** * Creates a new instance * @see HttpSecurity#requiresChannel() */ public ChannelSecurityConfigurer(ApplicationContext context) { this.REGISTRY = new ChannelRequestMatcherRegistry(context); }
/** * Creates a new instance * @see HttpSecurity#requiresChannel() */ public ChannelSecurityConfigurer(ApplicationContext context) { this.REGISTRY = new ChannelRequestMatcherRegistry(context); }