@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .requestCache() .requestCache(requestCache) .and() .requestCache(); // @formatter:on } }
/** * Allows configuring the Request Cache. For example, a protected page (/protected) * may be requested prior to authentication. The application will redirect the user to * a login page. After authentication, Spring Security will redirect the user to the * originally requested protected page (/protected). This is automatically applied * when using {@link WebSecurityConfigurerAdapter}. * * @return the {@link RequestCacheConfigurer} for further customizations * @throws Exception */ public RequestCacheConfigurer<HttpSecurity> requestCache() throws Exception { return getOrApply(new RequestCacheConfigurer<>()); }
/** * Allows explicit configuration of the {@link RequestCache} to be used. Defaults to * try finding a {@link RequestCache} as a shared object. Then falls back to a * {@link HttpSessionRequestCache}. * * @param requestCache the explicit {@link RequestCache} to use * @return the {@link RequestCacheConfigurer} for further customization */ public RequestCacheConfigurer<H> requestCache(RequestCache requestCache) { getBuilder().setSharedObject(RequestCache.class, requestCache); return this; }
@Override public void configure(H http) throws Exception { RequestCache requestCache = getRequestCache(http); RequestCacheAwareFilter requestCacheFilter = new RequestCacheAwareFilter( requestCache); requestCacheFilter = postProcess(requestCacheFilter); http.addFilter(requestCacheFilter); }
/** * Gets the {@link RequestCache} to use. If one is defined using * {@link #requestCache(org.springframework.security.web.savedrequest.RequestCache)}, * then it is used. Otherwise, an attempt to find a {@link RequestCache} shared object * is made. If that fails, an {@link HttpSessionRequestCache} is used * * @param http the {@link HttpSecurity} to attempt to fined the shared object * @return the {@link RequestCache} to use */ private RequestCache getRequestCache(H http) { RequestCache result = http.getSharedObject(RequestCache.class); if (result != null) { return result; } result = getBeanOrNull(RequestCache.class); if (result != null) { return result; } HttpSessionRequestCache defaultCache = new HttpSessionRequestCache(); defaultCache.setRequestMatcher(createDefaultSavedRequestMatcher(http)); return defaultCache; }
.sessionManagement().and() .securityContext().and() .requestCache().and() .anonymous().and() .servletApi().and()
@Override protected void configure(HttpSecurity http) throws Exception { http .formLogin().and() .requestCache() .requestCache(this.requestCache); } }
@Override public void init(H http) throws Exception { http.setSharedObject(RequestCache.class, getRequestCache(http)); }
@Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); http.requestCache().disable(); } }
@Override public void configure(H http) throws Exception { RequestCache requestCache = getRequestCache(http); RequestCacheAwareFilter requestCacheFilter = new RequestCacheAwareFilter( requestCache); requestCacheFilter = postProcess(requestCacheFilter); http.addFilter(requestCacheFilter); }
.sessionManagement().and() .securityContext().and() .requestCache().and() .anonymous().and() .servletApi().and()
@Override protected void configure(HttpSecurity http) throws Exception { http.securityContext().securityContextRepository(securityContextRepository); http.requestCache().requestCache(new NullRequestCache()); http .authorizeRequests() .antMatchers("/", "/home", "/categories/**", "/products/**").permitAll() .antMatchers("/admin/**").hasRole("ADMIN") .anyRequest().authenticated() .and() .formLogin() // login .loginPage("/login") .permitAll() .successHandler(new CustomAuthSuccessHandler()) .and() .logout() // /login?logout .logoutUrl("/logout") .logoutSuccessUrl("/loggedOut") .deleteCookies(SecurityConfig.AUTHCOOKIENAME) .permitAll() .and() .csrf().disable() ; }
/** * Gets the {@link RequestCache} to use. If one is defined using * {@link #requestCache(org.springframework.security.web.savedrequest.RequestCache)}, * then it is used. Otherwise, an attempt to find a {@link RequestCache} shared object * is made. If that fails, an {@link HttpSessionRequestCache} is used * * @param http the {@link HttpSecurity} to attempt to fined the shared object * @return the {@link RequestCache} to use */ private RequestCache getRequestCache(H http) { RequestCache result = http.getSharedObject(RequestCache.class); if (result != null) { return result; } result = getBeanOrNull(RequestCache.class); if (result != null) { return result; } HttpSessionRequestCache defaultCache = new HttpSessionRequestCache(); defaultCache.setRequestMatcher(createDefaultSavedRequestMatcher(http)); return defaultCache; }
@Override public void init(H http) throws Exception { http.setSharedObject(RequestCache.class, getRequestCache(http)); }
http.logout().disable(); http.formLogin().disable(); http.requestCache().disable();
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .requestCache() .requestCache(requestCache) .and() .oauth2Client() .authorizationCodeGrant() .authorizationRequestResolver(authorizationRequestResolver) .accessTokenResponseClient(accessTokenResponseClient); }
@Override public void configure(H http) throws Exception { RequestCache requestCache = getRequestCache(http); RequestCacheAwareFilter requestCacheFilter = new RequestCacheAwareFilter(requestCache); requestCacheFilter = postProcess(requestCacheFilter); http.addFilter(requestCacheFilter); }
private <T> T getBeanOrNull(Class<T> type) { ApplicationContext context = getBuilder().getSharedObject(ApplicationContext.class); if (context == null) { return null; } try { return context.getBean(type); } catch (NoSuchBeanDefinitionException e) { return null; } } @SuppressWarnings("unchecked")
.sessionManagement().and() .securityContext().and() .requestCache().and() .anonymous().and() .servletApi().and()
http.exceptionHandling().authenticationEntryPoint(new SimpleAuthenticationEntryPoint(confMap.get("security.signin"))); http.exceptionHandling().accessDeniedHandler(new SimpleAccessDeniedHandler(confMap.get("security.access_denied"))); http.requestCache().requestCache(new SimpleRequestCache()); http.logout().logoutUrl(confMap.get("security.signout")). logoutSuccessUrl(confMap.get("security.signout_success"));