@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .securityContext() .securityContextRepository(new NullSecurityContextRepository()) .and() .formLogin(); }
/** * Sets up management of the {@link SecurityContext} on the * {@link SecurityContextHolder} between {@link HttpServletRequest}'s. This is * automatically applied when using {@link WebSecurityConfigurerAdapter}. * * @return the {@link SecurityContextConfigurer} for further customizations * @throws Exception */ public SecurityContextConfigurer<HttpSecurity> securityContext() throws Exception { return getOrApply(new SecurityContextConfigurer<>()); }
/** * Specifies the shared {@link SecurityContextRepository} that is to be used * @param securityContextRepository the {@link SecurityContextRepository} to use * @return the {@link HttpSecurity} for further customizations */ public SecurityContextConfigurer<H> securityContextRepository( SecurityContextRepository securityContextRepository) { getBuilder().setSharedObject(SecurityContextRepository.class, securityContextRepository); return this; }
.headers().and() .sessionManagement().and() .securityContext().and() .requestCache().and() .anonymous().and()
@Override protected void configure(HttpSecurity http) throws Exception { http.securityContext().securityContextRepository(securityContextRepository); http.requestCache().requestCache(new NullRequestCache()); http .authorizeRequests() .antMatchers("/", "/home", "/categories/**", "/products/**").permitAll() .antMatchers("/admin/**").hasRole("ADMIN") .anyRequest().authenticated() .and() .formLogin() // login .loginPage("/login") .permitAll() .successHandler(new CustomAuthSuccessHandler()) .and() .logout() // /login?logout .logoutUrl("/logout") .logoutSuccessUrl("/loggedOut") .deleteCookies(SecurityConfig.AUTHCOOKIENAME) .permitAll() .and() .csrf().disable() ; }
@Override @SuppressWarnings("unchecked") public void configure(H http) throws Exception { SecurityContextRepository securityContextRepository = http .getSharedObject(SecurityContextRepository.class); if (securityContextRepository == null) { securityContextRepository = new HttpSessionSecurityContextRepository(); } SecurityContextPersistenceFilter securityContextFilter = new SecurityContextPersistenceFilter( securityContextRepository); SessionManagementConfigurer<?> sessionManagement = http .getConfigurer(SessionManagementConfigurer.class); SessionCreationPolicy sessionCreationPolicy = sessionManagement == null ? null : sessionManagement.getSessionCreationPolicy(); if (SessionCreationPolicy.ALWAYS == sessionCreationPolicy) { securityContextFilter.setForceEagerSessionCreation(true); } securityContextFilter = postProcess(securityContextFilter); http.addFilter(securityContextFilter); } }
http.securityContext().disable();
.headers().and() .sessionManagement().and() .securityContext().and() .requestCache().and() .anonymous().and()
http .securityContext() .securityContextRepository(securityContextRepository); http .httpBasic()
@Override @SuppressWarnings("unchecked") public void configure(H http) throws Exception { SecurityContextRepository securityContextRepository = http .getSharedObject(SecurityContextRepository.class); if (securityContextRepository == null) { securityContextRepository = new HttpSessionSecurityContextRepository(); } SecurityContextPersistenceFilter securityContextFilter = new SecurityContextPersistenceFilter( securityContextRepository); SessionManagementConfigurer<?> sessionManagement = http .getConfigurer(SessionManagementConfigurer.class); SessionCreationPolicy sessionCreationPolicy = sessionManagement == null ? null : sessionManagement.getSessionCreationPolicy(); if (SessionCreationPolicy.ALWAYS == sessionCreationPolicy) { securityContextFilter.setForceEagerSessionCreation(true); } securityContextFilter = postProcess(securityContextFilter); http.addFilter(securityContextFilter); } }
Arrays.asList(new SimpleGrantedAuthority(SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS))); anoymousFilter.setAuthenticationDetailsSource(authenticationDetailsSource); httpSec.requestMatchers().antMatchers(DDI_ANT_MATCHERS).and().securityContext().disable().anonymous() .authenticationFilter(anoymousFilter); } else {
@Override public void init(HttpSecurity http) throws Exception { registerDefaultAuthenticationEntryPoint(http); if (passwordEncoder != null) { ClientDetailsUserDetailsService clientDetailsUserDetailsService = new ClientDetailsUserDetailsService(clientDetailsService()); clientDetailsUserDetailsService.setPasswordEncoder(passwordEncoder()); http.getSharedObject(AuthenticationManagerBuilder.class) .userDetailsService(clientDetailsUserDetailsService) .passwordEncoder(passwordEncoder()); } else { http.userDetailsService(new ClientDetailsUserDetailsService(clientDetailsService())); } http.securityContext().securityContextRepository(new NullSecurityContextRepository()).and().csrf().disable() .httpBasic().realmName(realm); if (sslOnly) { http.requiresChannel().anyRequest().requiresSecure(); } }
.securityContext().and() .requestCache().and() .anonymous().and() .servletApi().and() .apply(new DefaultLoginPageConfigurer<HttpSecurity>()).and()
/** * Specifies the shared {@link SecurityContextRepository} that is to be used * @param securityContextRepository the {@link SecurityContextRepository} to use * @return the {@link HttpSecurity} for further customizations */ public SecurityContextConfigurer<H> securityContextRepository( SecurityContextRepository securityContextRepository) { getBuilder().setSharedObject(SecurityContextRepository.class, securityContextRepository); return this; }
/** * Sets up management of the {@link SecurityContext} on the * {@link SecurityContextHolder} between {@link HttpServletRequest}'s. This is * automatically applied when using {@link WebSecurityConfigurerAdapter}. * * @return the {@link SecurityContextConfigurer} for further customizations * @throws Exception */ public SecurityContextConfigurer<HttpSecurity> securityContext() throws Exception { return getOrApply(new SecurityContextConfigurer<>()); }
@Override @SuppressWarnings("unchecked") public void configure(H http) throws Exception { SecurityContextRepository securityContextRepository = http.getSharedObject(SecurityContextRepository.class); SecurityContextPersistenceFilter securityContextFilter = new SecurityContextPersistenceFilter( securityContextRepository); SessionManagementConfigurer<?> sessionManagement = http.getConfigurer(SessionManagementConfigurer.class); SessionCreationPolicy sessionCreationPolicy = sessionManagement == null ? null : sessionManagement.getSessionCreationPolicy(); if (SessionCreationPolicy.always == sessionCreationPolicy) { securityContextFilter.setForceEagerSessionCreation(true); } securityContextFilter = postProcess(securityContextFilter); http.addFilter(securityContextFilter); } }
Arrays.asList(new SimpleGrantedAuthority(SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS))); anoymousFilter.setAuthenticationDetailsSource(authenticationDetailsSource); httpSec.requestMatchers().antMatchers(DDI_ANT_MATCHERS).and().securityContext().disable().anonymous() .authenticationFilter(anoymousFilter); } else {
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .securityContext() .securityContextRepository(securityContextRepository()) .and() .oauth2Login() .tokenEndpoint() .accessTokenResponseClient(createOauth2AccessTokenResponseClient()) .and() .userInfoEndpoint() .userService(createOauth2UserService()) .oidcUserService(createOidcUserService()); }
.headers().and() .sessionManagement().and() .securityContext().and() .requestCache().and() .anonymous().and()
/** * Specifies the shared {@link SecurityContextRepository} that is to be used * @param securityContextRepository the {@link SecurityContextRepository} to use * @return the {@link HttpSecurity} for further customizations */ public SecurityContextConfigurer<H> securityContextRepository( SecurityContextRepository securityContextRepository) { getBuilder().setSharedObject(SecurityContextRepository.class, securityContextRepository); return this; }