/** * Integrates the {@link HttpServletRequest} methods with the values found on the * {@link SecurityContext}. This is automatically applied when using * {@link WebSecurityConfigurerAdapter}. * * @return the {@link ServletApiConfigurer} for further customizations * @throws Exception */ public ServletApiConfigurer<HttpSecurity> servletApi() throws Exception { return getOrApply(new ServletApiConfigurer<>()); }
securityContextRequestFilter = postProcess(securityContextRequestFilter); http.addFilter(securityContextRequestFilter);
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().permitAll() .and() .servletApi() .disable(); } }
.requestCache().and() .anonymous().and() .servletApi().and() .apply(new DefaultLoginPageConfigurer<>()).and() .logout();
http.servletApi().rolePrefix(""); //Fix for https://github.com/stormpath/stormpath-sdk-java/issues/325
@SuppressWarnings("unchecked") public H disable() { getBuilder().removeConfigurer(getClass()); return getBuilder(); }
.requestCache().and() .anonymous().and() .servletApi().and() .apply(new DefaultLoginPageConfigurer<>()).and() .logout();
http.servletApi().rolePrefix(""); //Fix for https://github.com/stormpath/stormpath-sdk-java/issues/325
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); //h2 database console http.headers().frameOptions().disable(); http.exceptionHandling() .and().anonymous() .and().servletApi() .and().headers().cacheControl(); http.authorizeRequests() .antMatchers(HttpMethod.GET, "/api/posts/**").permitAll() .antMatchers(HttpMethod.POST, "/api/posts/**").hasRole("USER") .antMatchers(HttpMethod.GET, "/api/users").hasRole("USER") .antMatchers(HttpMethod.GET, "/console/**").permitAll(); http.addFilterBefore( new StatelessLoginFilter("/api/login", tokenAuthenticationService, userService, authenticationManager()), UsernamePasswordAuthenticationFilter.class); http.addFilterBefore( new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class); }
/** * Integrates the {@link HttpServletRequest} methods with the values found on the * {@link SecurityContext}. This is automatically applied when using * {@link WebSecurityConfigurerAdapter}. * * @return the {@link ServletApiConfigurer} for further customizations * @throws Exception */ public ServletApiConfigurer<HttpSecurity> servletApi() throws Exception { return getOrApply(new ServletApiConfigurer<>()); }
securityContextRequestFilter = postProcess(securityContextRequestFilter); http.addFilter(securityContextRequestFilter);
.headers().disable() .servletApi() .and() .csrf().disable() .sessionManagement()
/** * Integrates the {@link HttpServletRequest} methods with the values found * on the {@link SecurityContext}. This is automatically applied when using * {@link WebSecurityConfigurerAdapter}. * * @return the {@link ServletApiConfigurer} for further customizations * @throws Exception */ public ServletApiConfigurer<HttpSecurity> servletApi() throws Exception { return apply(new ServletApiConfigurer<HttpSecurity>()); }
@Override public void configure(H builder) throws Exception { securityContextRequestFilter = postProcess(securityContextRequestFilter); builder.addFilter(securityContextRequestFilter); } }
http .exceptionHandling().and() .sessionManagement().and() .securityContext().and() .requestCache().and()
/** * Integrates the {@link HttpServletRequest} methods with the values found on the * {@link SecurityContext}. This is automatically applied when using * {@link WebSecurityConfigurerAdapter}. * * @return the {@link ServletApiConfigurer} for further customizations * @throws Exception */ public ServletApiConfigurer<HttpSecurity> servletApi() throws Exception { return getOrApply(new ServletApiConfigurer<>()); }
securityContextRequestFilter = postProcess(securityContextRequestFilter); http.addFilter(securityContextRequestFilter);
.requestCache().and() .anonymous().and() .servletApi().and() .apply(new DefaultLoginPageConfigurer<>()).and() .logout();