@Override protected void configure(HttpSecurity http) throws Exception { http.requestMatcher(EndpointRequest.toAnyEndpoint()) .authorizeRequests().anyRequest().hasRole("ENDPOINT_ADMIN") .and() .httpBasic(); }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). antMatchers("/actuator/**").permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .ignoringAntMatchers("/instances", "/actuator/**"); } }
@Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); http // .csrf().disable() // .authorizeRequests() // .requestMatchers(EndpointRequest.to( // InfoEndpoint.class, // HealthEndpoint.class // )).permitAll() // .requestMatchers(EndpointRequest.toAnyEndpoint()) // .hasRole("ACTUATOR") // .anyRequest().permitAll() // ; }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().authenticated() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers("/actuator/**").permitAll().anyRequest().authenticated(); http.formLogin().loginPage("/login").permitAll(); http.logout().clearAuthentication(true) .logoutSuccessUrl("/") .logoutUrl("/logout-session") .deleteCookies("JSESSIONID") .invalidateHttpSession(true); http.requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access", "/implicit/redirect"); http.authorizeRequests().antMatchers("/oauth/authorize").authenticated().anyRequest().authenticated(); http.csrf().ignoringAntMatchers("/instances", "/actuator/**"); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .requestMatchers(EndpointRequest.to(ShutdownEndpoint.class)) .hasRole("ACTUATOR_ADMIN") .requestMatchers(EndpointRequest.toAnyEndpoint()) .permitAll() .requestMatchers(PathRequest.toStaticResources().atCommonLocations()) .permitAll() .antMatchers("/") .permitAll() .antMatchers("/**") .authenticated() .and() .httpBasic(); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .mvcMatchers("/admin").hasRole("ADMIN") .requestMatchers(EndpointRequest.to("info", "health")).permitAll() .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR") .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() .antMatchers("/events/**").hasRole("USER") .antMatchers("/**").permitAll() .and().httpBasic(); } }
protected void configure(HttpSecurity http) throws Exception { http .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .csrf() .disable(); http .requestMatcher(new ActuatorRequestMatcher()) .authorizeRequests() .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated() .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN) .and().httpBasic(); } }
/** * Configure endpoint access to deny undefined. * * @param http the http * @param requests the requests */ protected void configureEndpointAccessToDenyUndefined(final HttpSecurity http, final ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry requests) { val endpoints = casProperties.getMonitor().getEndpoints().getEndpoint().keySet(); val configuredEndpoints = endpoints.toArray(ArrayUtils.EMPTY_STRING_ARRAY); val endpointDefaults = casProperties.getMonitor().getEndpoints().getDefaultEndpointProperties(); endpointDefaults.getAccess().forEach(Unchecked.consumer(access -> configureEndpointAccess(http, requests, access, endpointDefaults, EndpointRequest.toAnyEndpoint().excluding(configuredEndpoints).excludingLinks()))); }