@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }
@Override public void configure(HttpSecurity http) { http.addFilterBefore(this.myFilter, UsernamePasswordAuthenticationFilter.class); }
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated().and() // custom token authorize exception handler .exceptionHandling() .authenticationEntryPoint(unauthorizedHandler).and() // since we use jwt, session is not necessary .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() // since we use jwt, csrf is not necessary .csrf().disable(); http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class); // disable cache http.headers().cacheControl(); }
@Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { CharacterEncodingFilter filter = new CharacterEncodingFilter(); filter.setEncoding("UTF-8"); filter.setForceEncoding(true); http.addFilterBefore(filter,CsrfFilter.class); //rest of your code } //rest of your code }
@Override public void configure(HttpSecurity http) throws Exception { // ensure this is initialized frameworkEndpointHandlerMapping(); if (allowFormAuthenticationForClients) { clientCredentialsTokenEndpointFilter(http); } for (Filter filter : tokenEndpointAuthenticationFilters) { http.addFilterBefore(filter, BasicAuthenticationFilter.class); } http.exceptionHandling().accessDeniedHandler(accessDeniedHandler); }
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity // we don't need CSRF because our token is invulnerable .csrf().disable() .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() // don't create session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests() // Un-secure H2 Database .antMatchers("/h2-console/**/**").permitAll() .antMatchers("/auth/**").permitAll() .anyRequest().authenticated(); httpSecurity .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); // disable page caching httpSecurity .headers() .frameOptions().sameOrigin() // required to set for H2 else H2 Console will be blank. .cacheControl(); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { http .cors().and() .rememberMe().disable() .authorizeRequests() .anyRequest().fullyAuthenticated() .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS); // x509 http.addFilterBefore(x509FilterBean(), AnonymousAuthenticationFilter.class); // jwt http.addFilterBefore(jwtFilterBean(), AnonymousAuthenticationFilter.class); // otp http.addFilterBefore(otpFilterBean(), AnonymousAuthenticationFilter.class); // knox http.addFilterBefore(knoxFilterBean(), AnonymousAuthenticationFilter.class); // anonymous http.anonymous().authenticationFilter(anonymousFilterBean()); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) // Just for laughs, apply OAuth protection to only 3 resources .requestMatchers().antMatchers("/","/admin/beans","/admin/health") .and() .authorizeRequests() .anyRequest().access("#oauth2.hasScope('read')").expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.anonymous().disable() .antMatcher("/oauth/token") .authorizeRequests().anyRequest().authenticated() .and() .httpBasic().authenticationEntryPoint(authenticationEntryPoint()) .and() .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/token")).disable() .exceptionHandling().accessDeniedHandler(accessDeniedHandler()) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // @formatter:on ClientCredentialsTokenEndpointFilter filter = new ClientCredentialsTokenEndpointFilter(); filter.setAuthenticationManager(super.authenticationManagerBean()); filter.afterPropertiesSet(); http.addFilterBefore(filter, BasicAuthenticationFilter.class); }
@Override public void configure(HttpSecurity http) throws Exception { AuthenticationManager oauthAuthenticationManager = oauthAuthenticationManager(http); resourcesServerFilter = new OAuth2AuthenticationProcessingFilter(); resourcesServerFilter.setAuthenticationEntryPoint(authenticationEntryPoint); resourcesServerFilter.setAuthenticationManager(oauthAuthenticationManager); if (eventPublisher != null) { resourcesServerFilter.setAuthenticationEventPublisher(eventPublisher); } if (tokenExtractor != null) { resourcesServerFilter.setTokenExtractor(tokenExtractor); } if (authenticationDetailsSource != null) { resourcesServerFilter.setAuthenticationDetailsSource(authenticationDetailsSource); } resourcesServerFilter = postProcess(resourcesServerFilter); resourcesServerFilter.setStateless(stateless); // @formatter:off http .authorizeRequests().expressionHandler(expressionHandler) .and() .addFilterBefore(resourcesServerFilter, AbstractPreAuthenticatedProcessingFilter.class) .exceptionHandling() .accessDeniedHandler(accessDeniedHandler) .authenticationEntryPoint(authenticationEntryPoint); // @formatter:on }
private ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(HttpSecurity http) { ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter( frameworkEndpointHandlerMapping().getServletPath("/oauth/token")); clientCredentialsTokenEndpointFilter .setAuthenticationManager(http.getSharedObject(AuthenticationManager.class)); OAuth2AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint(); authenticationEntryPoint.setTypeName("Form"); authenticationEntryPoint.setRealmName(realm); clientCredentialsTokenEndpointFilter.setAuthenticationEntryPoint(authenticationEntryPoint); clientCredentialsTokenEndpointFilter = postProcess(clientCredentialsTokenEndpointFilter); http.addFilterBefore(clientCredentialsTokenEndpointFilter, BasicAuthenticationFilter.class); return clientCredentialsTokenEndpointFilter; }
@Override protected void configure(HttpSecurity security) throws Exception { security .csrf().disable() .exceptionHandling().authenticationEntryPoint(new MyAuthenticationEntryPoint()).and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests() .anyRequest().authenticated(); // Custom JWT based security filter security .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class); } }