congrats Icon
New! Announcing Tabnine Chat Beta
Learn More
Tabnine Logo
HttpSecurity.authorizeRequests
Code IndexAdd Tabnine to your IDE (free)

How to use
authorizeRequests
method
in
org.springframework.security.config.annotation.web.builders.HttpSecurity

Best Java code snippets using org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeRequests (Showing top 20 results out of 4,581)

Refine searchRefine arrow

  • ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry.antMatchers
origin: sqshq/piggymetrics

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .antMatchers("/" , "/demo").permitAll()
        .anyRequest().authenticated();
  }
}
origin: sqshq/piggymetrics

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http
      .authorizeRequests()
        .antMatchers("/actuator/**").permitAll()
        .anyRequest().authenticated()
      .and()
        .httpBasic()
        ;
  }
}
origin: kbastani/spring-cloud-event-sourcing-example

@Override
public void configure(HttpSecurity http) throws Exception {
  http
      .authorizeRequests()
      .antMatchers("/resources/**", "/login").permitAll()
      .anyRequest()
      .authenticated();
}
origin: kbastani/spring-cloud-event-sourcing-example

@Override
public void configure(HttpSecurity http) throws Exception {
  http.antMatcher("/**")
      .authorizeRequests()
      .antMatchers("/index.html", "/login", "/", "/api/catalog/**",
          "/user", "/assets/**").permitAll()
      .anyRequest().authenticated().and().csrf().disable();
}
origin: 527515025/springBoot

@Override
protected void configure(HttpSecurity http) throws Exception {
  http.authorizeRequests()
      .antMatchers("/css/**").permitAll()
      .anyRequest().authenticated() //任何请求,登录后可以访问
      .and()
      .formLogin()
      .loginPage("/login")
      .defaultSuccessUrl("/")
      .failureUrl("/login?error")
      .permitAll() //登录页面用户任意访问
      .and()
      .logout().permitAll(); //注销行为任意访问
  http.addFilterBefore(myFilterSecurityInterceptor, FilterSecurityInterceptor.class);
}
origin: forezp/SpringCloudLearning

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setTargetUrlParameter( "redirectTo" );

    http.authorizeRequests()
        .antMatchers( adminContextPath + "/assets/**" ).permitAll()
        .antMatchers( adminContextPath + "/login" ).permitAll()
        .anyRequest().authenticated()
        .and()
        .formLogin().loginPage( adminContextPath + "/login" ).successHandler( successHandler ).and()
        .logout().logoutUrl( adminContextPath + "/logout" ).and()
        .httpBasic().and()
        .csrf().disable();
    // @formatter:on
  }
}
origin: spring-projects/spring-security

@Override
protected void configure(HttpSecurity http) throws Exception {
  http
    .authorizeRequests()
      .antMatchers("/*").permitAll();
}
// @formatter:on
origin: zhangxd1989/spring-boot-cloud

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    // Page with login form is served as /login.html and does a POST on /login
    http.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll();
    // The UI does a POST on /logout on logout
    http.logout().logoutUrl("/logout");
    // The ui currently doesn't support csrf
    http.csrf().disable();
    // Requests for the login page and the static assets are allowed
    http.authorizeRequests()
        .antMatchers("/login.html", "/**/*.css", "/img/**", "/third-party/**")
        .permitAll();
    // ... and any other request needs to be authorized
    http.authorizeRequests().antMatchers("/**").authenticated();
    // Enable so that the clients can authenticate via HTTP basic for registering
    http.httpBasic();
  }
}
origin: 527515025/springBoot

@Override
protected void configure(HttpSecurity http) throws Exception {
  http
      .authorizeRequests()
      .antMatchers("/","/login").permitAll()//根路径和/login路径不拦截
      .anyRequest().authenticated()
      .and()
      .formLogin()
      .loginPage("/login") //2登陆页面路径为/login
      .defaultSuccessUrl("/chat") //3登陆成功转向chat页面
      .permitAll()
      .and()
      .logout()
      .permitAll();
}
origin: spring-projects/spring-security

  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeRequests()
      .anyRequest().authenticated()
      .antMatchers("/demo/**").permitAll();
  }
}
origin: kbastani/spring-cloud-event-sourcing-example

@Override
protected void configure(HttpSecurity http) throws Exception {
  http
      .authorizeRequests()
      .antMatchers("/resources/**").permitAll()
      .anyRequest().authenticated()
      .and()
      .formLogin()
      .loginPage("/login")
      .permitAll()
      .and()
      .logout()
      .permitAll()
      .and()
      .csrf().disable();
}
origin: ctripcorp/apollo

@Override
protected void configure(HttpSecurity http) throws Exception {
 http.csrf().disable();
 http.headers().frameOptions().sameOrigin();
 http.authorizeRequests()
   .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll()
   .antMatchers("/**").authenticated();
 http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic();
 SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler();
 urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout");
 http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true)
   .logoutSuccessHandler(urlLogoutHandler);
 http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));
}
origin: spring-projects/spring-data-examples

  /**
   * This section defines the security policy for the app.
   * <p>
   * <ul>
   * <li>BASIC authentication is supported (enough for this REST-based demo).</li>
   * <li>/employees is secured using URL security shown below.</li>
   * <li>CSRF headers are disabled since we are only testing the REST interface, not a web one.</li>
   * </ul>
   * NOTE: GET is not shown which defaults to permitted.
   *
   * @param http
   * @throws Exception
   * @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity)
   */
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.httpBasic().and().authorizeRequests().//
        antMatchers(HttpMethod.POST, "/employees").hasRole("ADMIN").//
        antMatchers(HttpMethod.PUT, "/employees/**").hasRole("ADMIN").//
        antMatchers(HttpMethod.PATCH, "/employees/**").hasRole("ADMIN").and().//
        csrf().disable();
  }
}
origin: ctripcorp/apollo

@Override
protected void configure(HttpSecurity http) throws Exception {
 http.csrf().disable();
 http.headers().frameOptions().sameOrigin();
 http.authorizeRequests()
   .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll()
   .antMatchers("/**").hasAnyRole(USER_ROLE);
 http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic();
 SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler();
 urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout");
 http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true)
   .logoutSuccessHandler(urlLogoutHandler);
 http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));
}
origin: spring-projects/spring-security

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeRequests()
        .antMatchers("/*").hasRole("USER")
        .and()
      .formLogin();
  }
}
origin: spring-projects/spring-security

@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
    .authorizeRequests()
      .antMatchers(HttpMethod.POST).denyAll();
  // @formatter:on
}
origin: macrozheng/mall

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()//配置权限
//                .antMatchers("/").access("hasRole('TEST')")//该路径需要TEST角色
        .antMatchers("/").authenticated()//该路径需要登录认证
//                .antMatchers("/brand/list").hasAuthority("TEST")//该路径需要TEST权限
        .antMatchers("/**").permitAll()
        .and()//启用基于http的认证
        .httpBasic()
        .realmName("/")
        .and()//配置登录页面
        .formLogin()
        .loginPage("/login")
        .failureUrl("/login?error=true")
        .and()//配置退出路径
        .logout()
        .logoutSuccessUrl("/")
//                .and()//记住密码功能
//                .rememberMe()
//                .tokenValiditySeconds(60*60*24)
//                .key("rememberMeKey")
        .and()//关闭跨域伪造
        .csrf()
        .disable()
        .headers()//去除X-Frame-Options
        .frameOptions()
        .disable();
  }
origin: paascloud/paascloud-master

  /**
   * Configure.
   *
   * @param http the http
   *
   * @throws Exception the exception
   */
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.headers().frameOptions().disable()
        .and()
        .formLogin()
        .loginPage("/login.html")
        .loginProcessingUrl("/login")
        .and()
        .logout().logoutUrl("/logout")
        .and()
        .csrf().disable()
        .authorizeRequests()
        .antMatchers("/api/**", "/applications/**", "/api/applications/**", "/login.html", "/**/*.css", "/img/**", "/third-party/**")
        .permitAll()
        .anyRequest().authenticated();
  }
}
origin: zhangxd1989/spring-boot-cloud

  @Override
  public void configure(HttpSecurity http) throws Exception {
    http
        .requestMatchers().antMatchers("/current")
        .and()
        .authorizeRequests()
        .antMatchers("/current").access("#oauth2.hasScope('read')");
  }
}
origin: macrozheng/mall

.authorizeRequests()
.antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
    "/",
    "/*.html",
.antMatchers("/admin/login", "/admin/register")// 对登录注册要允许匿名访问
.permitAll()
.antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
.permitAll()
.antMatchers("/**")//测试时全部运行访问
org.springframework.security.config.annotation.web.buildersHttpSecurityauthorizeRequests

Javadoc

Allows restricting access based upon the HttpServletRequest using Example Configurations The most basic example is to configure all URLs to require the role "ROLE_USER". The configuration below requires authentication to every URL and will grant access to both the user "admin" and "user". 
 
@Configuration 
@EnableWebSecurity 
public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { 
@Override 
protected void configure(HttpSecurity http) throws Exception { 
http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin(); 
} 
@Override 
protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER") 
.and().withUser("admin").password("password").roles("ADMIN", "USER"); 
} 
}
We can also configure multiple URLs. The configuration below requires authentication to every URL and will grant access to URLs starting with /admin/ to only the "admin" user. All other URLs either user can access. 
 
@Configuration 
@EnableWebSecurity 
public class AuthorizeUrlsSecurityConfig extends WebSecurityConfigurerAdapter { 
@Override 
protected void configure(HttpSecurity http) throws Exception { 
http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN") 
.antMatchers("/**").hasRole("USER").and().formLogin(); 
} 
@Override 
protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER") 
.and().withUser("admin").password("password").roles("ADMIN", "USER"); 
} 
}
Note that the matchers are considered in order. Therefore, the following is invalid because the first matcher matches every request and will never get to the second mapping: 
 
http.authorizeRequests().antMatchers("/**").hasRole("USER").antMatchers("/admin/**") 
.hasRole("ADMIN")

Popular methods of HttpSecurity

  • csrf
    Adds CSRF support. This is activated by default when using WebSecurityConfigurerAdapter's default co
  • logout
    Provides logout support. This is automatically applied when using WebSecurityConfigurerAdapter. The
  • formLogin
    Specifies to support form based authentication. If FormLoginConfigurer#loginPage(String) is not spec
  • httpBasic
    Configures HTTP Basic authentication.EXAMPLE CONFIGURATION The example below demonstrates how to con
  • exceptionHandling
    Allows configuring exception handling. This is automatically applied when using WebSecurityConfigure
  • sessionManagement
    Allows configuring of Session Management.EXAMPLE CONFIGURATION The following configuration demonstra
  • addFilterBefore
  • headers
    Adds the Security headers to the response. This is activated by default when using WebSecurityConfig
  • requestMatchers
    Allows specifying which HttpServletRequest instances this HttpSecurity will be invoked on. This meth
  • addFilterAfter
  • antMatcher
    Allows configuring the HttpSecurity to only be invoked when matching the provided ant pattern. If mo
  • anonymous
    Allows configuring how an anonymous user is represented. This is automatically applied when used in
  • antMatcher,
  • anonymous,
  • apply,
  • rememberMe,
  • getSharedObject,
  • cors,
  • requestMatcher,
  • authenticationProvider,
  • addFilter

Popular in Java

  • Running tasks concurrently on multiple threads
  • compareTo (BigDecimal)
  • getContentResolver (Context)
  • scheduleAtFixedRate (Timer)
  • BufferedImage (java.awt.image)
    The BufferedImage subclass describes an java.awt.Image with an accessible buffer of image data. All
  • Thread (java.lang)
    A thread is a thread of execution in a program. The Java Virtual Machine allows an application to ha
  • BitSet (java.util)
    The BitSet class implements abit array [http://en.wikipedia.org/wiki/Bit_array]. Each element is eit
  • JOptionPane (javax.swing)
  • JPanel (javax.swing)
  • DateTimeFormat (org.joda.time.format)
    Factory that creates instances of DateTimeFormatter from patterns and styles. Datetime formatting i
  • Top 12 Jupyter Notebook extensions
Tabnine Logo

  • Products

    Search for Java codeSearch for JavaScript code

  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode

  • Company

    About UsContact UsCareers

  • Resources

    FAQBlogTabnine AcademyTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now