@Override protected void configure(HttpSecurity http) throws Exception { http .cors().and() .rememberMe().disable() .authorizeRequests() .anyRequest().fullyAuthenticated() .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS); // x509 http.addFilterBefore(x509FilterBean(), AnonymousAuthenticationFilter.class); // jwt http.addFilterBefore(jwtFilterBean(), AnonymousAuthenticationFilter.class); // otp http.addFilterBefore(otpFilterBean(), AnonymousAuthenticationFilter.class); // knox http.addFilterBefore(knoxFilterBean(), AnonymousAuthenticationFilter.class); // anonymous http.anonymous().authenticationFilter(anonymousFilterBean()); }
@Override protected void configure(HttpSecurity http) throws Exception { http .cors().and() ....
/** * Configures CORS */ protected void cors(HttpSecurity http) throws Exception { http .cors(); }
@Override protected void configure(HttpSecurity http) throws Exception { http.cors() .and() .csrf().disable() .authorizeRequests().anyRequest().permitAll(); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic(); http.csrf().disable(); http.cors().configurationSource(request -> config == null ? DEFAULT_CONFIG : config); }
@Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic(); http.csrf().disable(); http.cors().configurationSource(request -> config == null ? DEFAULT_CONFIG : config); }
private HttpSecurity cors(HttpSecurity security) throws Exception { return security.cors().and(); } }
private HttpSecurity cors(HttpSecurity security) throws Exception { return security.cors().and(); } }
@Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); http .csrf().disable() .cors().and() .authorizeRequests() .antMatchers(ALLOW_PATH).permitAll() .anyRequest() .authenticated(); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/**") .authorizeRequests() .anyRequest() .authenticated() .and() .csrf() .and() .cors(); }
@Override public void configure(HttpSecurity http) throws Exception { //@formatter:off http.authorizeRequests() .anyRequest() .authenticated() .and() .requestMatchers() .antMatchers("/api/**") .and() .cors(); //@formatter:on }
@Override public void configure(HttpSecurity http) throws Exception { http.requestMatchers().antMatchers(getSecuredPattern()).and().cors().and().authorizeRequests().anyRequest().authenticated().and().csrf().disable(); }
@Override public void configure(HttpSecurity http) throws Exception { http.cors().and().csrf().disable() // 前后端分离 不需要csrf .exceptionHandling().authenticationEntryPoint((httpServletRequest, httpServletResponse, e) -> httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized")).and() // 设置没有登录认证时候的错误提醒为401 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests().antMatchers("/actuator/health").permitAll().anyRequest().authenticated().and().httpBasic(); } }
@Override public void configure(HttpSecurity http) throws Exception { http.cors().and().csrf().disable() // 前后端分离 不需要csrf .exceptionHandling().authenticationEntryPoint((httpServletRequest, httpServletResponse, e) -> httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized")).and() // 设置没有登录认证时候的错误提醒为401 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests().antMatchers("/upload","/actuator/health").permitAll().anyRequest().authenticated().and().httpBasic(); } }
@Override public void configure(HttpSecurity http) throws Exception { http.cors().and().csrf().disable() // 前后端分离 不需要csrf .exceptionHandling().authenticationEntryPoint(new NoLoginAuthenticationEntryPoint()).and() // 设置没有登录认证时候的错误提醒为401 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests().antMatchers(WHITE_LIST).permitAll().anyRequest().authenticated().and();//配置order访问控制,必须认证过后才可以访问 } }
@Override protected void configure(HttpSecurity http) throws Exception { if (Arrays.asList(env.getActiveProfiles()).contains("test")) { http.headers().frameOptions().disable(); } http.cors().and().csrf().disable(); http.authorizeRequests() .antMatchers(HttpMethod.POST, PUBLIC_MATCHERS_POST).permitAll() .antMatchers(HttpMethod.GET, PUBLIC_MATCHERS_GET).permitAll() .antMatchers(PUBLIC_MATCHERS).permitAll() .anyRequest().authenticated(); http.addFilter(new JWTAuthenticationFilter(authenticationManager(), jwtUtil)); http.addFilter(new JWTAuthorizationFilter(authenticationManager(), jwtUtil, userDetailsService)); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); }
@Override protected void configure(final HttpSecurity http) throws Exception { http.cors().and().csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .sessionAuthenticationStrategy(sessionAuthenticationStrategy()).and() .addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class) .addFilterBefore(keycloakAuthenticationProcessingFilter(), X509AuthenticationFilter.class) .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and() .authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll() .requestMatchers(CorsUtils::isCorsRequest).permitAll() .antMatchers(urlPath()).authenticated() //允许被登录用户访问 .anyRequest().permitAll(); }
@EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http // by default uses a Bean by the name of corsConfigurationSource .cors().and() ... } @Bean CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("https://example.com")); configuration.setAllowedMethods(Arrays.asList("GET","POST")); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } }
@EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http // by default uses a Bean by the name of corsConfigurationSource .cors().and() ... } @Bean CorsConfigurationSource corsConfigurationSource() { CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(Arrays.asList("https://example.com")); configuration.setAllowedMethods(Arrays.asList("GET","POST")); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; } }
@Override protected void configure(HttpSecurity http) throws Exception { http.cors().and().csrf().disable() .authorizeRequests() // 测试用资源,需要验证了的用户才能访问 .antMatchers("/tasks/**").authenticated() .antMatchers(HttpMethod.DELETE, "/tasks/**").hasRole("ADMIN") // 其他都放行了 .anyRequest().permitAll() .and() .addFilter(new JWTAuthenticationFilter(authenticationManager())) .addFilter(new JWTAuthorizationFilter(authenticationManager())) // 不需要session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .exceptionHandling().authenticationEntryPoint(new JWTAuthenticationEntryPoint()); }