@Override protected void configure(HttpSecurity http) throws Exception { .... String internalSecretKey = "internalSecretKey"; http.rememberMe().rememberMeServices(rememberMeServices(internalSecretKey)).key(internalSecretKey); } @Bean public RememberMeServices rememberMeServices(String internalSecretKey) { BasicRememberMeUserDetailsService rememberMeUserDetailsService = new BasicRememberMeUserDetailsService(); InMemoryTokenRepositoryImpl rememberMeTokenRepository = new InMemoryTokenRepositoryImpl(); PersistentTokenBasedRememberMeServices services = new PersistentTokenBasedRememberMeServices(staticKey, rememberMeUserDetailsService, rememberMeTokenRepository); services.setAlwaysRemember(true); return services; }
@Override protected void configure(HttpSecurity http) throws Exception { http // ... additional configuration ... .rememberMe() .rememberMeServices(rememberMeServices()); // end::http-rememberme[] http .formLogin().and() .authorizeRequests() .anyRequest().authenticated(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/admin/**").authenticated() .anyRequest().permitAll() .and() .formLogin() .loginPage("/login") .permitAll() .failureUrl("/login?error=1") .loginProcessingUrl("/authenticate") .and() .logout() .logoutUrl("/logout") .permitAll() .logoutSuccessUrl("/login?logout") .and() .rememberMe() .rememberMeServices(rememberMeServices()) .key("remember-me-key"); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/user/**").authenticated() .anyRequest().permitAll() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/user", true) .permitAll() .and() .logout() .permitAll() .and().portMapper().http(port).mapsTo(sslPort) .and().csrf().disable(); http.rememberMe().alwaysRemember(true); http.addFilterAt(qqAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); http.addFilterAt(githubAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { http .cors().and() .rememberMe().disable() .authorizeRequests() .anyRequest().fullyAuthenticated() .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS); // x509 http.addFilterBefore(x509FilterBean(), AnonymousAuthenticationFilter.class); // jwt http.addFilterBefore(jwtFilterBean(), AnonymousAuthenticationFilter.class); // otp http.addFilterBefore(otpFilterBean(), AnonymousAuthenticationFilter.class); // knox http.addFilterBefore(knoxFilterBean(), AnonymousAuthenticationFilter.class); // anonymous http.anonymous().authenticationFilter(anonymousFilterBean()); }
@Override protected void configure(HttpSecurity http) throws Exception { http .rememberMe() .key("KEY") .tokenRepository(databasePersistentTokeRepositoryImpl) .tokenValiditySeconds((int) TimeUnit.SECONDS.convert(7, TimeUnit.DAYS)) .withObjectPostProcessor( new ObjectPostProcessor<RememberMeAuthenticationFilter>() { @Override public <O extends RememberMeAuthenticationFilter> O postProcess( O object) { RememberMeAuthenticationFilter rmaf = (RememberMeAuthenticationFilter) PersistentTokenBasedRememberMeServices rms = (PersistentTokenBasedRememberMeServices)rmaf.getRememberMeServices(); rms.setAlwaysRemember( true ); return object; } }) .and() .csrf().disable(); }
@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserDetailsService userDetailsService; @Autowired DatabasePersistentTokeRepositoryImpl databasePersistentTokeRepositoryImpl; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http .rememberMe() .key("KEY") .tokenRepository(databasePersistentTokeRepositoryImpl) .tokenValiditySeconds((int) TimeUnit.SECONDS.convert(7, TimeUnit.DAYS)) .and() .csrf().disable(); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeUrls().antMatchers("/", "/index", "/user/**", "/about").permitAll() .antMatchers("/admin/**").hasRole("ADMIN") .anyRequest().authenticated() .and().formLogin() .loginUrl("/login") .failureUrl("/login-error") .loginProcessingUrl("/security_check") .usernameParameter("j_username").passwordParameter("j_password") .permitAll(); http.authorizeUrls().antMatchers("/api/*").hasRole("YOUR_ROLE_HERE").and().httpBasic(); http.logout().logoutUrl("/logout"); http.rememberMe().rememberMeServices(rememberMeServices()).key("password"); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/registration", "/static/**", "/activate/*").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .and() .rememberMe() .and() .logout() .permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/user/register").permitAll() .antMatchers("/user/activate").permitAll() .antMatchers("/user/activation-send").permitAll() .antMatchers("/user/reset-password").permitAll() .antMatchers("/user/reset-password-change").permitAll() .antMatchers("/user/autologin").access("hasRole('ROLE_ADMIN')") .antMatchers("/user/delete").access("hasRole('ROLE_ADMIN')") .antMatchers("/img/**").permitAll() .antMatchers("/images/**").permitAll() .antMatchers("/fonts/**").permitAll() .anyRequest().authenticated() .and() .formLogin().loginPage("/login").failureUrl("/login?error").permitAll() .and() .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login") .and() .rememberMe().key(applicationSecret) .tokenValiditySeconds(31536000); }
@Override protected void configure(HttpSecurity http) throws Exception { String contextPath = sccaRestProperties.getContextPath(); http.authorizeRequests() .antMatchers(contextPath + "/**").authenticated() .anyRequest().permitAll() .and().formLogin().loginPage(contextPath + "/login").successHandler(authenticationSuccessHandler()).failureHandler(authenticationFailureHandler()).permitAll() .and().rememberMe().alwaysRemember(true) .and().logout().logoutUrl(contextPath + "/logout").logoutSuccessHandler(logoutSuccessHandler()).permitAll() .and().csrf().disable() .exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint); }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.authorizeRequests() .antMatchers("/blog/**","/tag/**","friend/**","/login/**").permitAll() .antMatchers("/admin**","/admin/**").authenticated() .and() .rememberMe() .tokenValiditySeconds(3600) .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/admin/index").permitAll() .and() .headers().frameOptions().disable()// x-frame-options deny .and() .logout() .logoutUrl("/admin/loginOut") .permitAll(); }
@Override protected void configure(final HttpSecurity http) throws Exception { http .formLogin() .loginPage("/login") .failureUrl("/login?param.error=bad_credentials").permitAll() .and() .logout().logoutUrl("/logout") .deleteCookies("JSESSIONID") .permitAll() .and() .authorizeRequests() .antMatchers("/favicon.ico", "/static-resources/**", "/css/**", "/js/**").permitAll() .antMatchers("/**").authenticated() .and() .rememberMe() .and() .apply(new SpringSocialConfigurer()) .and() .csrf().disable(); } //@formatter:on
@Override protected void configure(HttpSecurity http) throws Exception { ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests(); registry.antMatchers("/admin/**").hasAuthority(Role.ADMIN.toString()) .antMatchers("/image/**").permitAll() // .antMatchers("/webjars/**").permitAll() // .antMatchers("/js/**").permitAll() // .antMatchers("/css/**").permitAll() // .antMatchers("/img/**").permitAll() .and().formLogin().loginPage("/signin").defaultSuccessUrl("/").permitAll() .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll() .and().csrf().ignoringAntMatchers("/admin/**"/*,"/oauth*//**"*/); http.headers().frameOptions().disable().and() .rememberMe().tokenRepository(reMemberMeRepository); }
@Override protected void configure(HttpSecurity http) throws Exception { applyPasswordAuthenticationConfig(http); http.apply(validateCodeSecurityConfig) .and() .apply(smsCodeAuthenticationSecurityConfig) .and() .rememberMe() .tokenRepository(persistentTokenRepository()) .tokenValiditySeconds(securityProperties.getBrowser().getRememberMeSeconds()) .userDetailsService(userDetailsService) .and() .authorizeRequests() .antMatchers( SecurityConstants.DEFAULT_UNAUTHENTICATION_URL, SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_MOBILE, securityProperties.getBrowser().getLoginPage(), SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX + "/*") .permitAll() .anyRequest() .authenticated() .and() .csrf().disable(); } }
/** * The method configure is responsible for the security configuration. * * @param httpSecurity httpSecurity will be used to configure the authentication process. * @throws Exception Throws an exception if the configuration fails */ @Override protected void configure(final HttpSecurity httpSecurity) throws Exception { httpSecurity .authorizeRequests() .antMatchers("/web/**") .authenticated() .and() .formLogin() .loginPage("/login").failureUrl("/login?error") .usernameParameter("username") .passwordParameter("password") .and() .logout() .logoutSuccessUrl("/login?logout") .and() .csrf().and().rememberMe().tokenRepository(tokenRepository).tokenValiditySeconds(tokenValiditySeconds) .and().exceptionHandling().accessDeniedPage("/forbidden"); httpSecurity.headers().cacheControl().disable(); }
@SuppressWarnings("SignatureDeclareThrowsException") protected void configureRememberMe( HttpSecurity http ) throws Exception { if ( rememberMeProperties.isEnabled() ) { String rememberMeKey = rememberMeProperties.getKey(); int rememberMeValiditySeconds = rememberMeProperties.getTokenValiditySeconds(); http.rememberMe() .key( rememberMeKey ) .tokenValiditySeconds( rememberMeValiditySeconds ) .addObjectPostProcessor( new ObjectPostProcessor<RememberMeAuthenticationFilter>() { @Override public RememberMeAuthenticationFilter postProcess( RememberMeAuthenticationFilter object ) { RememberMeServices rememberMeServices = object.getRememberMeServices(); if ( rememberMeServices instanceof TokenBasedRememberMeServices ) { String cookieName = rememberMeProperties.getCookie(); LOG.debug( "Configuring adminWeb remember me cookie name: {}", cookieName ); ( (TokenBasedRememberMeServices) rememberMeServices ).setCookieName( cookieName ); } return object; } } ); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterAfter(switchUserProcessingFilter(), FilterSecurityInterceptor.class); http.antMatcher("/" + BLOSSOM_BASE_PATH + "/**") .authorizeRequests().anyRequest().fullyAuthenticated() .and().formLogin().loginPage("/" + BLOSSOM_BASE_PATH + "/login") .failureUrl("/" + BLOSSOM_BASE_PATH + "/login?error") .successHandler(blossomAuthenticationSuccessHandler).permitAll() .and().logout() .logoutRequestMatcher(new AntPathRequestMatcher("/" + BLOSSOM_BASE_PATH + "/logout")) .deleteCookies(BLOSSOM_REMEMBER_ME_COOKIE_NAME) .logoutSuccessUrl("/" + BLOSSOM_BASE_PATH + "/login").permitAll() .and().rememberMe().rememberMeCookieName(BLOSSOM_REMEMBER_ME_COOKIE_NAME) .and().exceptionHandling().defaultAuthenticationEntryPointFor( (request, response, authException) -> response.sendError(401), new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest")) .and().sessionManagement() .maximumSessions(webBackOfficeProperties.getMaxSessionsPerUser()).maxSessionsPreventsLogin(true) .expiredSessionStrategy( new BlossomInvalidSessionStrategy("/" + BLOSSOM_BASE_PATH + "/login")) .sessionRegistry(sessionRegistry); } }
@Override protected void customizeRememberMe(HttpSecurity http) throws Exception { UserDetailsService userDetailsService = lookup("userDetailsService"); PersistentTokenRepository persistentTokenRepository = lookup("persistentTokenRepository"); AbstractRememberMeServices rememberMeServices = lookup("rememberMeServices"); RememberMeAuthenticationFilter rememberMeAuthenticationFilter = lookup("rememberMeAuthenticationFilter"); http.rememberMe() .userDetailsService(userDetailsService) .tokenRepository(persistentTokenRepository) .rememberMeServices(rememberMeServices) .key(rememberMeServices.getKey()) .and() .logout() .logoutUrl(LOGOUT_ENDPOINT) .and() .addFilterAt(rememberMeAuthenticationFilter, RememberMeAuthenticationFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { applyPasswordAuthenticationConfig(http); http.apply(validateCodeSecurityConfig) .and() .apply(smsCodeAuthenticationSecurityConfig) .and() .rememberMe() // 记住我相关配置 .tokenRepository(persistentTokenRepository()) .tokenValiditySeconds(securityProperties.getBrowser().getRememberMeSeconds()) .userDetailsService(myUserDetailsService) .and() .sessionManagement() .invalidSessionStrategy(invalidSessionStrategy) // session超时跳转 .maximumSessions(securityProperties.getBrowser().getSession().getMaximumSessions()) // 最大并发session .maxSessionsPreventsLogin(securityProperties.getBrowser().getSession().isMaxSessionsPreventsLogin()) // 是否阻止新的登录 .expiredSessionStrategy(sessionInformationExpiredStrategy) // 并发session失效原因 .and() .and() .csrf().disable(); // 关闭csrf防护 authorizeConfigManager.config(http.authorizeRequests()); }