@Override protected void configure(final HttpSecurity http) throws Exception { // workaround regex: we need to exclude the URL /UI/HEARTBEAT here // because we bound the vaadin application to /UI and not to root, // described in vaadin-forum: // https://vaadin.com/forum#!/thread/3200565. HttpSecurity httpSec = http.regexMatcher("(?!.*HEARTBEAT)^.*\\/UI.*$") // disable as CSRF is handled by Vaadin .csrf().disable(); if (springSecurityProperties.isRequireSsl()) { httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and(); } else { LOG.info( "\"******************\\n** Requires HTTPS Security has been disabled for UI, should only be used for developing purposes **\\n******************\""); } if (!StringUtils.isEmpty(hawkbitSecurityProperties.getContentSecurityPolicy())) { httpSec.headers().contentSecurityPolicy(hawkbitSecurityProperties.getContentSecurityPolicy()); } final SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); simpleUrlLogoutSuccessHandler.setTargetUrlParameter("login"); httpSec // UI .authorizeRequests().antMatchers("/UI/login/**").permitAll().antMatchers("/UI/UIDL/**").permitAll() .anyRequest().authenticated().and() // UI login / logout .exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/UI/login/#/")) .and().logout().logoutUrl("/UI/logout").logoutSuccessHandler(simpleUrlLogoutSuccessHandler); }
@Override protected void configure(final HttpSecurity http) throws Exception { // workaround regex: we need to exclude the URL /UI/HEARTBEAT here // because we bound the vaadin application to /UI and not to root, // described in vaadin-forum: // https://vaadin.com/forum#!/thread/3200565. HttpSecurity httpSec = http.regexMatcher("(?!.*HEARTBEAT)^.*\\/UI.*$") // disable as CSRF is handled by Vaadin .csrf().disable(); if (hawkbitSecurityProperties.isRequireSsl()) { httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and(); } else { LOG.info( "\"******************\\n** Requires HTTPS Security has been disabled for UI, should only be used for developing purposes **\\n******************\""); } if (!StringUtils.isEmpty(hawkbitSecurityProperties.getContentSecurityPolicy())) { httpSec.headers().contentSecurityPolicy(hawkbitSecurityProperties.getContentSecurityPolicy()); } final SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); simpleUrlLogoutSuccessHandler.setTargetUrlParameter("login"); httpSec // UI .authorizeRequests().antMatchers("/UI/login/**").permitAll().antMatchers("/UI/UIDL/**").permitAll() .anyRequest().authenticated().and() // UI login / logout .exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/UI/login/#/")) .and().logout().logoutUrl("/UI/logout").logoutSuccessHandler(simpleUrlLogoutSuccessHandler); }
@Override protected void configure(HttpSecurity http) throws Exception { http.regexMatcher(getContext().getPathRegex()) .requiresChannel() .anyRequest() .requiresSecure() .and() .headers() .frameOptions() .sameOrigin() .and() .csrf().disable() .authorizeRequests() .anyRequest() .authenticated() .and() .formLogin().permitAll().loginPage(getContext().getUrlPath() + "/login") .and() .logout() .logoutRequestMatcher(new RegexRequestMatcher("/.*logout\\?{0,1}.*", HttpMethod.GET.name())) .logoutSuccessUrl("/"); }
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
@Override protected void configure(HttpSecurity http) throws Exception { http .requiresChannel() .anyRequest().requiresSecure() .and() .portMapper() .http(543).mapsTo(123) .and() .portMapper(); } }