@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest() .authenticated().and().logout().logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest() .authenticated().and().logout().logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**").permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/webjars/**", "/error**").permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }
http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } else { http.csrf().disable();
http.csrf().csrfTokenRepository(new CookieCsrfTokenRepository()).requireCsrfProtectionMatcher( httpServletRequest -> httpServletRequest.getMethod().equals("POST") );
@Override protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/**").authorizeRequests() .antMatchers("/", "/index.html", "/assets/**", "/login", "/api/catalog/**").permitAll().anyRequest().authenticated() .and().logout().logoutSuccessUrl("/").permitAll() .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); // What Angular would like is for the server to send it a cookie called "XSRF-TOKEN" and if it sees that, it will send the value back as a header named "X-XSRF-TOKEN". 需要注意withHttpOnlyFalse后容易受到XSS攻击 //.and().csrf().disable(); // 这样虽然可以工作,但不安全 }
@Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/index.html", "/home.html", "/", "/bower_components/**", "/elements/*") .permitAll().anyRequest().authenticated().and().csrf() .csrfTokenRepository(csrfTokenRepository()).and() .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class); }
@Override public void configure(HttpSecurity http) throws Exception { http.formLogin().and().authorizeRequests().antMatchers(HttpMethod.POST, "/api/applications") .permitAll()// .antMatchers("/mgmt/health").permitAll()// .anyRequest().authenticated()// .and().csrf().ignoringAntMatchers("/api/**", "/mgmt/**") .csrfTokenRepository(csrfTokenRepository()).and() .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class); }
@Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers(HttpMethod.POST, "/api/applications").permitAll()// .antMatchers("/mgmt/health").permitAll()// .anyRequest().authenticated()// .and().csrf().ignoringAntMatchers("/api/**", "/mgmt/**") .csrfTokenRepository(csrfTokenRepository()).and() .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { http.formLogin().and().logout().and().authorizeRequests() .antMatchers("/**/*.html", "/").permitAll().anyRequest() .authenticated().and().csrf() .csrfTokenRepository(csrfTokenRepository()).and() .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class); }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/home").permitAll(); http.authorizeRequests().antMatchers("/api/**").authenticated(); http.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/").deleteCookies("JSESSIONID").invalidateHttpSession(true); http.authorizeRequests().anyRequest().permitAll(); http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); http.addFilterBefore(aadAuthFilter, UsernamePasswordAuthenticationFilter.class); } }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). antMatchers("/actuator/**").permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .ignoringAntMatchers("/instances", "/actuator/**"); } }
@Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/uaa/**", "/login").permitAll().anyRequest().authenticated() .and() .csrf().requireCsrfProtectionMatcher(csrfRequestMatcher()).csrfTokenRepository(csrfTokenRepository()) .and() .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class) .logout().permitAll() .logoutSuccessUrl("/"); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**").authorizeRequests().antMatchers("/login**").permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class).addFilterBefore(new WechatOAuth2ClientContextFilter(), OAuth2ClientAuthenticationProcessingFilter.class); // @formatter:on }