@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests().anyRequest().authenticated() .and() .csrf().disable(); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http .authorizeRequests() .antMatchers("/actuator/**").permitAll() .anyRequest().authenticated() .and() .httpBasic() ; } }
@Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic(); http.csrf().disable(); http.headers().frameOptions().sameOrigin(); }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setTargetUrlParameter( "redirectTo" ); http.authorizeRequests() .antMatchers( adminContextPath + "/assets/**" ).permitAll() .antMatchers( adminContextPath + "/login" ).permitAll() .anyRequest().authenticated() .and() .formLogin().loginPage( adminContextPath + "/login" ).successHandler( successHandler ).and() .logout().logoutUrl( adminContextPath + "/logout" ).and() .httpBasic().and() .csrf().disable(); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); http.authorizeRequests() .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll() .antMatchers("/**").authenticated(); http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout"); http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true) .logoutSuccessHandler(urlLogoutHandler); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); }
protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .logout() .clearAuthentication(false); }
@Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); http .csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); http.authorizeRequests() .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll() .antMatchers("/**").hasAnyRole(USER_ROLE); http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout"); http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true) .logoutSuccessHandler(urlLogoutHandler); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated().and() // custom token authorize exception handler .exceptionHandling() .authenticationEntryPoint(unauthorizedHandler).and() // since we use jwt, session is not necessary .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() // since we use jwt, csrf is not necessary .csrf().disable(); http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class); // disable cache http.headers().cacheControl(); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.anonymous().disable() .antMatcher("/oauth/token") .authorizeRequests().anyRequest().authenticated() .and() .httpBasic().authenticationEntryPoint(authenticationEntryPoint()) .and() .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/token")).disable() .exceptionHandling().accessDeniedHandler(accessDeniedHandler()) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.anonymous().disable() .antMatcher("/token") .authorizeRequests().anyRequest().authenticated() .and() .httpBasic().authenticationEntryPoint(authenticationEntryPoint()) .and() .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/token")).disable() .exceptionHandling().accessDeniedHandler(accessDeniedHandler()) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.anonymous().disable() .antMatcher("/oauth/token") .authorizeRequests().anyRequest().authenticated() .and() .httpBasic().authenticationEntryPoint(authenticationEntryPoint()) .and() .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/token")).disable() .exceptionHandling().accessDeniedHandler(accessDeniedHandler()) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .antMatchers("/requires-read-scope").access("hasAuthority('SCOPE_message:read')") .anyRequest().authenticated() .and() .csrf().disable() .oauth2ResourceServer() .jwt() .jwkSetUri(this.jwkSetUri); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { http .apply(customConfigurer()) .and() .csrf().disable() .formLogin() .loginPage("/other"); }