@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .csrf() .ignoringAntMatchers("/no-csrf") .ignoringRequestMatchers(this.requestMatcher); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().ignoringAntMatchers("/eureka/**"); super.configure(http); } }
private void disableCsrf(String endpoint, boolean doDisable, HttpSecurity http) throws Exception { if (doDisable) { http.csrf().ignoringAntMatchers(endpoint); } } }
private void disableCsrf(String endpoint, boolean doDisable, HttpSecurity http) throws Exception { if (doDisable) { http.csrf().ignoringAntMatchers(endpoint); } } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/**") .permitAll(); http.csrf().ignoringAntMatchers("/dynamic**", "/static**", "/parser**"); } }
@Override public void configure(HttpSecurity http) throws Exception { http.httpBasic().disable(); http.authorizeRequests().antMatchers("/mgmt/health").permitAll().anyRequest() .authenticated(); http.csrf().ignoringAntMatchers("/mgmt/**"); }
@Override protected void configure(HttpSecurity http) throws Exception { http .apply(stormpath()).and() .authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/v1/instructions").permitAll() .antMatchers("/v1/r").permitAll().and() .csrf().ignoringAntMatchers("/v1/c").and() .csrf().ignoringAntMatchers("/v1/r"); } }
@Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers(HttpMethod.POST, "/api/applications").permitAll()// .antMatchers("/mgmt/health").permitAll()// .anyRequest().authenticated()// .and().csrf().ignoringAntMatchers("/api/**", "/mgmt/**") .csrfTokenRepository(csrfTokenRepository()).and() .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class); }
@Override public void configure(HttpSecurity http) throws Exception { http.formLogin().and().authorizeRequests().antMatchers(HttpMethod.POST, "/api/applications") .permitAll()// .antMatchers("/mgmt/health").permitAll()// .anyRequest().authenticated()// .and().csrf().ignoringAntMatchers("/api/**", "/mgmt/**") .csrfTokenRepository(csrfTokenRepository()).and() .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class); }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). antMatchers("/actuator/**").permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .ignoringAntMatchers("/instances", "/actuator/**"); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.headers().frameOptions().disable(); http.authorizeRequests() .anyRequest() .permitAll() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .ignoringAntMatchers("/instances", "/actuator/**"); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .addFilterAfter(new JwtCsrfValidatorFilter(), CsrfFilter.class) .csrf() .csrfTokenRepository(jwtCsrfTokenRepository) .ignoringAntMatchers(ignoreCsrfAntMatchers) .and() .authorizeRequests() .antMatchers("/**") .permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.formLogin().loginPage("/login").permitAll().and().requestMatchers() .antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access").and() .authorizeRequests().anyRequest().authenticated().and().requestMatchers() .antMatchers("/mgmt/health").and().authorizeRequests().anyRequest().permitAll() .and().csrf().ignoringAntMatchers("/oauth/**", "/mgmt/**"); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().authenticated() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers("/actuator/**").permitAll().anyRequest().authenticated(); http.formLogin().loginPage("/login").permitAll(); http.logout().clearAuthentication(true) .logoutSuccessUrl("/") .logoutUrl("/logout-session") .deleteCookies("JSESSIONID") .invalidateHttpSession(true); http.requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access", "/implicit/redirect"); http.authorizeRequests().antMatchers("/oauth/authorize").authenticated().anyRequest().authenticated(); http.csrf().ignoringAntMatchers("/instances", "/actuator/**"); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/css/**").permitAll() .antMatchers("/js/**").permitAll() .antMatchers(INDEX_URL).hasAnyAuthority(ADMIN_ROLE, USER_ROLE) .antMatchers(USERS_URL).hasAuthority(ADMIN_ROLE) .antMatchers(ADD_USER_URL).hasAuthority(ADMIN_ROLE) .anyRequest().authenticated() .and() .formLogin() .loginPage(LOGIN_URL) .permitAll() .loginProcessingUrl(LOGIN_URL) .defaultSuccessUrl(INDEX_URL) .and() .logout() .permitAll(); http.csrf().ignoringAntMatchers(LOGIN_URL, USERS_URL); } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .antMatchers("/*", "/h2-console/**").permitAll() .antMatchers("/contacts/**").hasRole("USER") .and() .csrf() .ignoringAntMatchers("/h2-console/*") .and() .headers() .frameOptions().sameOrigin() .and() .formLogin() .defaultSuccessUrl("/contacts") .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .antMatchers("/*", "/h2-console/**").permitAll() .antMatchers("/user/**").hasAnyRole("USER", "ADMIN") .antMatchers("/admin/**").hasRole("ADMIN") .and() .csrf() .ignoringAntMatchers("/h2-console/*") .and() .headers() .frameOptions().sameOrigin() .and() .formLogin() .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/"); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests(); registry.antMatchers("/admin/**").hasAuthority(Role.ADMIN.toString()) .antMatchers("/image/**").permitAll() // .antMatchers("/webjars/**").permitAll() // .antMatchers("/js/**").permitAll() // .antMatchers("/css/**").permitAll() // .antMatchers("/img/**").permitAll() .and().formLogin().loginPage("/signin").defaultSuccessUrl("/").permitAll() .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll() .and().csrf().ignoringAntMatchers("/admin/**"/*,"/oauth*//**"*/); http.headers().frameOptions().disable().and() .rememberMe().tokenRepository(reMemberMeRepository); }
protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/api/admin/**").hasRole("ADMIN") .antMatchers("/api/basic/**").hasRole("BASIC") .antMatchers("/api/session").permitAll() .antMatchers(HttpMethod.GET).permitAll() .antMatchers("/api/**").hasRole("BASIC"); http.formLogin(); http.logout() .logoutUrl("/api/session/logout") .addLogoutHandler(customLogoutHandler) .logoutSuccessHandler(customLogoutHandler); http.exceptionHandling() .accessDeniedHandler(customAccessDeniedHandler) .authenticationEntryPoint(customAccessDeniedHandler); http.csrf() .ignoringAntMatchers("/api/session/**"); http.addFilterBefore(new AcceptHeaderLocaleFilter(), UsernamePasswordAuthenticationFilter.class); http.addFilterAt(customAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); http.addFilterAfter(new CsrfTokenResponseHeaderBindingFilter(), CsrfFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.cors() // if Spring MVC is on classpath and no CorsConfigurationSource is provided, Spring Security will use CORS configuration provided to Spring MVC .and() .authenticationProvider(customAuthProvider()) .csrf() .ignoringAntMatchers("/stomp/**") .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")) .disable() .headers() .frameOptions().disable() .and() .authorizeRequests() .expressionHandler(webExpressionHandler()) .antMatchers("/oauth/token").permitAll() .anyRequest().authenticated() .and() .exceptionHandling() // TODO: 예외 처리 방식은 추후 정리 .accessDeniedPage("/station.login.jsp?authorization_error=true"); // @formatter:on http.headers().frameOptions().disable(); http.authorizeRequests().anyRequest().permitAll(); }