private void configureEndpointAccessByAuthority(final ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry requests, final ActuatorEndpointProperties properties, final EndpointRequest.EndpointRequestMatcher endpoint) throws Exception { requests.requestMatchers(endpoint) .hasAnyAuthority(properties.getRequiredAuthorities().toArray(ArrayUtils.EMPTY_STRING_ARRAY)) .and() .httpBasic(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/css/**").permitAll() .antMatchers("/js/**").permitAll() .antMatchers(INDEX_URL).hasAnyAuthority(ADMIN_ROLE, USER_ROLE) .antMatchers(USERS_URL).hasAuthority(ADMIN_ROLE) .antMatchers(ADD_USER_URL).hasAuthority(ADMIN_ROLE) .anyRequest().authenticated() .and() .formLogin() .loginPage(LOGIN_URL) .permitAll() .loginProcessingUrl(LOGIN_URL) .defaultSuccessUrl(INDEX_URL) .and() .logout() .permitAll(); http.csrf().ignoringAntMatchers(LOGIN_URL, USERS_URL); } }
@Override public void configure(HttpSecurity http) throws Exception { http.headers().frameOptions().disable(); http .authorizeRequests().antMatchers("/me/**") .hasAnyAuthority(roleType.user.toString(), roleType.admin.toString(), roleType.root.toString()) .antMatchers("/rest/**") .hasAnyAuthority(roleType.admin.toString(), roleType.root.toString()) .anyRequest().permitAll() .and().csrf().disable(); } }
.authorizeRequests().anyRequest().authenticated() .antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**") .hasAnyAuthority(SpPermission.SYSTEM_ADMIN);
http.authorizeRequests().antMatchers(DruidConfiguration.DRUID_URL).hasAnyAuthority(SimpleUserDetailsServiceImpl.ROLE_PREFIX + SYSTEM_ADMIN, DruidConfiguration.DRUID_URL.toUpperCase());
httpSecurity.authorizeRequests().antMatchers("/static/tosca/**").hasAnyAuthority("ADMIN", "COMPONENTS_MANAGER", "COMPONENTS_BROWSER"); httpSecurity.authorizeRequests().antMatchers("/rest/admin/health").permitAll(); httpSecurity.authorizeRequests().antMatchers("/rest/admin/**").hasAuthority("ADMIN");
.authorizeRequests().anyRequest().authenticated() .antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**") .hasAnyAuthority(SpPermission.SYSTEM_ADMIN);
@Override protected void configure(HttpSecurity http) throws Exception { //http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED); http .authorizeRequests() .antMatchers("/signIn", "/signUp", "/security_check", "/404", "/captcha").permitAll() .antMatchers("/oauth/signUp").permitAll() .antMatchers("/management/**").hasAnyAuthority(RoleEnum.ROLE_ADMIN.name(), RoleEnum.ROLE_SUPER.name()) .anyRequest().authenticated() .and() .csrf().disable() .logout() .logoutUrl("/logout") .logoutSuccessUrl("/signIn?out") .and() .formLogin() .authenticationDetailsSource(authenticationDetailsSource) //重点 .failureHandler(customAuthenticationFailureHandler) .successHandler(customAuthenticationSuccessHandler) .loginPage("/signIn").loginProcessingUrl("/security_check").permitAll(); http.exceptionHandling().accessDeniedHandler(customAccessDeniedHandler); } }
@Override @SuppressWarnings("SignatureDeclareThrowsException") public void configure( HttpSecurity root ) throws Exception { HttpSecurity http = root.antMatcher( adminWeb.path( "/**" ) ) .csrf() .csrfTokenRepository( CookieCsrfTokenRepository.withHttpOnlyFalse() ) .and() .formLogin().defaultSuccessUrl( adminWeb.path( "/" ) ) .loginPage( adminWeb.path( "/login" ) ) .permitAll() .and().logout().logoutUrl( adminWeb.path( "/logout" ) ) .permitAll() .logoutRequestMatcher( new AntPathRequestMatcher( adminWeb.path( "/logout" ) ) ) .and(); // Allow locale to be changed before security applied if ( localeResolver != null ) { http.addFilterBefore( new LocaleChangeFilter( localeResolver ), SecurityContextPersistenceFilter.class ); } ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry urlRegistry = http.authorizeRequests(); publisher.publishEvent( new AdminWebUrlRegistry( adminWeb, urlRegistry ) ); // Only users with any of the configured admin permissions can login urlRegistry.anyRequest().hasAnyAuthority( settings.getAccessPermissions() ); configureRememberMe( http ); customizeAdminWebSecurity( http ); }
protected void configure(HttpSecurity http) throws Exception { http .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .csrf() .disable(); http .requestMatcher(new ActuatorRequestMatcher()) .authorizeRequests() .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated() .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN) .and().httpBasic(); } }