Refine search
@Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/" , "/demo").permitAll() .anyRequest().authenticated(); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http .authorizeRequests() .antMatchers("/actuator/**").permitAll() .anyRequest().authenticated() .and() .httpBasic() ; } }
@Override public void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/resources/**", "/login").permitAll() .anyRequest() .authenticated(); }
@Override public void configure(HttpSecurity http) throws Exception { http.antMatcher("/**") .authorizeRequests() .antMatchers("/index.html", "/login", "/", "/api/catalog/**", "/user", "/assets/**").permitAll() .anyRequest().authenticated().and().csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/css/**").permitAll() .anyRequest().authenticated() //任何请求,登录后可以访问 .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/") .failureUrl("/login?error") .permitAll() //登录页面用户任意访问 .and() .logout().permitAll(); //注销行为任意访问 http.addFilterBefore(myFilterSecurityInterceptor, FilterSecurityInterceptor.class); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setTargetUrlParameter( "redirectTo" ); http.authorizeRequests() .antMatchers( adminContextPath + "/assets/**" ).permitAll() .antMatchers( adminContextPath + "/login" ).permitAll() .anyRequest().authenticated() .and() .formLogin().loginPage( adminContextPath + "/login" ).successHandler( successHandler ).and() .logout().logoutUrl( adminContextPath + "/logout" ).and() .httpBasic().and() .csrf().disable(); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/","/login").permitAll()//根路径和/login路径不拦截 .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") //2登陆页面路径为/login .defaultSuccessUrl("/chat") //3登陆成功转向chat页面 .permitAll() .and() .logout() .permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/resources/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .and() .logout() .permitAll() .and() .csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { // Page with login form is served as /login.html and does a POST on /login http.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll(); // The UI does a POST on /logout on logout http.logout().logoutUrl("/logout"); // The ui currently doesn't support csrf http.csrf().disable(); // Requests for the login page and the static assets are allowed http.authorizeRequests() .antMatchers("/login.html", "/**/*.css", "/img/**", "/third-party/**") .permitAll(); // ... and any other request needs to be authorized http.authorizeRequests().antMatchers("/**").authenticated(); // Enable so that the clients can authenticate via HTTP basic for registering http.httpBasic(); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); http.authorizeRequests() .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll() .antMatchers("/**").authenticated(); http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout"); http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true) .logoutSuccessHandler(urlLogoutHandler); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); }
protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .antMatchers("/demo/**").permitAll(); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/*").permitAll(); } // @formatter:on
/** * This section defines the security policy for the app. * <p> * <ul> * <li>BASIC authentication is supported (enough for this REST-based demo).</li> * <li>/employees is secured using URL security shown below.</li> * <li>CSRF headers are disabled since we are only testing the REST interface, not a web one.</li> * </ul> * NOTE: GET is not shown which defaults to permitted. * * @param http * @throws Exception * @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity) */ @Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().and().authorizeRequests().// antMatchers(HttpMethod.POST, "/employees").hasRole("ADMIN").// antMatchers(HttpMethod.PUT, "/employees/**").hasRole("ADMIN").// antMatchers(HttpMethod.PATCH, "/employees/**").hasRole("ADMIN").and().// csrf().disable(); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); http.authorizeRequests() .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll() .antMatchers("/**").hasAnyRole(USER_ROLE); http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout"); http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true) .logoutSuccessHandler(urlLogoutHandler); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests()//配置权限 // .antMatchers("/").access("hasRole('TEST')")//该路径需要TEST角色 .antMatchers("/").authenticated()//该路径需要登录认证 // .antMatchers("/brand/list").hasAuthority("TEST")//该路径需要TEST权限 .antMatchers("/**").permitAll() .and()//启用基于http的认证 .httpBasic() .realmName("/") .and()//配置登录页面 .formLogin() .loginPage("/login") .failureUrl("/login?error=true") .and()//配置退出路径 .logout() .logoutSuccessUrl("/") // .and()//记住密码功能 // .rememberMe() // .tokenValiditySeconds(60*60*24) // .key("rememberMeKey") .and()//关闭跨域伪造 .csrf() .disable() .headers()//去除X-Frame-Options .frameOptions() .disable(); }
/** * Configure. * * @param http the http * * @throws Exception the exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.headers().frameOptions().disable() .and() .formLogin() .loginPage("/login.html") .loginProcessingUrl("/login") .and() .logout().logoutUrl("/logout") .and() .csrf().disable() .authorizeRequests() .antMatchers("/api/**", "/applications/**", "/api/applications/**", "/login.html", "/**/*.css", "/img/**", "/third-party/**") .permitAll() .anyRequest().authenticated(); } }
.authorizeRequests() .antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问 "/", "/*.html", .antMatchers("/admin/login", "/admin/register")// 对登录注册要允许匿名访问 .permitAll() .antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求 .permitAll() .antMatchers("/**")//测试时全部运行访问 .permitAll()
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/*").hasRole("USER") .and() .formLogin(); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/users**", "/sessions/**").hasRole("USER") .antMatchers("/signup").permitAll() .anyRequest().hasRole("USER"); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/unsecure").permitAll() .anyRequest().authenticated() .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) .and() .formLogin(); } }