@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .expressionHandler(EXPRESSION_HANDLER); } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override public void configure(HttpSecurity http) throws Exception { AuthenticationManager oauthAuthenticationManager = oauthAuthenticationManager(http); resourcesServerFilter = new OAuth2AuthenticationProcessingFilter(); resourcesServerFilter.setAuthenticationEntryPoint(authenticationEntryPoint); resourcesServerFilter.setAuthenticationManager(oauthAuthenticationManager); if (eventPublisher != null) { resourcesServerFilter.setAuthenticationEventPublisher(eventPublisher); } if (tokenExtractor != null) { resourcesServerFilter.setTokenExtractor(tokenExtractor); } if (authenticationDetailsSource != null) { resourcesServerFilter.setAuthenticationDetailsSource(authenticationDetailsSource); } resourcesServerFilter = postProcess(resourcesServerFilter); resourcesServerFilter.setStateless(stateless); // @formatter:off http .authorizeRequests().expressionHandler(expressionHandler) .and() .addFilterBefore(resourcesServerFilter, AbstractPreAuthenticatedProcessingFilter.class) .exceptionHandling() .accessDeniedHandler(accessDeniedHandler) .authenticationEntryPoint(authenticationEntryPoint); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.cors() // if Spring MVC is on classpath and no CorsConfigurationSource is provided, Spring Security will use CORS configuration provided to Spring MVC .and() .authenticationProvider(customAuthProvider()) .csrf() .ignoringAntMatchers("/stomp/**") .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")) .disable() .headers() .frameOptions().disable() .and() .authorizeRequests() .expressionHandler(webExpressionHandler()) .antMatchers("/oauth/token").permitAll() .anyRequest().authenticated() .and() .exceptionHandling() // TODO: 예외 처리 방식은 추후 정리 .accessDeniedPage("/station.login.jsp?authorization_error=true"); // @formatter:on http.headers().frameOptions().disable(); http.authorizeRequests().anyRequest().permitAll(); }
@Override public void configure(HttpSecurity http) throws Exception { AuthenticationManager oauthAuthenticationManager = oauthAuthenticationManager(http); resourcesServerFilter = new OAuth2AuthenticationProcessingFilter(); resourcesServerFilter.setAuthenticationEntryPoint(authenticationEntryPoint); resourcesServerFilter.setAuthenticationManager(oauthAuthenticationManager); if (eventPublisher != null) { resourcesServerFilter.setAuthenticationEventPublisher(eventPublisher); } if (tokenExtractor != null) { resourcesServerFilter.setTokenExtractor(tokenExtractor); } if (authenticationDetailsSource != null) { resourcesServerFilter.setAuthenticationDetailsSource(authenticationDetailsSource); } resourcesServerFilter = postProcess(resourcesServerFilter); resourcesServerFilter.setStateless(stateless); // @formatter:off http .authorizeRequests().expressionHandler(expressionHandler) .and() .addFilterBefore(resourcesServerFilter, AbstractPreAuthenticatedProcessingFilter.class) .exceptionHandling() .accessDeniedHandler(accessDeniedHandler) .authenticationEntryPoint(authenticationEntryPoint); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) // Just for laughs, apply OAuth protection to only 3 resources .requestMatchers().antMatchers("/","/admin/beans","/admin/health") .and() .authorizeRequests() .anyRequest().access("#oauth2.hasScope('read')").expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@SuppressWarnings("rawtypes") @Override protected void configure(HttpSecurity http) throws Exception { SecurityExpressionHandler<FilterInvocation> handler = new DefaultWebSecurityExpressionHandler(); WebExpressionVoter expressionVoter = new WebExpressionVoter(); AffirmativeBased adm = new AffirmativeBased(Arrays.<AccessDecisionVoter<? extends Object>>asList(expressionVoter)); http .authorizeRequests() .expressionHandler(handler) .accessDecisionManager(adm) .filterSecurityInterceptorOncePerRequest(true) .antMatchers("/a", "/b").hasRole("ADMIN") .anyRequest().permitAll() .and() .formLogin(); } // @formatter:on
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .expressionHandler(expressionHandler()) .antMatchers("/admin/**").hasRole("ADMIN") .antMatchers("/user/**").hasRole("USER") .antMatchers("/allow/**").access("check('user')") .anyRequest().access("check('admin')"); } // @formatter:on