@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/built/**", "/main.css").permitAll() .anyRequest().authenticated() .and() .formLogin() .defaultSuccessUrl("/", true) .permitAll() .and() .httpBasic() .and() .csrf().disable() .logout() .logoutSuccessUrl("/"); }
@Override protected void configure(HttpSecurity http) throws Exception { http.formLogin() // 表单登录 // http.httpBasic() // HTTP Basic .and() .authorizeRequests() // 授权配置 .anyRequest() // 所有请求 .authenticated(); // 都需要认证 } }
/** * Override this method to configure the {@link HttpSecurity}. Typically subclasses * should not invoke this method by calling super as it may override their * configuration. The default configuration is: * * <pre> * http.authorizeRequests().anyRequest().authenticated().and().formLogin().and().httpBasic(); * </pre> * * @param http the {@link HttpSecurity} to modify * @throws Exception if an error occurs */ // @formatter:off protected void configure(HttpSecurity http) throws Exception { logger.debug("Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity)."); http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin().and() .httpBasic(); } // @formatter:on
/** * Disable CSRF protection (to simplify this demo) and enable the default * login form. */ @Override protected void configure(HttpSecurity http) throws Exception { http // Disable CSRF protection .csrf().disable() // Set default configurations from Spring Security .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic(); return; }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler(); successHandler.setTargetUrlParameter( "redirectTo" ); http.authorizeRequests() .antMatchers( adminContextPath + "/assets/**" ).permitAll() .antMatchers( adminContextPath + "/login" ).permitAll() .anyRequest().authenticated() .and() .formLogin().loginPage( adminContextPath + "/login" ).successHandler( successHandler ).and() .logout().logoutUrl( adminContextPath + "/logout" ).and() .httpBasic().and() .csrf().disable(); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/","/login").permitAll()//根路径和/login路径不拦截 .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") //2登陆页面路径为/login .defaultSuccessUrl("/chat") //3登陆成功转向chat页面 .permitAll() .and() .logout() .permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/resources/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .permitAll() .and() .logout() .permitAll() .and() .csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); http.authorizeRequests() .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll() .antMatchers("/**").authenticated(); http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout"); http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true) .logoutSuccessHandler(urlLogoutHandler); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); http.authorizeRequests() .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll() .antMatchers("/**").hasAnyRole(USER_ROLE); http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout"); http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true) .logoutSuccessHandler(urlLogoutHandler); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); }
@Override protected void configure(HttpSecurity http) throws Exception { http .formLogin() .and() .sessionManagement(); } // @formatter:on
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests()//配置权限 // .antMatchers("/").access("hasRole('TEST')")//该路径需要TEST角色 .antMatchers("/").authenticated()//该路径需要登录认证 // .antMatchers("/brand/list").hasAuthority("TEST")//该路径需要TEST权限 .antMatchers("/**").permitAll() .and()//启用基于http的认证 .httpBasic() .realmName("/") .and()//配置登录页面 .formLogin() .loginPage("/login") .failureUrl("/login?error=true") .and()//配置退出路径 .logout() .logoutSuccessUrl("/") // .and()//记住密码功能 // .rememberMe() // .tokenValiditySeconds(60*60*24) // .key("rememberMeKey") .and()//关闭跨域伪造 .csrf() .disable() .headers()//去除X-Frame-Options .frameOptions() .disable(); }
/** * Configure. * * @param http the http * * @throws Exception the exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.headers().frameOptions().disable() .and() .formLogin() .loginPage("/login.html") .loginProcessingUrl("/login") .and() .logout().logoutUrl("/logout") .and() .csrf().disable() .authorizeRequests() .antMatchers("/api/**", "/applications/**", "/api/applications/**", "/login.html", "/**/*.css", "/img/**", "/third-party/**") .permitAll() .anyRequest().authenticated(); } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .and() .oauth2ResourceServer() .jwt(); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { http .formLogin().and() .requestCache() .requestCache(this.requestCache); } }
@Override public void configure(HttpSecurity http) throws Exception { http .formLogin() .and() .sessionManagement() .sessionAuthenticationStrategy(customSessionAuthenticationStrategy); } // @formatter:on
.successHandler(new GoAuthenticationSuccessHandler()) .failureHandler(new GoAuthenticationFailureHandler()) .and() .logout() .logoutUrl("/sso/logout")
@Override protected void configure(HttpSecurity http) throws Exception { http // ... additional configuration ... .rememberMe() .rememberMeServices(rememberMeServices()); // end::http-rememberme[] http .formLogin().and() .authorizeRequests() .anyRequest().authenticated(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/admin/**").authenticated() .anyRequest().permitAll() .and() .formLogin() .loginPage("/login") .permitAll() .failureUrl("/login?error=1") .loginProcessingUrl("/authenticate") .and() .logout() .logoutUrl("/logout") .permitAll() .logoutSuccessUrl("/login?logout") .and() .rememberMe() .rememberMeServices(rememberMeServices()) .key("remember-me-key"); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/user/**").authenticated() .anyRequest().permitAll() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/user", true) .permitAll() .and() .logout() .permitAll() .and().portMapper().http(port).mapsTo(sslPort) .and().csrf().disable(); http.rememberMe().alwaysRemember(true); http.addFilterAt(qqAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); http.addFilterAt(githubAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); }
@Override public void configure(HttpSecurity http) throws Exception { ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.formLogin().loginPage("/authentication/require") .loginProcessingUrl("/authentication/form") .and() .authorizeRequests(); filterIgnorePropertiesConfig.getUrls().forEach(url -> registry.antMatchers(url).permitAll()); registry.anyRequest().authenticated() .and() .csrf().disable(); http.apply(mobileSecurityConfigurer); }