@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/built/**", "/main.css").permitAll() .anyRequest().authenticated() .and() .formLogin() .defaultSuccessUrl("/", true) .permitAll() .and() .httpBasic() .and() .csrf().disable() .logout() .logoutSuccessUrl("/"); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/","/login").permitAll()//根路径和/login路径不拦截 .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") //2登陆页面路径为/login .defaultSuccessUrl("/chat") //3登陆成功转向chat页面 .permitAll() .and() .logout() .permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/user/**").authenticated() .anyRequest().permitAll() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/user", true) .permitAll() .and() .logout() .permitAll() .and().portMapper().http(port).mapsTo(sslPort) .and().csrf().disable(); http.rememberMe().alwaysRemember(true); http.addFilterAt(qqAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); http.addFilterAt(githubAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); }
/** * 匹配 "/" 路径,不需要权限即可访问 * 匹配 "/user" 及其以下所有路径,都需要 "USER" 权限 * 登录地址为 "/login",登录成功默认跳转到页面 "/user" * 退出登录的地址为 "/logout",退出成功后跳转到页面 "/login" * 默认启用 CSRF */ @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/header.html").permitAll() .antMatchers("/user/**").hasRole("USER") .and() .formLogin().loginPage("/login").defaultSuccessUrl("/user") .and() .logout().logoutUrl("/logout").logoutSuccessUrl("/login"); // 在 UsernamePasswordAuthenticationFilter 前添加 BeforeLoginFilter http.addFilterBefore(new BeforeLoginFilter(), UsernamePasswordAuthenticationFilter.class); // 在 CsrfFilter 后添加 AfterCsrfFilter http.addFilterAfter(new AfterCsrfFilter(), CsrfFilter.class); }
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity.csrf().disable(); httpSecurity.authorizeRequests() .antMatchers("/login", "/error**", "/public/**", "/resources/**", "/webjars/**").permitAll().and(). formLogin().loginPage("/login").failureUrl("/login").defaultSuccessUrl("/home").and().logout().permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { SimpleUrlAuthenticationSuccessHandler authSuccessHandler = new SimpleUrlAuthenticationSuccessHandler(); authSuccessHandler.setUseReferer(true); http.authorizeRequests() .antMatchers("/login").permitAll() .anyRequest().authenticated() .and().formLogin().defaultSuccessUrl("/test", true); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/css/**").permitAll() .anyRequest().authenticated() .and().formLogin() .loginPage("/customLogin") .defaultSuccessUrl("/loginSuccess", true) .permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/css/**", "/js/**", "/img/**", "/resources/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/", true) .permitAll() .and() .logout() .permitAll(); http.csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/","/login").permitAll()//1根路径和/login路径不拦截 .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") //2登陆页面 .defaultSuccessUrl("/chat") //3登陆成功转向该页面 .permitAll() .and() .logout() .permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/user/**").authenticated() .anyRequest().permitAll() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/user", true) .permitAll() .and() .logout() .permitAll() .and().csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("admin","/admin/**").authenticated() .anyRequest().permitAll() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/index") .permitAll() .and() .logout() .permitAll() .and() .csrf().disable() ; }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/signup", "/static/**").permitAll() .antMatchers("/code").hasRole("PRE_AUTH_USER") .antMatchers("/home").hasRole("USER") .anyRequest().authenticated(); http.formLogin() .loginPage("/login") .permitAll() // always use the default success url despite if a protected page had been previously visited .defaultSuccessUrl("/code", true) .and() .logout() .permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .antMatchers("/", "/assets/**/*", "/js/*", "/images/**/*", "/feedback", "/webhook", "/fbwebhook", "/slackwebhook", "/embed").permitAll() .anyRequest().authenticated() .and() .formLogin() .defaultSuccessUrl("/admin") .loginPage("/login") .permitAll() .and() .logout() .permitAll(); http.headers().frameOptions().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { List<String> activeProfiles = Arrays.asList(env.getActiveProfiles()); if (activeProfiles.contains("dev")) { http.csrf().disable(); http.headers().frameOptions().disable(); } http .authorizeRequests() .antMatchers(PUBLIC_MATCHERS).permitAll() .anyRequest().authenticated() .and() .formLogin().loginPage("/login").defaultSuccessUrl("/payload") .failureUrl("/login?error").permitAll() .and() .logout().permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { http. authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/login").permitAll() .antMatchers("/registration").permitAll() .antMatchers("/admin/**").hasAuthority("ADMIN").anyRequest() .authenticated().and().csrf().disable().formLogin() .loginPage("/login").failureUrl("/login?error=true") .defaultSuccessUrl("/admin/home") .usernameParameter("email") .passwordParameter("password") .and().logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/").and().exceptionHandling() .accessDeniedPage("/access-denied"); }
@Override protected void configure(HttpSecurity http) throws Exception { http. authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/login").permitAll() .antMatchers("/registration").permitAll() .antMatchers("/admin/**").hasAuthority("ADMIN").anyRequest() .authenticated().and().csrf().disable().formLogin() .loginPage("/login").failureUrl("/login?error=true") .defaultSuccessUrl("/admin/home") .usernameParameter("email") .passwordParameter("password") .and().logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/").and().exceptionHandling() .accessDeniedPage("/access-denied"); }
@Override protected void configure(HttpSecurity http) throws Exception { http.requestMatcher(new RequestMatcher() { @Override public boolean matches(HttpServletRequest request) { System.out.println("\n\n\nMATCHING ON REST PATTERNS!!!!\n\n\n"); return true; } }); http.csrf().disable(); http.requestMatchers().antMatchers("/admin/**", "/logout"); http.authorizeRequests().antMatchers("/admin", "/admin/", "/admin/loginFailed.html").permitAll() .antMatchers("/admin/**").hasRole(SiteWhereRoles.AUTH_ADMIN_CONSOLE).anyRequest().authenticated(); http.formLogin().loginPage("/admin/").loginProcessingUrl("/admin/login.html") .defaultSuccessUrl("/admin/tenant.html").failureUrl("/admin/loginFailed.html"); http.logout().logoutSuccessUrl("/admin/"); } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .formLogin() .loginPage("/login").defaultSuccessUrl("http://localhost:8888/index.html").permitAll() .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/signout")) .logoutSuccessUrl("/login") //.and().logout().invalidateHttpSession(true).deleteCookies("JSESSION") .and() .requestMatchers() .antMatchers("/","/login","/logout","/signout", "/oauth/authorize", "/oauth/confirm_access","/images/**") .and() .authorizeRequests().anyRequest().authenticated(); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { http.formLogin() .loginPage("/login") .defaultSuccessUrl("/catalog") .permitAll(); http.logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/catalog") .deleteCookies("JSESSIONID") .permitAll(); http.authorizeRequests() .mvcMatchers("/my/**").authenticated() .anyRequest().permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests(); registry.antMatchers("/admin/**").hasAuthority(Role.ADMIN.toString()) .antMatchers("/image/**").permitAll() // .antMatchers("/webjars/**").permitAll() // .antMatchers("/js/**").permitAll() // .antMatchers("/css/**").permitAll() // .antMatchers("/img/**").permitAll() .and().formLogin().loginPage("/signin").defaultSuccessUrl("/").permitAll() .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll() .and().csrf().ignoringAntMatchers("/admin/**"/*,"/oauth*//**"*/); http.headers().frameOptions().disable().and() .rememberMe().tokenRepository(reMemberMeRepository); }