@Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/**") .authorizeRequests() .antMatchers("/login**") .permitAll() .anyRequest() .authenticated() .and() .formLogin().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .formLogin().disable() // disable form authentication .anonymous().disable() // disable anonymous user .httpBasic().and() // restricting access to authenticated users .authorizeRequests().anyRequest().authenticated(); }
/** * Configure scopes for specific controller/httpmethods/roles here. */ @Override public void configure(final HttpSecurity http) throws Exception { http.sessionManagement().sessionCreationPolicy(NEVER) // configure form login .and().formLogin().disable() // configure logout .logout().disable() .authorizeRequests() .antMatchers(HttpMethod.OPTIONS).permitAll() // Allow preflight CORS requests from browsers .antMatchers("/").access("#oauth2.hasUidScopeAndAnyRealm('/employees', '/services')") .antMatchers("/api/**").access("#oauth2.hasUidScopeAndAnyRealm('/employees', '/services')") .antMatchers("/s3/**").access("#oauth2.hasUidScopeAndAnyRealm('/employees', '/services')") .antMatchers("/webjars/**").permitAll() .antMatchers("/swagger-resources").permitAll() .antMatchers("/api-docs").permitAll(); }
@Override public void configure( HttpSecurity http ) throws Exception { String ipAddressesExpression = buildIpAddressExpression(); String accessExpression = StringUtils.length( ipAddressesExpression ) > 0 ? ipAddressesExpression + " or " : StringUtils.EMPTY; http.antMatcher( debugWeb.path( "/**" ) ) // Allow a set of IPs without a password and allow non-known IPs with a password .authorizeRequests().anyRequest().access( accessExpression + "hasAuthority('" + securitySettings.getAuthority() + "')" ) .and() .formLogin().disable() .httpBasic() .and() .sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS ) .and() .csrf().disable(); }
@Override protected void configure(final HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() /* .requestMatchers() .antMatchers("/actuator/health") .permitAll() */ .requestMatchers(EndpointRequest.to("status", "info", "health")) .permitAll() .requestMatchers(PathRequest.toStaticResources().atCommonLocations()) .permitAll() .anyRequest() .authenticated() .and() .formLogin() .disable() .headers() .frameOptions() .sameOrigin() .and() .csrf() .disable() .httpBasic() ; // @formatter:on }
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity .csrf().disable() .logout().disable() .formLogin().disable() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .anonymous() .and() .exceptionHandling().authenticationEntryPoint( (req, rsp, e) -> rsp.sendError(HttpServletResponse.SC_UNAUTHORIZED)) .and() .addFilterAfter(new JwtTokenAuthenticationFilter(config), UsernamePasswordAuthenticationFilter.class) .authorizeRequests() .antMatchers(config.getUrl()).permitAll() .antMatchers("/backend/admin").hasRole("ADMIN") .antMatchers("/backend/user").hasRole("USER") .antMatchers("/backend/guest").permitAll(); } }
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity .csrf().disable() .logout().disable() .formLogin().disable() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .anonymous() .and() .exceptionHandling().authenticationEntryPoint( (req, rsp, e) -> rsp.sendError(HttpServletResponse.SC_UNAUTHORIZED)) .and() .addFilterAfter(new JwtUsernamePasswordAuthenticationFilter(config, authenticationManager()), UsernamePasswordAuthenticationFilter.class) .authorizeRequests() .antMatchers(config.getUrl()).permitAll() .anyRequest().authenticated(); } }
.disable() .httpBasic() .disable()
@Override protected void configure(final HttpSecurity http) throws Exception { http .sessionManagement() .sessionCreationPolicy(STATELESS) .and() .exceptionHandling() // this entry point handles when you request a protected page and you are not yet // authenticated .defaultAuthenticationEntryPointFor(forbiddenEntryPoint(), PROTECTED_URLS) .and() .authenticationProvider(provider) .addFilterBefore(restAuthenticationFilter(), AnonymousAuthenticationFilter.class) .authorizeRequests() .requestMatchers(PROTECTED_URLS) .authenticated() .and() .csrf().disable() .formLogin().disable() .httpBasic().disable() .logout().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .headers().frameOptions().disable() .authorizeRequests() .anyRequest().permitAll() .and() .formLogin().disable().apply(new UsertypeFormLoginConfigurer<HttpSecurity>()) .loginPage("/login") .permitAll() .and() .logout().permitAll().and() .anonymous().and() .csrf().disable() .exceptionHandling() .defaultAuthenticationEntryPointFor( (request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage()), new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest") ); }
http.formLogin().disable(); http.requestCache().disable();
@Override protected void configure(HttpSecurity http) throws Exception { http.headers() .frameOptions() .sameOrigin() .and() // disable CSRF, http basic, form login .csrf().disable() // .httpBasic().disable() // .formLogin().disable() // ReST is stateless, no sessions .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) // .and() // return 403 when not authenticated .exceptionHandling().authenticationEntryPoint(new NoAuthenticationEntryPoint()); // Let child classes set up authorization paths setupAuthorization(http); http.addFilterBefore(jsonWebTokenFilter, UsernamePasswordAuthenticationFilter.class); }
http.formLogin().disable(); http.requestCache().disable();