@Override public void configure(final HttpSecurity http) throws Exception { http .headers().disable() .csrf().disable() .authorizeRequests().antMatchers(resourceServerUrlPatterns).authenticated(); }
@Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity.authorizeRequests().antMatchers("/").permitAll().and() .authorizeRequests().antMatchers("/console/**").permitAll(); httpSecurity.csrf().disable(); httpSecurity.headers().frameOptions().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { final JwtPreAuthenticatedProcessingFilter jwtPreAuthenticatedProcessingFilter = new JwtPreAuthenticatedProcessingFilter(); jwtPreAuthenticatedProcessingFilter.setAuthenticationManager(jwtAuthenticationManager); http .addFilterBefore(jwtPreAuthenticatedProcessingFilter, BasicAuthenticationFilter.class) .authorizeRequests() .anyRequest() .authenticated() .and() .headers() .disable(); // This needs some more research }
@Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/**").csrf().disable(); http .authorizeRequests() .antMatchers(unsecuredPaths.getUnsecuredPaths().toArray(new String[unsecuredPaths.getUnsecuredPaths().size()])) .permitAll() .anyRequest().authenticated() .and().userDetailsService(userDetailsService) .httpBasic() .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .csrf().disable() .headers().disable(); } }
@Override public void configure(HttpSecurity http) throws Exception { http .exceptionHandling() .authenticationEntryPoint(customAuthenticationEntryPoint) .and() .logout() .logoutUrl("/oauth/logout") .logoutSuccessHandler(customLogoutSuccessHandler) .and() .csrf() .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")) .disable() .headers() .frameOptions().disable() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .authorizeRequests() .antMatchers("/hello/").permitAll() .antMatchers("/secure/**").authenticated(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .headers().frameOptions().disable() .authorizeRequests() .anyRequest().permitAll() .and() .formLogin().disable().apply(new UsertypeFormLoginConfigurer<HttpSecurity>()) .loginPage("/login") .permitAll() .and() .logout().permitAll().and() .anonymous().and() .csrf().disable() .exceptionHandling() .defaultAuthenticationEntryPointFor( (request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage()), new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest") ); }
@Override protected void configure(final HttpSecurity http) throws Exception { http.csrf().disable() .headers().disable() .logout() .disable() .requiresChannel() .requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null) .requiresSecure(); val requests = http.authorizeRequests(); configureEndpointAccessToDenyUndefined(http, requests); configureEndpointAccessForStaticResources(requests); val endpoints = casProperties.getMonitor().getEndpoints().getEndpoint(); endpoints.forEach(Unchecked.biConsumer((k, v) -> { val endpoint = EndpointRequest.to(k); v.getAccess().forEach(Unchecked.consumer(access -> configureEndpointAccess(http, requests, access, v, endpoint))); })); }
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling() .authenticationEntryPoint(casAuthenticationEntryPoint()).and().addFilter(casAuthenticationFilter()) .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class) .addFilterBefore(requestCasGlobalLogoutFilter(), LogoutFilter.class); http.headers().frameOptions().disable().authorizeRequests().antMatchers("/").permitAll() .antMatchers("/login", "/logout", "/secure").authenticated().antMatchers("/filtered") .hasAuthority(AuthoritiesConstants.ADMIN).anyRequest().authenticated(); /** * <logout invalidate-session="true" delete-cookies="JSESSIONID" /> */ http.logout().logoutUrl("/logout").logoutSuccessUrl("/").invalidateHttpSession(true) .deleteCookies("JSESSIONID"); // http.csrf(); } }
@Override protected void configure(final HttpSecurity http) throws Exception { http.authorizeRequests(). antMatchers("/**").permitAll().and(). sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and(). securityContext().securityContextRepository(securityContextRepository()).and(). anonymous().principal(anonymousUser).and(). httpBasic().authenticationEntryPoint(basicAuthenticationEntryPoint()). authenticationDetailsSource(authenticationDetailsSource()).and(). exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and(). addFilterBefore(jwtAuthenticationFilter(), BasicAuthenticationFilter.class). addFilterBefore(mustChangePasswordFilter(), FilterSecurityInterceptor.class). headers().disable(). csrf().disable(); }
.authorizeRequests().anyRequest().authenticated() .and() .headers().disable() .servletApi() .and()
configureHSTS(http); } else { http.headers().disable();