@Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); http // .csrf().disable() // .authorizeRequests() // .requestMatchers(EndpointRequest.to( // InfoEndpoint.class, // HealthEndpoint.class // )).permitAll() // .requestMatchers(EndpointRequest.toAnyEndpoint()) // .hasRole("ACTUATOR") // .anyRequest().permitAll() // ; }
@Override protected void configure(HttpSecurity http) throws Exception { http.requestMatcher(EndpointRequest.toAnyEndpoint()) .authorizeRequests().anyRequest().hasRole("ENDPOINT_ADMIN") .and() .httpBasic(); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .requestMatchers( EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)) .permitAll().anyRequest().authenticated().and().formLogin().and() .httpBasic(); }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
@Override protected void configure(final HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() /* .requestMatchers() .antMatchers("/actuator/health") .permitAll() */ .requestMatchers(EndpointRequest.to("status", "info", "health")) .permitAll() .requestMatchers(PathRequest.toStaticResources().atCommonLocations()) .permitAll() .anyRequest() .authenticated() .and() .formLogin() .disable() .headers() .frameOptions() .sameOrigin() .and() .csrf() .disable() .httpBasic() ; // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .requestMatchers(EndpointRequest.to(ShutdownEndpoint.class)) .hasRole("ACTUATOR_ADMIN") .requestMatchers(EndpointRequest.toAnyEndpoint()) .permitAll() .requestMatchers(PathRequest.toStaticResources().atCommonLocations()) .permitAll() .antMatchers("/") .permitAll() .antMatchers("/**") .authenticated() .and() .httpBasic(); }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
@Override protected void configure(final HttpSecurity http) throws Exception { http.csrf().disable() .headers().disable() .logout() .disable() .requiresChannel() .requestMatchers(r -> r.getHeader("X-Forwarded-Proto") != null) .requiresSecure(); val requests = http.authorizeRequests(); configureEndpointAccessToDenyUndefined(http, requests); configureEndpointAccessForStaticResources(requests); val endpoints = casProperties.getMonitor().getEndpoints().getEndpoint(); endpoints.forEach(Unchecked.biConsumer((k, v) -> { val endpoint = EndpointRequest.to(k); v.getAccess().forEach(Unchecked.consumer(access -> configureEndpointAccess(http, requests, access, v, endpoint))); })); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .mvcMatchers("/admin").hasRole("ADMIN") .requestMatchers(EndpointRequest.to("info", "health")).permitAll() .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR") .requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() .antMatchers("/events/**").hasRole("USER") .antMatchers("/**").permitAll() .and().httpBasic(); } }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
protected void configure(HttpSecurity http) throws Exception { http .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .csrf() .disable(); http .requestMatcher(new ActuatorRequestMatcher()) .authorizeRequests() .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated() .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN) .and().httpBasic(); } }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); } }
@Override public void configure(HttpSecurity http) throws Exception { http.anonymous().and().antMatcher("/user").authorizeRequests() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers(AUTH_WHITELIST).permitAll(). antMatchers("/actuator/**").permitAll(). anyRequest().authenticated() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .ignoringAntMatchers("/instances", "/actuator/**"); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().anyRequest().authenticated() .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(). antMatchers("/actuator/**").permitAll().anyRequest().authenticated(); http.formLogin().loginPage("/login").permitAll(); http.logout().clearAuthentication(true) .logoutSuccessUrl("/") .logoutUrl("/logout-session") .deleteCookies("JSESSIONID") .invalidateHttpSession(true); http.requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access", "/implicit/redirect"); http.authorizeRequests().antMatchers("/oauth/authorize").authenticated().anyRequest().authenticated(); http.csrf().ignoringAntMatchers("/instances", "/actuator/**"); } }
/** * Configure endpoint access to deny undefined. * * @param http the http * @param requests the requests */ protected void configureEndpointAccessToDenyUndefined(final HttpSecurity http, final ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry requests) { val endpoints = casProperties.getMonitor().getEndpoints().getEndpoint().keySet(); val configuredEndpoints = endpoints.toArray(ArrayUtils.EMPTY_STRING_ARRAY); val endpointDefaults = casProperties.getMonitor().getEndpoints().getDefaultEndpointProperties(); endpointDefaults.getAccess().forEach(Unchecked.consumer(access -> configureEndpointAccess(http, requests, access, endpointDefaults, EndpointRequest.toAnyEndpoint().excluding(configuredEndpoints).excludingLinks()))); }