/** * If the {@link SecurityConfigurer} has already been specified get the original, * otherwise apply the new {@link SecurityConfigurerAdapter}. * * @param configurer the {@link SecurityConfigurer} to apply if one is not found for * this {@link SecurityConfigurer} class. * @return the current {@link SecurityConfigurer} for the configurer passed in * @throws Exception */ @SuppressWarnings("unchecked") private <C extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity>> C getOrApply( C configurer) throws Exception { C existingConfig = (C) getConfigurer(configurer.getClass()); if (existingConfig != null) { return existingConfig; } return apply(configurer); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .apply(customConfigurer()) .and() .csrf().disable() .formLogin() .loginPage("/other"); }
@Override protected void configure(HttpSecurity http) throws Exception { http .apply(customConfigurer()) .loginPage("/custom"); }
@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http .apply(new UrlAuthorizationConfigurer<>(null)).getRegistry() .anyRequest().anonymous(); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .httpBasic().and() .apply(new UrlAuthorizationConfigurer(getApplicationContext())).getRegistry() .mvcMatchers("/path").hasRole("ADMIN"); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { AuthorizationServerSecurityConfigurer configurer = new AuthorizationServerSecurityConfigurer(); FrameworkEndpointHandlerMapping handlerMapping = endpoints.oauth2EndpointHandlerMapping(); http.setSharedObject(FrameworkEndpointHandlerMapping.class, handlerMapping); configure(configurer); http.apply(configurer); String tokenEndpointPath = handlerMapping.getServletPath("/oauth/token"); String tokenKeyPath = handlerMapping.getServletPath("/oauth/token_key"); String checkTokenPath = handlerMapping.getServletPath("/oauth/check_token"); if (!endpoints.getEndpointsConfigurer().isUserDetailsServiceOverride()) { UserDetailsService userDetailsService = http.getSharedObject(UserDetailsService.class); endpoints.getEndpointsConfigurer().userDetailsService(userDetailsService); } // @formatter:off http .authorizeRequests() .antMatchers(tokenEndpointPath).fullyAuthenticated() .antMatchers(tokenKeyPath).access(configurer.getTokenKeyAccess()) .antMatchers(checkTokenPath).access(configurer.getCheckTokenAccess()) .and() .requestMatchers() .antMatchers(tokenEndpointPath, tokenKeyPath, checkTokenPath) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER); // @formatter:on http.setSharedObject(ClientDetailsService.class, clientDetailsService); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .httpBasic().and() .apply(new UrlAuthorizationConfigurer(getApplicationContext())).getRegistry() .mvcMatchers("/path").servletPath("/spring").hasRole("ADMIN"); // @formatter:on }
.csrf().disable(); http.apply(resources); if (endpoints != null) {
@Override protected void configure(HttpSecurity http) throws Exception { http .apply(new UrlAuthorizationConfigurer<>(getApplicationContext())).getRegistry() .antMatchers("/users**", "/sessions/**").hasRole("USER") .antMatchers("/signup").hasRole("ANONYMOUS") .anyRequest().hasRole("USER"); }
@Override public void configure(HttpSecurity http) throws Exception { ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.formLogin().loginPage("/authentication/require") .loginProcessingUrl("/authentication/form") .and() .authorizeRequests(); filterIgnorePropertiesConfig.getUrls().forEach(url -> registry.antMatchers(url).permitAll()); registry.anyRequest().authenticated() .and() .csrf().disable(); http.apply(mobileSecurityConfigurer); }
/** * If the {@link SecurityConfigurer} has already been specified get the original, * otherwise apply the new {@link SecurityConfigurerAdapter}. * * @param configurer the {@link SecurityConfigurer} to apply if one is not found for * this {@link SecurityConfigurer} class. * @return the current {@link SecurityConfigurer} for the configurer passed in * @throws Exception */ @SuppressWarnings("unchecked") private <C extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity>> C getOrApply( C configurer) throws Exception { C existingConfig = (C) getConfigurer(configurer.getClass()); if (existingConfig != null) { return existingConfig; } return apply(configurer); } }
/** * Allows configuring the Request Cache. For example, a protected page (/protected) may be requested prior * to authentication. The application will redirect the user to a login page. After authentication, Spring * Security will redirect the user to the originally requested protected page (/protected). This is * automatically applied when using {@link WebSecurityConfigurerAdapter}. * * @return the {@link RequestCacheConfigurer} for further customizations * @throws Exception */ public RequestCacheConfigurer<HttpSecurity> requestCache() throws Exception { return apply(new RequestCacheConfigurer<HttpSecurity>()); }
@Override protected void configure(HttpSecurity http) throws Exception { http.apply(stormpath()); } }
/** * Integrates the {@link HttpServletRequest} methods with the values found * on the {@link SecurityContext}. This is automatically applied when using * {@link WebSecurityConfigurerAdapter}. * * @return the {@link ServletApiConfigurer} for further customizations * @throws Exception */ public ServletApiConfigurer<HttpSecurity> servletApi() throws Exception { return apply(new ServletApiConfigurer<HttpSecurity>()); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/admin*") .hasAnyRole("ADMIN") .anyRequest() .authenticated() .and() .formLogin() .and() .apply(clientErrorLogging()); }
@Override protected void configure(HttpSecurity http) throws Exception { http .apply(stormpath()).and() .authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/v1/instructions").permitAll() .antMatchers("/v1/r").permitAll().and() .csrf().ignoringAntMatchers("/v1/c").and() .csrf().ignoringAntMatchers("/v1/r"); } }
public void configure(HttpSecurity http) throws Exception { OAuth2SsoProperties sso = this.applicationContext .getBean(OAuth2SsoProperties.class); // Delay the processing of the filter until we know the // SessionAuthenticationStrategy is available: http.apply(new OAuth2ClientAuthenticationConfigurer(oauth2SsoFilter(sso))); addAuthenticationEntryPoint(http, sso); }
@Override protected void configure(HttpSecurity http) throws Exception { http.apply(stormpath()); }