@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .exceptionHandling(); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); http.authorizeRequests() .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll() .antMatchers("/**").authenticated(); http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout"); http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true) .logoutSuccessHandler(urlLogoutHandler); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); http.authorizeRequests() .antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll() .antMatchers("/**").hasAnyRole(USER_ROLE); http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler(); urlLogoutHandler.setDefaultTargetUrl("/signin?#/logout"); http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true) .logoutSuccessHandler(urlLogoutHandler); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:on http .authorizeRequests() .anyRequest().authenticated() .and() .exceptionHandling() .authenticationEntryPoint(AEP) .and() .exceptionHandling(); // @formatter:off } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated().and() // custom token authorize exception handler .exceptionHandling() .authenticationEntryPoint(unauthorizedHandler).and() // since we use jwt, session is not necessary .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() // since we use jwt, csrf is not necessary .csrf().disable(); http.addFilterBefore(new JwtAuthenticationTokenFilter(tokenProvider), UsernamePasswordAuthenticationFilter.class); // disable cache http.headers().cacheControl(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/admin").hasRole("ADMIN") .anyRequest().authenticated() .and() .exceptionHandling() .accessDeniedPage("/AccessDeniedPage"); } }
@Override public void configure(HttpSecurity http) throws Exception { // ensure this is initialized frameworkEndpointHandlerMapping(); if (allowFormAuthenticationForClients) { clientCredentialsTokenEndpointFilter(http); } for (Filter filter : tokenEndpointAuthenticationFilters) { http.addFilterBefore(filter, BasicAuthenticationFilter.class); } http.exceptionHandling().accessDeniedHandler(accessDeniedHandler); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/entry-point")) .and() .formLogin(); } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.anonymous().disable() .antMatcher("/oauth/token") .authorizeRequests().anyRequest().authenticated() .and() .httpBasic().authenticationEntryPoint(authenticationEntryPoint()) .and() .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/token")).disable() .exceptionHandling().accessDeniedHandler(accessDeniedHandler()) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.anonymous().disable() .antMatcher("/oauth/token") .authorizeRequests().anyRequest().authenticated() .and() .httpBasic().authenticationEntryPoint(authenticationEntryPoint()) .and() .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/token")).disable() .exceptionHandling().accessDeniedHandler(accessDeniedHandler()) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.anonymous().disable() .antMatcher("/oauth/token") .authorizeRequests().anyRequest().authenticated() .and() .httpBasic().authenticationEntryPoint(authenticationEntryPoint()) .and() .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/token")).disable() .exceptionHandling().accessDeniedHandler(accessDeniedHandler()) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.anonymous().disable() .antMatcher("/token") .authorizeRequests().anyRequest().authenticated() .and() .httpBasic().authenticationEntryPoint(authenticationEntryPoint()) .and() .csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/token")).disable() .exceptionHandling().accessDeniedHandler(accessDeniedHandler()) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .anyRequest().denyAll() .and() .exceptionHandling() .defaultAccessDeniedHandlerFor( this.teapotDeniedHandler, new AntPathRequestMatcher("/hello/**")); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .anyRequest().denyAll() .and() .exceptionHandling() .defaultAccessDeniedHandlerFor( this.teapotDeniedHandler, new AntPathRequestMatcher("/hello/**")) .defaultAccessDeniedHandlerFor( new AccessDeniedHandlerImpl(), AnyRequestMatcher.INSTANCE); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .anyRequest().denyAll() .and() .exceptionHandling() .defaultAccessDeniedHandlerFor(new AccessDeniedHandlerImpl(), request -> false) .and() .httpBasic() .and() .oauth2ResourceServer() .jwt(); // @formatter:on }