private void setMatchers(List<? extends RequestMatcher> requestMatchers) { this.matchers.addAll(requestMatchers); requestMatcher(new OrRequestMatcher(this.matchers)); }
/** * Allows configuring the {@link HttpSecurity} to only be invoked when matching the * provided ant pattern. If more advanced configuration is necessary, consider using * {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}. * * <p> * Invoking {@link #antMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}}, * {@link #requestMatchers()}, {@link #antMatcher(String)}, * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}. * </p> * * @param antPattern the Ant Pattern to match on (i.e. "/admin/**") * @return the {@link HttpSecurity} for further customizations * @see AntPathRequestMatcher */ public HttpSecurity antMatcher(String antPattern) { return requestMatcher(new AntPathRequestMatcher(antPattern)); }
/** * Allows configuring the {@link HttpSecurity} to only be invoked when matching the * provided regex pattern. If more advanced configuration is necessary, consider using * {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}. * * <p> * Invoking {@link #regexMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}}, * {@link #requestMatchers()}, {@link #antMatcher(String)}, * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}. * </p> * * @param pattern the Regular Expression to match on (i.e. "/admin/.+") * @return the {@link HttpSecurity} for further customizations * @see RegexRequestMatcher */ public HttpSecurity regexMatcher(String pattern) { return requestMatcher(new RegexRequestMatcher(pattern, null)); }
@Override protected void configure(HttpSecurity http) throws Exception { http .requestMatcher(new MyRequestMatcher()); }
/** * Allows configuring the {@link HttpSecurity} to only be invoked when matching the * provided Spring MVC pattern. If more advanced configuration is necessary, consider using * {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}. * * <p> * Invoking {@link #mvcMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}}, * {@link #requestMatchers()}, {@link #antMatcher(String)}, * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}. * </p> * * @param mvcPattern the Spring MVC Pattern to match on (i.e. "/admin/**") * @return the {@link HttpSecurity} for further customizations * @see MvcRequestMatcher */ public HttpSecurity mvcMatcher(String mvcPattern) { HandlerMappingIntrospector introspector = new HandlerMappingIntrospector(getContext()); return requestMatcher(new MvcRequestMatcher(introspector, mvcPattern)); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) .requestMatcher(new NegatedRequestMatcher(new AntPathRequestMatcher("/oauth/**"))) .authorizeRequests().anyRequest().authenticated().expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
if (endpoints != null) { http.requestMatcher(new NotOAuthRequestMatcher(endpoints.oauth2EndpointHandlerMapping()));
private void setMatchers(List<? extends RequestMatcher> requestMatchers) { this.matchers.addAll(requestMatchers); requestMatcher(new OrRequestMatcher(this.matchers)); }
/** * Allows configuring the {@link HttpSecurity} to only be invoked when matching the * provided regex pattern. If more advanced configuration is necessary, consider using * {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}. * * <p> * Invoking {@link #regexMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}}, * {@link #requestMatchers()}, {@link #antMatcher(String)}, * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}. * </p> * * @param pattern the Regular Expression to match on (i.e. "/admin/.+") * @return the {@link HttpSecurity} for further customizations * @see RegexRequestMatcher */ public HttpSecurity regexMatcher(String pattern) { return requestMatcher(new RegexRequestMatcher(pattern, null)); }
/** * Allows configuring the {@link HttpSecurity} to only be invoked when matching the * provided ant pattern. If more advanced configuration is necessary, consider using * {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}. * * <p> * Invoking {@link #antMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}}, * {@link #requestMatchers()}, {@link #antMatcher(String)}, * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}. * </p> * * @param antPattern the Ant Pattern to match on (i.e. "/admin/**") * @return the {@link HttpSecurity} for further customizations * @see AntPathRequestMatcher */ public HttpSecurity antMatcher(String antPattern) { return requestMatcher(new AntPathRequestMatcher(antPattern)); }
/** * Allows configuring the {@link HttpSecurity} to only be invoked when matching the * provided Spring MVC pattern. If more advanced configuration is necessary, consider using * {@link #requestMatchers()} or {@link #requestMatcher(RequestMatcher)}. * * <p> * Invoking {@link #mvcMatcher(String)} will override previous invocations of {@link #mvcMatcher(String)}}, * {@link #requestMatchers()}, {@link #antMatcher(String)}, * {@link #regexMatcher(String)}, and {@link #requestMatcher(RequestMatcher)}. * </p> * * @param mvcPattern the Spring MVC Pattern to match on (i.e. "/admin/**") * @return the {@link HttpSecurity} for further customizations * @see MvcRequestMatcher */ public HttpSecurity mvcMatcher(String mvcPattern) { HandlerMappingIntrospector introspector = new HandlerMappingIntrospector(getContext()); return requestMatcher(new MvcRequestMatcher(introspector, mvcPattern)); }
@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http.requestMatcher(new OAuthRequestedMatcher()).authorizeRequests().antMatchers(HttpMethod.OPTIONS).permitAll() .anyRequest().authenticated(); // @formatter:on }
@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http.requestMatcher(new OAuth2RequestedMatcher()) .authorizeRequests() .antMatchers(HttpMethod.OPTIONS).permitAll() .anyRequest().authenticated(); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { http.requestMatcher(EndpointRequest.toAnyEndpoint()) .authorizeRequests().anyRequest().hasRole("ENDPOINT_ADMIN") .and() .httpBasic(); }
@Override public void configure(HttpSecurity http) throws Exception { http .requestMatcher(new OrRequestMatcher( new AntPathRequestMatcher("/path/to/oauth/endpoints/*"), new AntPathRequestMatcher("/oauth/protected/resource") )) .authorizeRequests().anyRequest().authenticated(); }
@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http // Just for laughs, apply OAuth protection to only 2 resources .requestMatcher(new OrRequestMatcher( new AntPathRequestMatcher("/"), new AntPathRequestMatcher("/admin/beans") )) .authorizeRequests() .anyRequest().access("#oauth2.hasScope('read')"); // @formatter:on }