@Override public void configure(HttpSecurity http) throws Exception { // @formatter:off http // Just for laughs, apply OAuth protection to only 3 resources .requestMatchers().antMatchers("/","/admin/beans","/admin/health") .and() .authorizeRequests() .anyRequest().access("#oauth2.hasScope('read')"); // @formatter:on }
@Override public void configure(HttpSecurity http) throws Exception { http .requestMatchers().antMatchers("/current") .and() .authorizeRequests() .antMatchers("/current").access("#oauth2.hasScope('read')"); } }
protected void configure(HttpSecurity http) throws Exception { http .requestMatchers() .antMatchers(HttpMethod.POST) .and() .authorizeRequests() .anyRequest().denyAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .requestMatchers() .antMatchers("/api/**") .antMatchers("/oauth/**") .and() .authorizeRequests() .antMatchers("/**").hasRole("USER") .and() .httpBasic(); } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.addFilterBefore(resourceFilter, AbstractPreAuthenticatedProcessingFilter.class) // Just for laughs, apply OAuth protection to only 3 resources .requestMatchers().antMatchers("/","/admin/beans","/admin/health") .and() .authorizeRequests() .anyRequest().access("#oauth2.hasScope('read')").expressionHandler(new OAuth2WebSecurityExpressionHandler()) .and() .anonymous().disable() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new OAuth2AuthenticationEntryPoint()) .accessDeniedHandler(new OAuth2AccessDeniedHandler()); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .requestMatchers() .mvcMatchers("/path") .and() .httpBasic().and() .authorizeRequests() .anyRequest().denyAll(); // @formatter:on }
protected void configure(HttpSecurity http) throws Exception { http .requestMatchers() .antMatchers("/never/") .antMatchers(HttpMethod.POST, new String[0]) .and() .authorizeRequests() .anyRequest().denyAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .requestMatchers() .mvcMatchers("/path").servletPath("/spring") .mvcMatchers("/never-match") .and() .httpBasic().and() .authorizeRequests() .anyRequest().denyAll(); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { AuthorizationServerSecurityConfigurer configurer = new AuthorizationServerSecurityConfigurer(); FrameworkEndpointHandlerMapping handlerMapping = endpoints.oauth2EndpointHandlerMapping(); http.setSharedObject(FrameworkEndpointHandlerMapping.class, handlerMapping); configure(configurer); http.apply(configurer); String tokenEndpointPath = handlerMapping.getServletPath("/oauth/token"); String tokenKeyPath = handlerMapping.getServletPath("/oauth/token_key"); String checkTokenPath = handlerMapping.getServletPath("/oauth/check_token"); if (!endpoints.getEndpointsConfigurer().isUserDetailsServiceOverride()) { UserDetailsService userDetailsService = http.getSharedObject(UserDetailsService.class); endpoints.getEndpointsConfigurer().userDetailsService(userDetailsService); } // @formatter:off http .authorizeRequests() .antMatchers(tokenEndpointPath).fullyAuthenticated() .antMatchers(tokenKeyPath).access(configurer.getTokenKeyAccess()) .antMatchers(checkTokenPath).access(configurer.getCheckTokenAccess()) .and() .requestMatchers() .antMatchers(tokenEndpointPath, tokenKeyPath, checkTokenPath) .and() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER); // @formatter:on http.setSharedObject(ClientDetailsService.class, clientDetailsService); }
@Override public void configure(HttpSecurity http) throws Exception { http .requestMatchers() .and() .authorizeRequests() .antMatchers("/actuator/**", "/api-docs/**").permitAll() .antMatchers("/springjwt/**" ).authenticated(); } }
@Override public void configure(HttpSecurity http) throws Exception { http.requestMatchers() .and() .authorizeRequests() .antMatchers("/api/v1/public/**").permitAll() .antMatchers("/**").authenticated(); }
@Override public void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/register").permitAll() .anyRequest().authenticated().and() .requestMatchers().antMatchers("/api/**"); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .requestMatchers().anyRequest() .and() .authorizeRequests() .antMatchers("/oauth/**").permitAll(); // @formatter:on } }
@Override public void configure(HttpSecurity http) throws Exception { http.csrf().disable() .requestMatchers().antMatchers("/**") .and() .authorizeRequests() .antMatchers(permitAllUrlProperties.getPermitallPatterns()).permitAll() .anyRequest().authenticated(); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.formLogin().loginPage("/login").permitAll().and().requestMatchers() .antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access").and() .authorizeRequests().anyRequest().authenticated().and().requestMatchers() .antMatchers("/mgmt/health").and().authorizeRequests().anyRequest().permitAll() .and().csrf().ignoringAntMatchers("/oauth/**", "/mgmt/**"); // @formatter:on }
@Override protected void configure(final HttpSecurity http) throws Exception { // @formatter:off http .formLogin().loginPage("/login").permitAll() .and() .requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access") .and() .authorizeRequests().anyRequest().authenticated(); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { http .requestMatchers() .antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access") .and() .authorizeRequests() .anyRequest().authenticated() .and() .formLogin().loginPage("/login").permitAll(); }
@Override public void configure(HttpSecurity http) throws Exception { http.requestMatchers() .antMatchers(SECURED_PATTERN).and().authorizeRequests() .antMatchers(HttpMethod.POST, SECURED_PATTERN).access(SECURED_WRITE_SCOPE) .anyRequest().access(SECURED_READ_SCOPE); } }
@Override public void configure(HttpSecurity http) throws Exception { http. anonymous().disable() .requestMatchers().antMatchers("/user*/**") .and().authorizeRequests() .antMatchers("/user*/**").permitAll() .and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler()); }
@Override protected void configure(HttpSecurity http) throws Exception { String[] paths = getSecurePaths(); if (paths.length > 0) { http.requestMatchers().antMatchers(paths); CasHttpSecurityConfigurer.cas().init(http); for (CasSecurityConfigurer configurer : configurers) { configurer.init(http); configurer.configure(http); } } }