@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/home").permitAll(); http.authorizeRequests().antMatchers("/api/**").authenticated(); http.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/").deleteCookies("JSESSIONID").invalidateHttpSession(true); http.authorizeRequests().anyRequest().permitAll(); http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); http.addFilterBefore(aadAuthFilter, UsernamePasswordAuthenticationFilter.class); } }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/login", "/logout.do").permitAll() .antMatchers("/**").authenticated() .and() .formLogin() .loginProcessingUrl("/login.do") .usernameParameter("name") .loginPage("/login") .and() .logout() //To match GET requests we have to use a request matcher. .logoutRequestMatcher(new AntPathRequestMatcher("/logout.do")); } }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/user/register").permitAll() .antMatchers("/user/activate").permitAll() .antMatchers("/user/activation-send").permitAll() .antMatchers("/user/reset-password").permitAll() .antMatchers("/user/reset-password-change").permitAll() .antMatchers("/user/autologin").access("hasRole('ROLE_ADMIN')") .antMatchers("/user/delete").access("hasRole('ROLE_ADMIN')") .antMatchers("/img/**").permitAll() .antMatchers("/images/**").permitAll() .antMatchers("/fonts/**").permitAll() .anyRequest().authenticated() .and() .formLogin().loginPage("/login").failureUrl("/login?error").permitAll() .and() .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login") .and() .rememberMe().key(applicationSecret) .tokenValiditySeconds(31536000); }
@Override protected void configure(HttpSecurity http) throws Exception { http.headers() .frameOptions() .sameOrigin() .and() .csrf().disable() .authorizeRequests() .anyRequest() .authenticated() .and() .formLogin().permitAll().loginPage("/login") .and() .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/"); }
@Override public void configure(HttpSecurity http) throws Exception { http .formLogin() .and() .requestMatchers() .antMatchers("/login","/signout", "/oauth/authorize", "/oauth/confirm_access") .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/signout")) .logoutSuccessUrl("/login") .and() .authorizeRequests() .anyRequest() .authenticated(); }
@Override protected void configure(HttpSecurity http) throws Exception { http. authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/login").permitAll() .antMatchers("/registration").permitAll() .antMatchers("/admin/**").hasAuthority("ADMIN").anyRequest() .authenticated().and().csrf().disable().formLogin() .loginPage("/login").failureUrl("/login?error=true") .defaultSuccessUrl("/admin/home") .usernameParameter("email") .passwordParameter("password") .and().logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/").and().exceptionHandling() .accessDeniedPage("/access-denied"); }
@Override protected void configure(HttpSecurity http) throws Exception { http. authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/login").permitAll() .antMatchers("/registration").permitAll() .antMatchers("/admin/**").hasAuthority("ADMIN").anyRequest() .authenticated().and().csrf().disable().formLogin() .loginPage("/login").failureUrl("/login?error=true") .defaultSuccessUrl("/admin/home") .usernameParameter("email") .passwordParameter("password") .and().logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/").and().exceptionHandling() .accessDeniedPage("/access-denied"); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/login","/logout.do").permitAll() .antMatchers("/**").authenticated() .and() .formLogin() .loginProcessingUrl("/login.do") .usernameParameter("username") .passwordParameter("password") .loginPage("/login") .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout.do")) .and() .userDetailsService(userDetailsServiceBean()); }
@Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .antMatchers("/resources/**", "/webjars/**","/assets/**").permitAll() .antMatchers("/", "/register", "/forgotPwd","/resetPwd").permitAll() .antMatchers("/myAccount","/checkout","/orders").authenticated() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/home") .failureUrl("/login?error") .permitAll() .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .permitAll() .and() .exceptionHandling().accessDeniedPage("/403"); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest() .authenticated() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/") .permitAll() .and() .logout() .logoutUrl("/logout") .logoutSuccessUrl("/logout-success") .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/login**").permitAll() .antMatchers("/static/**","/webjars/**").permitAll() .antMatchers("/about").permitAll() .antMatchers("/admin/**").fullyAuthenticated() .antMatchers("/").permitAll() .and() .formLogin() .loginPage("/login") .failureUrl("/login?error") .successHandler(customLoginSuccessHandler) .permitAll() .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessHandler(customLogoutSuccessHandler) .invalidateHttpSession(true) .deleteCookies("JSESSIONID") .permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .antMatchers("/*", "/h2-console/**").permitAll() .antMatchers("/contacts/**").hasRole("USER") .and() .csrf() .ignoringAntMatchers("/h2-console/*") .and() .headers() .frameOptions().sameOrigin() .and() .formLogin() .defaultSuccessUrl("/contacts") .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .antMatchers("/*", "/h2-console/**").permitAll() .antMatchers("/user/**").hasAnyRole("USER", "ADMIN") .antMatchers("/admin/**").hasRole("ADMIN") .and() .csrf() .ignoringAntMatchers("/h2-console/*") .and() .headers() .frameOptions().sameOrigin() .and() .formLogin() .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/"); // @formatter:on } }
@Override protected void configure(HttpSecurity http) throws Exception { http.formLogin() .loginPage("/login") .defaultSuccessUrl("/catalog") .permitAll(); http.logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/catalog") .deleteCookies("JSESSIONID") .permitAll(); http.authorizeRequests() .mvcMatchers("/my/**").authenticated() .anyRequest().permitAll(); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .formLogin() .loginPage("/login").defaultSuccessUrl("http://localhost:8888/index.html").permitAll() .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/signout")) .logoutSuccessUrl("/login") //.and().logout().invalidateHttpSession(true).deleteCookies("JSESSION") .and() .requestMatchers() .antMatchers("/","/login","/logout","/signout", "/oauth/authorize", "/oauth/confirm_access","/images/**") .and() .authorizeRequests().anyRequest().authenticated(); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests(); registry.antMatchers("/admin/**").hasAuthority(Role.ADMIN.toString()) .antMatchers("/image/**").permitAll() // .antMatchers("/webjars/**").permitAll() // .antMatchers("/js/**").permitAll() // .antMatchers("/css/**").permitAll() // .antMatchers("/img/**").permitAll() .and().formLogin().loginPage("/signin").defaultSuccessUrl("/").permitAll() .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll() .and().csrf().ignoringAntMatchers("/admin/**"/*,"/oauth*//**"*/); http.headers().frameOptions().disable().and() .rememberMe().tokenRepository(reMemberMeRepository); }
@Override protected void configure(HttpSecurity http) throws Exception { http .regexMatcher(getContext().getPathRegex()) .authorizeRequests() .antMatchers(getContext().getContextPath()).hasRole("ADMIN") .and() .exceptionHandling().accessDeniedPage("/public/error/403") .and() .csrf().disable() .formLogin().permitAll().loginPage(getContext().getUrlPath() + "/login") .and() .logout() .logoutRequestMatcher(new RegexRequestMatcher("/.*logout\\?{0,1}.*", HttpMethod.GET.name())) .logoutSuccessUrl("/"); }
@Override protected void configure(HttpSecurity http) throws Exception { http.regexMatcher(getContext().getPathRegex()) .requiresChannel() .anyRequest() .requiresSecure() .and() .headers() .frameOptions() .sameOrigin() .and() .csrf().disable() .authorizeRequests() .anyRequest() .authenticated() .and() .formLogin().permitAll().loginPage(getContext().getUrlPath() + "/login") .and() .logout() .logoutRequestMatcher(new RegexRequestMatcher("/.*logout\\?{0,1}.*", HttpMethod.GET.name())) .logoutSuccessUrl("/"); }
@Override @SuppressWarnings("SignatureDeclareThrowsException") public void configure( HttpSecurity root ) throws Exception { HttpSecurity http = root.antMatcher( adminWeb.path( "/**" ) ) .csrf() .csrfTokenRepository( CookieCsrfTokenRepository.withHttpOnlyFalse() ) .and() .formLogin().defaultSuccessUrl( adminWeb.path( "/" ) ) .loginPage( adminWeb.path( "/login" ) ) .permitAll() .and().logout().logoutUrl( adminWeb.path( "/logout" ) ) .permitAll() .logoutRequestMatcher( new AntPathRequestMatcher( adminWeb.path( "/logout" ) ) ) .and(); // Allow locale to be changed before security applied if ( localeResolver != null ) { http.addFilterBefore( new LocaleChangeFilter( localeResolver ), SecurityContextPersistenceFilter.class ); } ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry urlRegistry = http.authorizeRequests(); publisher.publishEvent( new AdminWebUrlRegistry( adminWeb, urlRegistry ) ); // Only users with any of the configured admin permissions can login urlRegistry.anyRequest().hasAnyAuthority( settings.getAccessPermissions() ); configureRememberMe( http ); customizeAdminWebSecurity( http ); }
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterAfter(switchUserProcessingFilter(), FilterSecurityInterceptor.class); http.antMatcher("/" + BLOSSOM_BASE_PATH + "/**") .authorizeRequests().anyRequest().fullyAuthenticated() .and().formLogin().loginPage("/" + BLOSSOM_BASE_PATH + "/login") .failureUrl("/" + BLOSSOM_BASE_PATH + "/login?error") .successHandler(blossomAuthenticationSuccessHandler).permitAll() .and().logout() .logoutRequestMatcher(new AntPathRequestMatcher("/" + BLOSSOM_BASE_PATH + "/logout")) .deleteCookies(BLOSSOM_REMEMBER_ME_COOKIE_NAME) .logoutSuccessUrl("/" + BLOSSOM_BASE_PATH + "/login").permitAll() .and().rememberMe().rememberMeCookieName(BLOSSOM_REMEMBER_ME_COOKIE_NAME) .and().exceptionHandling().defaultAuthenticationEntryPointFor( (request, response, authException) -> response.sendError(401), new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest")) .and().sessionManagement() .maximumSessions(webBackOfficeProperties.getMaxSessionsPerUser()).maxSessionsPreventsLogin(true) .expiredSessionStrategy( new BlossomInvalidSessionStrategy("/" + BLOSSOM_BASE_PATH + "/login")) .sessionRegistry(sessionRegistry); } }