@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); aep = new Http403ForbiddenEntryPoint(); }
private AuthenticationEntryPoint createDefaultEntryPoint(H http) { if (this.defaultEntryPointMappings.isEmpty()) { return new Http403ForbiddenEntryPoint(); } if (this.defaultEntryPointMappings.size() == 1) { return this.defaultEntryPointMappings.values().iterator().next(); } DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint( this.defaultEntryPointMappings); entryPoint.setDefaultEntryPoint(this.defaultEntryPointMappings.values().iterator() .next()); return entryPoint; }
@Override public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException { super.initializeFromConfig(config); aep = new Http403ForbiddenEntryPoint(); CredentialsFromRequestHeaderFilterConfig authConfig = (CredentialsFromRequestHeaderFilterConfig) config; userNameHeaderName = authConfig.getUserNameHeaderName(); passwordHeaderName = authConfig.getPasswordHeaderName(); userNameRegex = Pattern.compile(authConfig.getUserNameRegex()); passwordRegex = Pattern.compile(authConfig.getPasswordRegex()); decodeURI = authConfig.isParseAsUriComponents(); // digest used to create a cacheKey containing the user password try { digest = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("No MD5 algorithm available!"); } }
@Override public void init(H http) throws Exception { PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider(); authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http)); http .authenticationProvider(authenticationProvider) .setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint()); } // @formatter:on
/** * Populates a {@link PreAuthenticatedAuthenticationProvider} into * {@link HttpSecurity#authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)} * and a {@link Http403ForbiddenEntryPoint} into * {@link HttpSecurityBuilder#setSharedObject(Class, Object)} * * @see org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.springframework.security.config.annotation.SecurityBuilder) */ @Override public void init(H http) throws Exception { PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider(); authenticationProvider .setPreAuthenticatedUserDetailsService(getUserDetailsService()); authenticationProvider = postProcess(authenticationProvider); // @formatter:off http .authenticationProvider(authenticationProvider) .setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint()); // @formatter:on }
/** * Gets the http 403 forbidden entry point. * * @return the http 403 forbidden entry point */ @Bean(name = "preAuthenticatedProcessingFilterEntryPoint") public Http403ForbiddenEntryPoint getHttp403ForbiddenEntryPoint() { return new Http403ForbiddenEntryPoint(); }
private AuthenticationEntryPoint createDefaultEntryPoint(H http) { if (this.defaultEntryPointMappings.isEmpty()) { return new Http403ForbiddenEntryPoint(); } if (this.defaultEntryPointMappings.size() == 1) { return this.defaultEntryPointMappings.values().iterator().next(); } DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint( this.defaultEntryPointMappings); entryPoint.setDefaultEntryPoint(this.defaultEntryPointMappings.values().iterator() .next()); return entryPoint; }
@Override public void init(H http) throws Exception { PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider(); authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http)); http .authenticationProvider(authenticationProvider) .setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint()); } // @formatter:on
/** * Populates a {@link PreAuthenticatedAuthenticationProvider} into * {@link HttpSecurity#authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)} * and a {@link Http403ForbiddenEntryPoint} into * {@link HttpSecurityBuilder#setSharedObject(Class, Object)} * * @see org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.springframework.security.config.annotation.SecurityBuilder) */ @Override public void init(H http) throws Exception { PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider(); authenticationProvider .setPreAuthenticatedUserDetailsService(getUserDetailsService()); authenticationProvider = postProcess(authenticationProvider); // @formatter:off http .authenticationProvider(authenticationProvider) .setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint()); // @formatter:on }
.invalidateHttpSession(true) .and() .exceptionHandling() .authenticationEntryPoint(new Http403ForbiddenEntryPoint()) .and() .csrf()//Disabled CSRF protection .disable();
static HttpSecurity configureHttpSec(HttpSecurity http, String urlBase) throws Exception { http .csrf().disable() .exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()) .and() .antMatchers(urlBase+"/**").authorizeRequests().anyRequest().authenticated() .and() .httpBasic() .and() .logout().logoutUrl(urlBase+"/logout").logoutSuccessHandler((req,resp,auth) -> {}) ; return http; }
@Override protected void configure(HttpSecurity http) throws Exception { http .formLogin() ... .successHandler(your authentication success handler object) .failureHandler(your authentication failure handler object) .and() .logout() ... .logoutSuccessHandler(your logout success handler object) .and() .exceptionHandling() .authenticationEntryPoint(new Http403ForbiddenEntryPoint()) ... }
private AuthenticationEntryPoint createDefaultEntryPoint(H http) { if (this.defaultEntryPointMappings.isEmpty()) { return new Http403ForbiddenEntryPoint(); } if (this.defaultEntryPointMappings.size() == 1) { return this.defaultEntryPointMappings.values().iterator().next(); } DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint( this.defaultEntryPointMappings); entryPoint.setDefaultEntryPoint(this.defaultEntryPointMappings.values().iterator() .next()); return entryPoint; }
/** * Gets the {@link AuthenticationEntryPoint} according to the rules specified by {@link #authenticationEntryPoint(AuthenticationEntryPoint)} * @param http the {@link HttpSecurity} used to look up shared {@link AuthenticationEntryPoint} * @return the {@link AuthenticationEntryPoint} to use */ private AuthenticationEntryPoint getEntryPoint(H http) { AuthenticationEntryPoint entryPoint = this.authenticationEntryPoint; if(entryPoint == null) { AuthenticationEntryPoint sharedEntryPoint = http.getSharedObject(AuthenticationEntryPoint.class); if(sharedEntryPoint != null) { entryPoint = sharedEntryPoint; } else { entryPoint = new Http403ForbiddenEntryPoint(); } } return entryPoint; }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests().antMatchers("/topsecret").authenticated() .and() .oauth2ResourceServer() .jwt() .and() .authenticationEntryPoint(new Http403ForbiddenEntryPoint()); } }
/** * Configures exception-handling */ protected void exceptionHandling(HttpSecurity http) throws Exception { http .exceptionHandling() /*********************************************** * To prevent redirection to the login page * when someone tries to access a restricted page **********************************************/ .authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
@Override public void init(H http) throws Exception { PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider(); authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http)); http .authenticationProvider(authenticationProvider) .setSharedObject(AuthenticationEntryPoint.class,new Http403ForbiddenEntryPoint()); }
@Override public void init(H http) throws Exception { PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider(); authenticationProvider.setPreAuthenticatedUserDetailsService(getAuthenticationUserDetailsService(http)); http .authenticationProvider(authenticationProvider) .setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint()); } // @formatter:on
/** * Populates a {@link PreAuthenticatedAuthenticationProvider} into * {@link HttpSecurity#authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)} * and a {@link Http403ForbiddenEntryPoint} into * {@link HttpSecurity#authenticationEntryPoint(org.springframework.security.web.AuthenticationEntryPoint)} * * @see org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.springframework.security.config.annotation.SecurityBuilder) */ @Override public void init(H http) throws Exception { PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider(); authenticationProvider.setPreAuthenticatedUserDetailsService(getUserDetailsService()); authenticationProvider = postProcess(authenticationProvider); http .authenticationProvider(authenticationProvider) .setSharedObject(AuthenticationEntryPoint.class,new Http403ForbiddenEntryPoint()); }
/** * Populates a {@link PreAuthenticatedAuthenticationProvider} into * {@link HttpSecurity#authenticationProvider(org.springframework.security.authentication.AuthenticationProvider)} * and a {@link Http403ForbiddenEntryPoint} into * {@link HttpSecurityBuilder#setSharedObject(Class, Object)} * * @see org.springframework.security.config.annotation.SecurityConfigurerAdapter#init(org.springframework.security.config.annotation.SecurityBuilder) */ @Override public void init(H http) throws Exception { PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider(); authenticationProvider .setPreAuthenticatedUserDetailsService(getUserDetailsService()); authenticationProvider = postProcess(authenticationProvider); // @formatter:off http .authenticationProvider(authenticationProvider) .setSharedObject(AuthenticationEntryPoint.class, new Http403ForbiddenEntryPoint()); // @formatter:on }