Java Code Examples for org.springframework.security.web.util.matcher.AntPathRequestMatcher

The following are top voted examples for showing how to use org.springframework.security.web.util.matcher.AntPathRequestMatcher. These examples are extracted from open source projects. You can vote up the examples you like and your votes will be used in our system to generate more good examples.
Example 1
Project: AntiSocial-Platform   File: SecurityConfiguration.java   View source code 9 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception{
    http.addFilterBefore(characterEncodingFilter(), CsrfFilter.class);
    http.authorizeRequests()
            .antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
            .antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
            .and()
            .formLogin()
            .loginPage("/login")
            .usernameParameter("ssoId")
            .passwordParameter("password")
            .failureHandler(new CustomAuthenticationFailureHandler())
            .defaultSuccessUrl("/")
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .and()
            .rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
            .and()
            .csrf()
            .and()
            .exceptionHandling().accessDeniedPage("/error");

    http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}
 
Example 2
Project: spring-tsers-auth   File: WebSecurityConfig.java   View source code 8 votes vote down vote up
@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
            samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
            samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
            metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
            samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
            samlWebSSOHoKProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
            samlLogoutProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
            samlIDPDiscovery()));
    return new FilterChainProxy(chains);
}
 
Example 3
Project: springboot-jwt-starter   File: WebSecurityConfig.java   View source code 7 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    List<RequestMatcher> csrfMethods = new ArrayList<>();
    Arrays.asList( "POST", "PUT", "PATCH", "DELETE" )
            .forEach( method -> csrfMethods.add( new AntPathRequestMatcher( "/**", method ) ) );
    http
            .sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS ).and()
            .exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint ).and()
            .authorizeRequests()
            .antMatchers(
                    HttpMethod.GET,
                    "/",
                    "/webjars/**",
                    "/*.html",
                    "/favicon.ico",
                    "/**/*.html",
                    "/**/*.css",
                    "/**/*.js"
            ).permitAll()
            .antMatchers("/auth/**").permitAll()
            .anyRequest().authenticated().and()
            .addFilterBefore(new TokenAuthenticationFilter(tokenHelper, jwtUserDetailsService), BasicAuthenticationFilter.class);

    http.csrf().disable();
}
 
Example 4
Project: forum   File: SecurityConfiguration.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/login", "/register")
            .permitAll()
            .anyRequest()
            .authenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/profile")
            .and()
            .logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login");
}
 
Example 5
Project: flow-platform   File: WebConfig.java   View source code 6 votes vote down vote up
@Bean
public AuthenticationInterceptor authInterceptor() {
    List<RequestMatcher> matchers = ImmutableList.of(
        new AntPathRequestMatcher("/flows/**"),
        new AntPathRequestMatcher("/user/register"),
        new AntPathRequestMatcher("/user/delete"),
        new AntPathRequestMatcher("/user"),
        new AntPathRequestMatcher("/user/role/update"),
        new AntPathRequestMatcher("/jobs/**"),
        new AntPathRequestMatcher("/credentials/*"),
        new AntPathRequestMatcher("/actions/**"),
        new AntPathRequestMatcher("/message/**"),
        new AntPathRequestMatcher("/agents/create"),
        new AntPathRequestMatcher("/agents"),
        new AntPathRequestMatcher("/roles/**"),
        new AntPathRequestMatcher("/thread/config")
    );
    return new AuthenticationInterceptor(matchers);
}
 
Example 6
Project: AntiSocial-Platform   File: SecurityConfiguration.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception{
    http.authorizeRequests()
            .antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
            .antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
            .and()
            .formLogin()
            .loginPage("/login")
            .usernameParameter("ssoId")
            .passwordParameter("password")
            .failureHandler(new CustomAuthenticationFailureHandler())
            .defaultSuccessUrl("/")
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .and()
            .rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
            .and()
            .csrf()
            .and()
            .exceptionHandling().accessDeniedPage("/oups");

    http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}
 
Example 7
Project: ismartonline   File: SecurityConfiguration.java   View source code 6 votes vote down vote up
@Override
   protected void configure(HttpSecurity http) throws Exception
   {
      
     // EXAMPLE OF AUTHENTICATION AND AUTHORIZATION
      
      http.csrf().disable().
      authorizeRequests()
      //TODO: verificar se da pra deixar um matcher só
    .antMatchers("/admin").hasRole("ADMIN")
    .antMatchers("/admin/**").hasRole("ADMIN")
    .antMatchers("/cadastro/**").permitAll()
    .antMatchers("/evaluate").permitAll()
    .antMatchers("/vQtDNoCxpCa8QIAZPWeIMt4hPuLwZ8a/").permitAll()
    .antMatchers("/modulo/cultura/missao/deliver").permitAll()
    .antMatchers("/entrega/submit").permitAll()
    
//      .antMatchers(HttpMethod.POST,"/specificUrl").hasRole("ADMIN")
//      .antMatchers("/url3/**").permitAll()
      .anyRequest().authenticated()
      .and()
      .formLogin().loginPage("/login"). permitAll()
      .and()
      .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
      
   }
 
Example 8
Project: pswot-cloud-java-spring-webapp   File: SecurityConfiguration.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/produtos/form").hasRole("ADMIN")
            .antMatchers("/shopping/**").permitAll()
            .antMatchers(HttpMethod.POST, "/produtos").hasRole("ADMIN")
            .antMatchers("/produtos/**").permitAll()
            .antMatchers("/").permitAll()
            .antMatchers("/user/**").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").permitAll().successHandler(
                    new RedirectAfterLogin())
            // para definir para onde vai depois de fazer o login
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher(
                            "/logout"))
            .logoutSuccessHandler(new RedirectAfterLogout());
}
 
Example 9
Project: interview-preparation   File: WebSecurityConfig.java   View source code 6 votes vote down vote up
@Bean(name = "springSecurityFilterChain")
public FilterChainProxy springSecurityFilterChain() throws ServletException, Exception {

    final List<SecurityFilterChain> listOfFilterChains = new ArrayList<SecurityFilterChain>();

    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/cors")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/dump")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/validatorUrl")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-resources")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/ui")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/security")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/v2/api-docs")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-ui.html")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/webjars/**")));
    // no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/webjars/**")));// no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/*"), securityContextPersistenceFilterWithASCFalse(),
            usernamePasswordAuthenticationFilter(), sessionManagementFilter(), exceptionTranslationFilter(), filterSecurityInterceptor()));

    final FilterChainProxy filterChainProxy = new FilterChainProxy(listOfFilterChains);

    return filterChainProxy;
}
 
Example 10
Project: interview-preparation   File: WebSecurityConfig.java   View source code 6 votes vote down vote up
@Bean(name = "springSecurityFilterChain")
public FilterChainProxy springSecurityFilterChain() throws ServletException, Exception {

    final List<SecurityFilterChain> listOfFilterChains = new ArrayList<SecurityFilterChain>();
    // listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/login"), new NoSecurityFilter()));

    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/validatorUrl")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-resources")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/ui")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/configuration/security")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/v2/api-docs")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/swagger-ui.html")));
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/webjars/**")));
    // no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/webjars/**")));// no filters
    listOfFilterChains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/api/**"), securityContextPersistenceFilterWithASCFalse(),
            exceptionTranslationFilter(), filterSecurityInterceptor()));

    final FilterChainProxy filterChainProxy = new FilterChainProxy(listOfFilterChains);

    return filterChainProxy;
}
 
Example 11
Project: facepalm   File: SecurityConfig.java   View source code 6 votes vote down vote up
@Override
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected void configure(final HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .authorizeRequests()
            .antMatchers("/fonts/**").permitAll()
            .antMatchers("/register").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").permitAll()
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll()
            .and()
            .exceptionHandling().accessDeniedPage("/access?error")
            .and().headers().xssProtection().block(false).xssProtectionEnabled(false).and() // Default setting for Spring Boot to activate XSS Protection (dont fix!)
            .and().csrf().disable(); // FIXME [dh] Enabling CSRF prevents file upload, must be fixed
}
 
Example 12
Project: mojito   File: WebSecurityConfig.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    logger.debug("Configuring web security");

    http.headers().cacheControl().disable();
    http.authorizeRequests()
            // TODO (move img to images)
            // TODO (move intl to js/intl)
            .antMatchers("/intl/*", "/img/*", "/fonts/*", "/webjars/**", "/cli/**").permitAll()
            .regexMatchers("/login\\?.*").permitAll()
            .anyRequest().fullyAuthenticated()
            .and()
            .formLogin()
            .loginPage("/login").permitAll()
            .successHandler(new ShowPageAuthenticationSuccessHandler())
            .and()
            .logout().logoutSuccessUrl("/login?logout").permitAll();

    http.exceptionHandling().defaultAuthenticationEntryPointFor(new Http401AuthenticationEntryPoint("API_UNAUTHORIZED"), new AntPathRequestMatcher("/api/*"));
    http.exceptionHandling().defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), new AntPathRequestMatcher("/*"));
}
 
Example 13
Project: spring_boot   File: SecurityConfiguration.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {

    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/esparkHome").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/esparkLoginPage")
            .defaultSuccessUrl("/esparkUserPage")
            .permitAll()
            .and()
            .csrf().disable()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/esparkHome")
            .permitAll();

}
 
Example 14
Project: spring_boot   File: SecurityConfiguration.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {

    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/esparkHome").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/esparkLoginPage")
            .defaultSuccessUrl("/esparkUserPage")
            .permitAll()
            .and()
            .csrf().disable()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/esparkHome")
            .permitAll();

}
 
Example 15
Project: spring_boot   File: WebSecurityConfiguration.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/esparkHome").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/esparkLoginPage")
            .defaultSuccessUrl("/esparkUserPage")
            .permitAll()
            .and()
            .csrf().disable()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
             .logoutSuccessUrl("/esparkHome")
            .permitAll();

}
 
Example 16
Project: spring_boot   File: SecurityConfiguration.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/esparkHome").permitAll()
            .antMatchers("/espark/info").hasAnyRole("ADMIN","USER")
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/esparkLoginPage")
            .defaultSuccessUrl("/esparkUserPage")
            .permitAll()
            .and()
            .csrf().disable()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/esparkHome?logout=true")
            .permitAll();

}
 
Example 17
Project: igsn30   File: MultiHttpSecurityConfig.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {	
	http.authorizeRequests()
	 .antMatchers("/restricted/**").authenticated()	
	 .antMatchers("/web/**").authenticated()
	 .and()
	    .formLogin()
	    	.usernameParameter("j_username") // default is username
              .passwordParameter("j_password") // default is password
	    	.loginPage("/views/login.html").successHandler(new CustomSuccessHandler()).failureUrl("/views/login.html?failure")		   		
	 .and()
	    .logout().logoutSuccessUrl("/")
	    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))		 
	 .and()
	    .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
		.csrf().csrfTokenRepository(csrfTokenRepository());
}
 
Example 18
Project: spring-boot-magneto   File: WebSecurityConfig.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/user/**").authenticated()
            .anyRequest().permitAll()
            .and().exceptionHandling()
            .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
            .and()
            .formLogin().loginPage("/login").loginProcessingUrl("/login.do").defaultSuccessUrl("/user/info")
            .failureUrl("/login?err=1")
            .permitAll()
            .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/")
            .permitAll()

            .and().addFilterBefore(githubFilter(), BasicAuthenticationFilter.class)
    ;

}
 
Example 19
Project: https-github.com-g0t4-jenkins2-course-spring-boot   File: ManagementWebSecurityAutoConfiguration.java   View source code 6 votes vote down vote up
public static RequestMatcher getRequestMatcher(
		ManagementContextResolver contextResolver) {
	if (contextResolver == null) {
		return null;
	}
	ManagementServerProperties management = contextResolver
			.getApplicationContext().getBean(ManagementServerProperties.class);
	ServerProperties server = contextResolver.getApplicationContext()
			.getBean(ServerProperties.class);
	String path = management.getContextPath();
	if (StringUtils.hasText(path)) {
		AntPathRequestMatcher matcher = new AntPathRequestMatcher(
				server.getPath(path) + "/**");
		return matcher;
	}
	// Match everything, including the sensitive and non-sensitive paths
	return new LazyEndpointPathRequestMatcher(contextResolver, EndpointPaths.ALL);
}
 
Example 20
Project: engerek   File: MidPointGuiAuthorizationEvaluator.java   View source code 6 votes vote down vote up
private void addSecurityConfig(FilterInvocation filterInvocation, Collection<ConfigAttribute> guiConfigAttr,
                   String url, DisplayableValue<String>[] actions) {

     AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
     if (!matcher.matches(filterInvocation.getRequest()) || actions == null) {
         return;
     }
     
     for (DisplayableValue<String> action : actions) {
         String actionUri = action.getValue();
         if (StringUtils.isBlank(actionUri)) {
             continue;
         }

         //all users has permission to access these resources
         if (action.equals(AuthorizationConstants.AUTZ_UI_PERMIT_ALL_URL)) {
             return;
         }

         SecurityConfig config = new SecurityConfig(actionUri);
if (!guiConfigAttr.contains(config)) {
	guiConfigAttr.add(config);
}
     }
 }
 
Example 21
Project: spring-boot-saml2   File: WebSecurityConfig.java   View source code 6 votes vote down vote up
/**
 * SAML Filter.
 * @return SAMLFilter
 * @throws Exception Exception
 */
@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
        samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
        samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
        samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
        samlWebSSOHoKProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
        samlLogoutProcessingFilter()));
     return new FilterChainProxy(chains);
}
 
Example 22
Project: spring-boot-concourse   File: ManagementWebSecurityAutoConfiguration.java   View source code 6 votes vote down vote up
public static RequestMatcher getRequestMatcher(
		ManagementContextResolver contextResolver) {
	if (contextResolver == null) {
		return null;
	}
	ManagementServerProperties management = contextResolver
			.getApplicationContext().getBean(ManagementServerProperties.class);
	ServerProperties server = contextResolver.getApplicationContext()
			.getBean(ServerProperties.class);
	String path = management.getContextPath();
	if (StringUtils.hasText(path)) {
		AntPathRequestMatcher matcher = new AntPathRequestMatcher(
				server.getPath(path) + "/**");
		return matcher;
	}
	// Match everything, including the sensitive and non-sensitive paths
	return new LazyEndpointPathRequestMatcher(contextResolver, EndpointPaths.ALL);
}
 
Example 23
Project: spring-security-saml-dsl   File: SAMLConfigurer.java   View source code 6 votes vote down vote up
private FilterChainProxy samlFilter(SAMLEntryPoint samlEntryPoint, SAMLContextProvider contextProvider) {
	List<SecurityFilterChain> chains = new ArrayList<>();
	chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
		samlEntryPoint));
	chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
		new MetadataDisplayFilter()));
	try {
		chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
			samlWebSSOProcessingFilter(samlAuthenticationProvider, contextProvider, samlProcessor)));
	} catch (Exception e) {
		e.printStackTrace();
	}
	SAMLDiscovery samlDiscovery = new SAMLDiscovery();
	samlDiscovery.setMetadata(cachingMetadataManager);
	samlDiscovery.setContextProvider(contextProvider);
	chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
		samlDiscovery));
	return new FilterChainProxy(chains);
}
 
Example 24
Project: microbbs   File: MyInvocationSecurityMetadataSource.java   View source code 6 votes vote down vote up
/**
 * 根据路径获取访问权限的集合接口
 *
 * @param object
 * @return
 * @throws IllegalArgumentException
 */
@Override
public Collection<ConfigAttribute> getAttributes(Object object)
        throws IllegalArgumentException {
    HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
    List<ConfigAttribute> attrs = new ArrayList<>();
    try {
        List<Permission> permissions = permissionService.findAll();
        for (Permission p : permissions) {
            AntPathRequestMatcher matcher = new AntPathRequestMatcher(p.getUrl());
            if (matcher.matches(request)) {
                attrs.add(new SecurityConfig(p.getCode()));
            }
        }
    } catch (ExecutionException e) {
        e.printStackTrace();
    }

    return attrs;
}
 
Example 25
Project: authorization-server-with-mongodb   File: SecurityConfiguration.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	
	// @formatter:off
	http
	.authorizeRequests()
		.antMatchers("/login", "/logout.do", "/api/**").permitAll()
		.antMatchers("/**").authenticated()
	.and()
		.formLogin()
		.loginProcessingUrl("/login.do")
		.usernameParameter("name")
		.loginPage("/login")
	.and()
		.logout()
		.logoutRequestMatcher(new AntPathRequestMatcher("/logout.do")) // AntPathRequestMatcher for GET request
	.and()
	.userDetailsService(mongoUserDetailsManager);
	// @formatter:on
}
 
Example 26
Project: plagueForGradle   File: SecurityConfig.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    // 允许访问静态资源
    http.authorizeRequests().antMatchers("/templates/**").permitAll();
    // 允许访问登陆或退出url
    http.formLogin()
            .failureUrl("/login?error")
            .defaultSuccessUrl("/home")
            .loginPage("/login")
            .permitAll()
            .and()
            .logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login")
            .permitAll();
    //http.requiresChannel().antMatchers("https");


    // 除此之外的链接都需要验证
    http.authorizeRequests().anyRequest().authenticated();

}
 
Example 27
Project: springboot-tourreservation   File: SecurityConfig.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/tours/*/reserve", "/reservations/**")
            .authenticated();
    http.formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/login/authenticate")
            .usernameParameter("username")
            .passwordParameter("password");
    http.logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/")
            .deleteCookies("JSESSIONID")
            .invalidateHttpSession(true);
    http.csrf().disable();
    http.headers().frameOptions().disable();
}
 
Example 28
Project: psi-probe   File: ProbeSecurityConfig.java   View source code 6 votes vote down vote up
/**
 * Gets the filter security interceptor.
 *
 * @return the filter security interceptor
 */
@Bean(name = "fsi")
public FilterSecurityInterceptor getFilterSecurityInterceptor() {
  FilterSecurityInterceptor interceptor = new FilterSecurityInterceptor();
  interceptor.setAuthenticationManager(getProviderManager());
  interceptor.setAccessDecisionManager(getAffirmativeBased());

  LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = new LinkedHashMap<>();
  requestMap.put(new AntPathRequestMatcher("/adm/**"),
      SecurityConfig.createListFromCommaDelimitedString("ROLE_MANAGER,ROLE_MANAGER-GUI"));
  requestMap.put(new AntPathRequestMatcher("/adm/restartvm.ajax"), SecurityConfig
      .createListFromCommaDelimitedString("ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));
  requestMap.put(new AntPathRequestMatcher("/sql/**"), SecurityConfig
      .createListFromCommaDelimitedString("ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));
  requestMap.put(new AntPathRequestMatcher("/app/**"),
      SecurityConfig.createListFromCommaDelimitedString(
          "ROLE_POWERUSER,ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));
  requestMap.put(new AntPathRequestMatcher("/**"),
      SecurityConfig.createListFromCommaDelimitedString(
          "ROLE_PROBEUSER,ROLE_POWERUSER,ROLE_POWERUSERPLUS,ROLE_MANAGER,ROLE_MANAGER-GUI"));

  interceptor
      .setSecurityMetadataSource(new DefaultFilterInvocationSecurityMetadataSource(requestMap));
  return interceptor;
}
 
Example 29
Project: jcart   File: WebSecurityConfig.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    	.csrf().disable()
        .authorizeRequests()
        	.antMatchers("/resources/**", "/webjars/**","/assets/**").permitAll()
            .antMatchers("/", "/register", "/forgotPwd","/resetPwd").permitAll()
            .antMatchers("/myAccount","/checkout","/orders").authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/home")
            .failureUrl("/login?error")
            .permitAll()
            .and()
        .logout()
        	.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
        	.permitAll()
            .and()
        .exceptionHandling().accessDeniedPage("/403");
}
 
Example 30
Project: jcart   File: WebSecurityConfig.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    	.csrf().disable()
        .authorizeRequests()
        	.antMatchers("/resources/**", "/webjars/**","/assets/**").permitAll()
            .antMatchers("/", "/forgotPwd","/resetPwd").permitAll()
            //.antMatchers(HttpMethod.POST,"/api","/api/**").hasRole("ROLE_ADMIN")
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/home")
            .failureUrl("/login?error")
            .permitAll()
            .and()
        .logout()
        	.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
        	//.logoutUrl("/logout")
            .permitAll()
            .and()
        .exceptionHandling().accessDeniedPage("/403");
}
 
Example 31
Project: OAuthSpringSSO   File: OAuthenticationServerConfiguration.java   View source code 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {

	http.exceptionHandling()
			.authenticationEntryPoint(customAuthenticationEntryPoint)
			.and()
			.logout()
			.logoutUrl("/oauth/logout")//The Logout URL
			.logoutSuccessHandler(customLogoutSuccessHandler)
			.and()
			.csrf()
			.requireCsrfProtectionMatcher(
					new AntPathRequestMatcher("/oauth/authorize"))
			.disable().headers().frameOptions().disable()
			.sessionManagement()
			.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
			.and().authorizeRequests().antMatchers("/hello/**")
			.permitAll().antMatchers("/secure/**").authenticated();

}
 
Example 32
Project: find   File: SecurityConfiguration.java   View source code 6 votes vote down vote up
@SuppressWarnings("ProhibitedExceptionDeclared")
@Override
protected void configure(final HttpSecurity http) throws Exception {
    final HttpSessionRequestCache requestCache = new HttpSessionRequestCache();
    requestCache.setRequestMatcher(new AntPathRequestMatcher(FindController.APP_PATH + "/**"));

    http
        .authorizeRequests()
            .antMatchers("/api/public/**").hasRole(FindRole.USER.name())
            .antMatchers("/api/admin/**").hasRole(FindRole.ADMIN.name())
            .antMatchers("/api/config/**").hasRole(FindRole.CONFIG.name())
            .antMatchers("/api/bi/**").hasRole(FindRole.BI.name())
            .and()
        .requestCache()
            .requestCache(requestCache)
            .and()
        .csrf()
            .disable()
        .headers()
            .defaultsDisabled()
            .frameOptions()
            .sameOrigin();
}
 
Example 33
Project: websec-saml2sp   File: SamlSpringSecurityConfig.java   View source code 6 votes vote down vote up
/**
 * Define the security filter chain in order to support SSO Auth by using SAML 2.0
 *
 * @return Filter chain proxy
 * @throws Exception
 */
@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
                                              metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
                                              samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
                                              samlWebSSOHoKProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
                                              samlLogoutProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"), samlIDPDiscovery()));
    return new FilterChainProxy(chains);
}
 
Example 34
Project: kansalaisaloite   File: WebSecurityConfig.java   View source code 6 votes vote down vote up
/**
 * Define the security filter chain in order to support SSO Auth by using SAML 2.0
 *
 * @return Filter chain proxy
 * @throws Exception
 */
@Bean
public FilterChainProxy samlFilter() throws Exception {
    List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
            new TargetStoringFilter(),
            samlEntryPoint()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
            new TargetStoringFilter(),
            samlLogoutFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
            metadataDisplayFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
            samlWebSSOProcessingFilter()));
    chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
            samlLogoutProcessingFilter()));
    return new FilterChainProxy(chains);
}
 
Example 35
Project: midpoint   File: MidPointGuiAuthorizationEvaluator.java   View source code 6 votes vote down vote up
private void addSecurityConfig(FilterInvocation filterInvocation, List<String> requiredActions,
                   String url, DisplayableValue<String>[] actions) {

     AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
     if (!matcher.matches(filterInvocation.getRequest()) || actions == null) {
         return;
     }
     
     for (DisplayableValue<String> action : actions) {
         String actionUri = action.getValue();
         if (StringUtils.isBlank(actionUri)) {
             continue;
         }

if (!requiredActions.contains(actionUri)) {
	requiredActions.add(actionUri);
}
     }
 }
 
Example 36
Project: wicket-spring-security-example   File: SpringSecurityConfiguration.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterAfter(new CsrfTokenFilter(), CsrfFilter.class)
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .deleteCookies("remove")
            .invalidateHttpSession(true)
            .logoutUrl("/logout")
            .logoutSuccessUrl("/logout_success")
            //http://stackoverflow.com/questions/24108585/spring-security-java-config-not-generating-logout-url
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .and()
        .authorizeRequests()
            .antMatchers("/favicon.ico").permitAll()
            .antMatchers("/logout_success").permitAll()
            .antMatchers("/**").hasRole("USER");
}
 
Example 37
Project: spring-boot-security-saml-sample   File: WebSecurityConfig.java   View source code 6 votes vote down vote up
/**
* Define the security filter chain in order to support SSO Auth by using SAML 2.0
* 
* @return Filter chain proxy
* @throws Exception
*/
  @Bean
  public FilterChainProxy samlFilter() throws Exception {
      List<SecurityFilterChain> chains = new ArrayList<SecurityFilterChain>();
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
              samlEntryPoint()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
              samlLogoutFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
              metadataDisplayFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
              samlWebSSOProcessingFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
              samlWebSSOHoKProcessingFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
              samlLogoutProcessingFilter()));
      chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
              samlIDPDiscovery()));
      return new FilterChainProxy(chains);
  }
 
Example 38
Project: curso_spring-security   File: WebSecurityConfig.java   View source code 6 votes vote down vote up
@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
//			.csrf().disable()
			.authorizeRequests()                                                                
	            .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")                                  
	            .and()
	        .formLogin()
	        	.loginPage("/login.do")
	        	.defaultSuccessUrl("/index.do")
	        	.loginProcessingUrl("/j_spring_security_check")
	        	.usernameParameter("j_username")
	        	.passwordParameter("j_password")
	        	.and()
	        	.logout()
	        	.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
	        	.logoutSuccessUrl("/index.do")
	        	.and()
	        .rememberMe()
	        	.key("authkey");
	}
 
Example 39
Project: springsecuritytotp   File: SecurityConfig.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	//@formatter:off
	http
	  .authorizeRequests()
	  .anyRequest()
	  .authenticated()
	.and()
	  .formLogin()
	  .authenticationDetailsSource(TotpWebAuthenticationDetails::new)
	  .loginPage("/login").failureUrl("/login?error").permitAll()
	.and()
	  .logout()
	  .logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"));
	//@formatter:on
}
 
Example 40
Project: spring-oauth-example   File: SecurityConfiguration.java   View source code 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/login", "/logout.do").permitAll()
            .antMatchers("/**").authenticated()
        .and()
        .formLogin()
            .loginProcessingUrl("/login.do")
            .usernameParameter("name")
            .loginPage("/login")
        .and()
        .logout()
            //To match GET requests we have to use a request matcher.
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout.do"));
}