org.springframework.security.web.context.SecurityContextPersistenceFilter Java Examples

The following examples show how to use org.springframework.security.web.context.SecurityContextPersistenceFilter. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: JwtSecurityConfiguration.java    From cola with MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {

	http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	http.authorizeRequests()
			.antMatchers("/login", "/logout", "/error").permitAll()
			.and()
			.formLogin()
			.loginProcessingUrl("/login")
			.failureHandler(this.failureHandler())
			.successHandler(this.successHandler())
			.and()
			.logout()
			.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
			.logoutSuccessHandler(new JwtLogoutSuccessHandler())
			.and()
			.exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint())
			.and()
			.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	http.addFilterAfter(this.jwtAuthenticationFilter, SecurityContextPersistenceFilter.class);
}
 
Example #2
Source File: SecurityConfig.java    From Spring with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .regexMatchers("/chief/.*").hasRole("CHIEF")
            .regexMatchers("/agent/.*").access("hasRole('USER') and principal.name='James Bond'")
            .anyRequest().authenticated()
            .and().httpBasic()
            .and().requiresChannel().anyRequest().requiresSecure();

    http.exceptionHandling().accessDeniedPage("/accessDenied");

    http.formLogin().loginPage("/login").permitAll();

    http.logout().logoutUrl("/customlogout");

    http.addFilterBefore(securityContextPersistenceFilter(), SecurityContextPersistenceFilter.class);
    http.addFilterAt(exceptionTranslationFilter(), ExceptionTranslationFilter.class);
    http.addFilter(filterSecurityInterceptor()); // This ensures filter ordering by default
    http.addFilterAfter(new CustomFilter(), FilterSecurityInterceptor.class);
}
 
Example #3
Source File: AuthSecurityConfigurerAdapter.java    From wecube-platform with Apache License 2.0 5 votes vote down vote up
protected void configure(HttpSecurity http) throws Exception {
    http //
            .cors() //
            .and() //
            .csrf() //
            .disable() //
            .sessionManagement() //
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS) //
            .and() //
            .securityContext() //
            .securityContextRepository(new JwtSsoBasedSecurityContextRepository()) //
            .and() //
            .addFilterBefore(jwtSsoBasedLoginFilter(), SecurityContextPersistenceFilter.class) //
            .addFilterBefore(new JwtSsoBasedRefreshTokenFilter(authenticationManager(), authServerProperties),
                    SecurityContextPersistenceFilter.class) //
            .addFilter(new JwtSsoBasedAuthenticationFilter(authenticationManager(), authServerProperties))//
            .authorizeRequests() //
            .antMatchers(getAuthWhiteList()) //
            .permitAll() //
            .anyRequest() //
            .authenticated() //
            .and() //
            .exceptionHandling() //
            .authenticationEntryPoint(new Http401AuthenticationEntryPoint()) //
            .and() //
            .exceptionHandling() //
            .accessDeniedHandler(new Http403AccessDeniedHandler()); //

}
 
Example #4
Source File: SecurityConfig.java    From Spring with Apache License 2.0 5 votes vote down vote up
@Bean
public SecurityContextPersistenceFilter securityContextPersistenceFilter() {
    final HttpSessionSecurityContextRepository sCRepo = new HttpSessionSecurityContextRepository();
    sCRepo.setAllowSessionCreation(true); //by default true

    return new SecurityContextPersistenceFilter(sCRepo);
}
 
Example #5
Source File: AppSpringModuleConfig.java    From herd with Apache License 2.0 5 votes vote down vote up
/**
 * Gets a filter chain proxy.
 *
 * @param trustedUserAuthenticationFilter the trusted user authentication filter.
 * @param httpHeaderAuthenticationFilter the HTTP header authentication filter.
 *
 * @return the filter chain proxy.
 */
@Bean
public FilterChainProxy filterChainProxy(final TrustedUserAuthenticationFilter trustedUserAuthenticationFilter,
    final HttpHeaderAuthenticationFilter httpHeaderAuthenticationFilter)
{
    return new FilterChainProxy(new SecurityFilterChain()
    {
        @Override
        public boolean matches(HttpServletRequest request)
        {
            // Match all URLs.
            return true;
        }

        @Override
        public List<Filter> getFilters()
        {
            List<Filter> filters = new ArrayList<>();

            // Required filter to store session information between HTTP requests.
            filters.add(new SecurityContextPersistenceFilter());

            // Trusted user filter to bypass security based on SpEL expression environment property.
            filters.add(trustedUserAuthenticationFilter);

            // Filter that authenticates based on http headers.
            if (Boolean.valueOf(configurationHelper.getProperty(ConfigurationValue.SECURITY_HTTP_HEADER_ENABLED)))
            {
                filters.add(httpHeaderAuthenticationFilter);
            }

            // Anonymous user filter.
            filters.add(new AnonymousAuthenticationFilter("AnonymousFilterKey"));

            return filters;
        }
    });
}