org.springframework.security.web.util.matcher.OrRequestMatcher Java Examples

The following examples show how to use org.springframework.security.web.util.matcher.OrRequestMatcher. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityConfig.java    From ambari-logsearch with Apache License 2.0 6 votes vote down vote up
@Bean
public RequestMatcher requestMatcher() {
  List<RequestMatcher> matchers = Lists.newArrayList();
  matchers.add(new AntPathRequestMatcher("/docs/**"));
  matchers.add(new AntPathRequestMatcher("/swagger-ui/**"));
  matchers.add(new AntPathRequestMatcher("/swagger.html"));
  if (!authPropsConfig.isAuthJwtEnabled()) {
    matchers.add(new AntPathRequestMatcher("/"));
  }
  matchers.add(new AntPathRequestMatcher("/login"));
  matchers.add(new AntPathRequestMatcher("/logout"));
  matchers.add(new AntPathRequestMatcher("/resources/**"));
  matchers.add(new AntPathRequestMatcher("/index.html"));
  matchers.add(new AntPathRequestMatcher("/favicon.ico"));
  matchers.add(new AntPathRequestMatcher("/assets/**"));
  matchers.add(new AntPathRequestMatcher("/templates/**"));
  matchers.add(new AntPathRequestMatcher("/api/v1/info/**"));
  matchers.add(new AntPathRequestMatcher("/api/v1/swagger.json"));
  matchers.add(new AntPathRequestMatcher("/api/v1/swagger.yaml"));
  return new OrRequestMatcher(matchers);
}
 
Example #2
Source File: WebSecurityConfig.java    From Mastering-Microservices-with-Java-Third-Edition with MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

  http
      .requestMatchers()
      .requestMatchers(
          new NegatedRequestMatcher(
              new OrRequestMatcher(
                  new AntPathRequestMatcher("/me")
              )
          )
      )
      .and()
      .authorizeRequests()
      .antMatchers("/fevicon.ico").anonymous()
      .antMatchers("/user").authenticated()
      .and().formLogin();
}
 
Example #3
Source File: SecurityUtils.java    From fast-family-master with Apache License 2.0 5 votes vote down vote up
public static boolean skipPathRequest(HttpServletRequest request, String[] whiteList) {
    List<String> pathsToSkip = new ArrayList();
    pathsToSkip.addAll(Arrays.asList(whiteList));
    List<RequestMatcher> m = (List) pathsToSkip.stream().map((path) -> {
        return new AntPathRequestMatcher(path);
    }).collect(Collectors.toList());
    OrRequestMatcher matchers = new OrRequestMatcher(m);
    return matchers.matches(request);
}
 
Example #4
Source File: OrRegexRequestMatcher.java    From studio with GNU General Public License v3.0 5 votes vote down vote up
public OrRegexRequestMatcher(String... patterns) {
    requestMatcher = new OrRequestMatcher(
            Stream.of(patterns)
                    .map(pattern -> new RegexRequestMatcher(pattern, null))
                    .collect(toList())
    );
}
 
Example #5
Source File: IgnoredRequestMatcher.java    From para with Apache License 2.0 5 votes vote down vote up
private IgnoredRequestMatcher() {
	ConfigList c = Config.getConfig().getList("security.ignored");
	List<RequestMatcher> list = new ArrayList<>(c.size());
	for (ConfigValue configValue : c) {
		list.add(new AntPathRequestMatcher((String) configValue.unwrapped()));
	}
	orMatcher = new OrRequestMatcher(list);
}
 
Example #6
Source File: FacebookLoginFilter.java    From OAuth-2.0-Cookbook with MIT License 5 votes vote down vote up
public FacebookLoginFilter(
    @Value("${facebook.filter.callback-uri}") String callbackUri,
    @Value("${facebook.filter.api-base-uri}")String apiBaseUri) {
    super(new OrRequestMatcher(
        new AntPathRequestMatcher(callbackUri),
        new AntPathRequestMatcher(apiBaseUri)
    ));
    this.localMatcher = new AntPathRequestMatcher(apiBaseUri);
    setAuthenticationManager(new NoopAuthenticationManager());
}
 
Example #7
Source File: OpenIdConnectFilter.java    From OAuth-2.0-Cookbook with MIT License 5 votes vote down vote up
public OpenIdConnectFilter(
    @Value("${openid.callback-uri}") String callbackUri,
    @Value("${openid.api-base-uri}") String apiBaseUri) {
    super(new OrRequestMatcher(
        new AntPathRequestMatcher(callbackUri),
        new AntPathRequestMatcher(apiBaseUri)));
    this.localMatcher = new AntPathRequestMatcher(apiBaseUri);
    setAuthenticationManager(new NoopAuthenticationManager());
}
 
Example #8
Source File: OpenIdConnectFilter.java    From OAuth-2.0-Cookbook with MIT License 5 votes vote down vote up
public OpenIdConnectFilter(
    @Value("${openid.callback-uri}") String callbackUri,
    @Value("${openid.api-base-uri}") String apiBaseUri) {
    super(new OrRequestMatcher(
        new AntPathRequestMatcher(callbackUri),
        new AntPathRequestMatcher(apiBaseUri)));
    this.localMatcher = new AntPathRequestMatcher(apiBaseUri);
    setAuthenticationManager(new NoopAuthenticationManager());
}
 
Example #9
Source File: InMemoryHodSecurity.java    From find with MIT License 5 votes vote down vote up
@SuppressWarnings("ProhibitedExceptionDeclared")
@Override
protected void configure(final HttpSecurity http) throws Exception {
    final AuthenticationSuccessHandler loginSuccessHandler = new LoginSuccessHandler(FindRole.CONFIG.toString(), FindController.CONFIG_PATH, "/p/");
    final HttpSessionRequestCache requestCache = new HttpSessionRequestCache();

    requestCache.setRequestMatcher(new OrRequestMatcher(
            new AntPathRequestMatcher("/p/**"),
            new AntPathRequestMatcher(FindController.CONFIG_PATH)
    ));

    http.regexMatcher("/p/.*|/config/.*|/authenticate|/logout")
        .authorizeRequests()
            .antMatchers("/p/**").hasRole(FindRole.ADMIN.name())
            .antMatchers(FindController.CONFIG_PATH).hasRole(FindRole.CONFIG.name())
            .and()
        .requestCache()
            .requestCache(requestCache)
            .and()
        .formLogin()
            .loginPage(FindController.DEFAULT_LOGIN_PAGE)
            .loginProcessingUrl("/authenticate")
            .successHandler(loginSuccessHandler)
            .failureUrl(FindController.DEFAULT_LOGIN_PAGE + "?error=auth")
            .and()
        .logout()
            .logoutSuccessHandler(new HodLogoutSuccessHandler(new HodTokenLogoutSuccessHandler(SsoController.SSO_LOGOUT_PAGE, tokenRepository), FindController.APP_PATH))
            .and()
        .csrf()
            .disable();
}
 
Example #10
Source File: SkipPathRequestMatcher.java    From iotplatform with Apache License 2.0 5 votes vote down vote up
public SkipPathRequestMatcher(List<String> pathsToSkip, String processingPath) {
  Assert.notNull(pathsToSkip);
  List<RequestMatcher> m = pathsToSkip.stream().map(path -> new AntPathRequestMatcher(path))
      .collect(Collectors.toList());
  matchers = new OrRequestMatcher(m);
  processingMatcher = new AntPathRequestMatcher(processingPath);
}
 
Example #11
Source File: JwtTokenAuthenticationFilter.java    From quartz-manager with Apache License 2.0 5 votes vote down vote up
private boolean skipPathRequest(HttpServletRequest request, List<String> pathsToSkip ) {
  if(pathsToSkip == null)
    pathsToSkip = new ArrayList<String>();
  List<RequestMatcher> matchers = pathsToSkip.stream().map(path -> new AntPathRequestMatcher(path)).collect(Collectors.toList());
  OrRequestMatcher compositeMatchers = new OrRequestMatcher(matchers);
  return compositeMatchers.matches(request);
}
 
Example #12
Source File: AuditLoggingFilter.java    From cerberus with Apache License 2.0 5 votes vote down vote up
@Override
protected boolean shouldNotFilter(HttpServletRequest request) {
  List<RequestMatcher> blackListMatchers =
      LOGGING_NOT_TRIGGERED_BLACKLIST.stream()
          .map(AntPathRequestMatcher::new)
          .collect(Collectors.toList());
  var blackListMatcher = new OrRequestMatcher(blackListMatchers);
  return blackListMatcher.matches(request);
}
 
Example #13
Source File: WebSecurityConfiguration.java    From cerberus with Apache License 2.0 5 votes vote down vote up
RequestMatcher getDoesRequestsRequireAuthMatcher() {

    List<RequestMatcher> whiteListMatchers =
        AUTHENTICATION_NOT_REQUIRED_WHITELIST.stream()
            .map(AntPathRequestMatcher::new)
            .collect(Collectors.toList());
    var whiteListMatcher = new OrRequestMatcher(whiteListMatchers);
    return request -> !whiteListMatcher.matches(request);
  }
 
Example #14
Source File: SkipPathRequestMatcher.java    From OpenLRW with Educational Community License v2.0 4 votes vote down vote up
public SkipPathRequestMatcher(List<String> pathsToSkip, String processingPath) {
    Assert.notNull(pathsToSkip);
    List<RequestMatcher> m = pathsToSkip.stream().map(path -> new AntPathRequestMatcher(path)).collect(Collectors.toList());
    matchers = new OrRequestMatcher(m);
    processingMatcher = new AntPathRequestMatcher(processingPath);
}
 
Example #15
Source File: MolgenisWebAppSecurityConfig.java    From molgenis with GNU Lesser General Public License v3.0 4 votes vote down vote up
private RequestMatcher createWebRequestMatcher() {
  return new OrRequestMatcher(
      new AntPathRequestMatcher("/"),
      new AntPathRequestMatcher("/plugin/**"),
      new AntPathRequestMatcher("/menu/**"));
}
 
Example #16
Source File: SkipPathRequestMatcher.java    From springboot-security-jwt with MIT License 4 votes vote down vote up
public SkipPathRequestMatcher(List<String> pathsToSkip, String processingPath) {
    Assert.notNull(pathsToSkip);
    List<RequestMatcher> m = pathsToSkip.stream().map(path -> new AntPathRequestMatcher(path)).collect(Collectors.toList());
    matchers = new OrRequestMatcher(m);
    processingMatcher = new AntPathRequestMatcher(processingPath);
}
 
Example #17
Source File: IntegrationAuthenticationFilter.java    From springboot-seed with MIT License 4 votes vote down vote up
public IntegrationAuthenticationFilter() {
    this.requestMatcher = new OrRequestMatcher(
            new AntPathRequestMatcher(OAUTH_TOKEN_URL, "GET"),
            new AntPathRequestMatcher(OAUTH_TOKEN_URL, "POST")
    );
}
 
Example #18
Source File: SkipPathRequestMatcher.java    From Groza with Apache License 2.0 4 votes vote down vote up
public SkipPathRequestMatcher(List<String> pathsToSkip, String processingPath) {
    Assert.notNull(pathsToSkip);
    List<RequestMatcher> m = pathsToSkip.stream().map(path -> new AntPathRequestMatcher(path)).collect(Collectors.toList());
    matchers = new OrRequestMatcher(m);
    processingMatcher = new AntPathRequestMatcher(processingPath);
}
 
Example #19
Source File: IntegrationAuthenticationFilter.java    From cola-cloud with MIT License 4 votes vote down vote up
public IntegrationAuthenticationFilter(){
    this.requestMatcher = new OrRequestMatcher(
            new AntPathRequestMatcher(OAUTH_TOKEN_URL, "GET"),
            new AntPathRequestMatcher(OAUTH_TOKEN_URL, "POST")
    );
}
 
Example #20
Source File: SkipPathRequestMatcher.java    From IOT-Technical-Guide with Apache License 2.0 4 votes vote down vote up
public SkipPathRequestMatcher(List<String> pathsToSkip, String processingPath) {
    Assert.notNull(pathsToSkip);
    List<RequestMatcher> m = pathsToSkip.stream().map(path -> new AntPathRequestMatcher(path)).collect(Collectors.toList());
    matchers = new OrRequestMatcher(m);
    processingMatcher = new AntPathRequestMatcher(processingPath);
}
 
Example #21
Source File: ServiceProviderEndpoints.java    From spring-boot-security-saml with MIT License 2 votes vote down vote up
/**
 * Returns an {@link OrRequestMatcher} that contains all the different URLs configured throughout the Service
 * Provider configuration.
 *
 * @return
 */
public RequestMatcher getRequestMatcher() {
    return new OrRequestMatcher(requestMatchers(defaultFailureURL, ssoProcessingURL, ssoHoKProcessingURL, discoveryProcessingURL,
            idpSelectionPageURL, ssoLoginURL, metadataURL, defaultTargetURL, logoutURL, singleLogoutURL));
}