Java Code Examples for org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest

The following examples show how to use org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            .antMatchers("/login/**","/oauth/**").permitAll()
            // 监控端点内部放行
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").permitAll()
            .and()
            .logout().permitAll()
            // /logout退出清除cookie
            .addLogoutHandler(new CookieClearingLogoutHandler("token", "remember-me"))
            .logoutSuccessHandler(new LogoutSuccessHandler())
            .and()
            // 认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable()
            // 禁用httpBasic
            .httpBasic().disable();
}
 
Example 2
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            // 监控端点内部放行
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            // fegin访问或无需身份认证
            .antMatchers(
                    "/generate/**"
            ).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example 3
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            .antMatchers("/login/**","/oauth/**").permitAll()
            // 监控端点内部放行
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").permitAll()
            .and()
            .logout().permitAll()
            // /logout退出清除cookie
            .addLogoutHandler(new CookieClearingLogoutHandler("token", "remember-me"))
            .logoutSuccessHandler(new LogoutSuccessHandler())
            .and()
            // 认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable()
            // 禁用httpBasic
            .httpBasic().disable();
}
 
Example 4
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            // 指定监控可访问权限
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example 5
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            // 指定监控访问权限
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example 6
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            .antMatchers(
                    "/email/**",
                    "/sms/**",
                    "/webhook/**"
            ).permitAll()
            // 指定监控访问权限
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example 7
Source Project: pivotal-bank-demo   Source File: WebSecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/", "/registration","/hystrix.stream").permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/login")
            .permitAll()
            .and()
        .logout()
        .logoutSuccessHandler(logoutSuccessHandler)
            .permitAll();
}
 
Example 8
Source Project: flowable-engine   Source File: SecurityConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
protected void configure(HttpSecurity http) throws Exception {

            http
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .csrf()
                .disable();

            http
                .requestMatcher(new ActuatorRequestMatcher())
                .authorizeRequests()
                .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
                .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
                .and().httpBasic();
        }
 
Example 9
Source Project: flowable-engine   Source File: SecurityConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
protected void configure(HttpSecurity http) throws Exception {

            http
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .csrf()
                .disable();

            http
                .requestMatcher(new ActuatorRequestMatcher())
                .authorizeRequests()
                .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
                .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
                .and().httpBasic();
        }
 
Example 10
Source Project: flowable-engine   Source File: SecurityConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

    http
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .csrf()
        .disable();

    http
        .requestMatcher(new ActuatorRequestMatcher())
        .authorizeRequests()
        .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
        .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
        .and().httpBasic();
}
 
Example 11
Source Project: flowable-engine   Source File: SecurityConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
protected void configure(HttpSecurity http) throws Exception {

            http
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .csrf()
                .disable();

            http
                .requestMatcher(new ActuatorRequestMatcher())
                .authorizeRequests()
                .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
                .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
                .and().httpBasic();
        }
 
Example 12
@Override
protected void configure(final HttpSecurity http) throws Exception {

    // @formatter:off
    
    http
        .csrf().disable()
        .requestMatcher(EndpointRequest.toAnyEndpoint())
        .authorizeRequests()
            // Permit access to health check
            .requestMatchers(EndpointRequest.to("health")).permitAll()
            // Require authorization for everthing else
            .anyRequest().hasRole("SYSADMIN")
        .and()
        .httpBasic().authenticationEntryPoint(actuatorAuthenticationEntryPoint())
        .and()
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS); 
    
    // @formatter:on

}
 
Example 13
Source Project: gaia   Source File: ActuatorSecurityConfig.java    License: Mozilla Public License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .requestMatcher(EndpointRequest.to("health", "info"))
            .authorizeRequests()
            .anyRequest()
            .permitAll();
}
 
Example 14
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            // 监控端点内部放行
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            // fegin访问或无需身份认证
            .antMatchers(
                    "/authority/access",
                    "/authority/app",
                    "/app/*/info",
                    "/app/client/*/info",
                    "/gateway/api/**",
                    "/user/add/thirdParty",
                    "/user/info",
                    "/user/login",
                    "/developer/add/thirdParty",
                    "/developer/info",
                    "/developer/login"
            ).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example 15
@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
    .requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
    .authorizeRequests()
      .anyRequest().hasRole("ADMIN")
      
    .and()
  
    .httpBasic();
  // @formatter:on
}
 
Example 16
@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
    .requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
    .authorizeRequests()
      .anyRequest().hasRole("ADMIN")
      
    .and()
  
    .httpBasic();
  // @formatter:on
}
 
Example 17
@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
    .requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
    .authorizeRequests()
      .anyRequest().hasRole("ADMIN")
      
    .and()
  
    .httpBasic();
  // @formatter:on
}
 
Example 18
@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
    .requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
    .authorizeRequests()
      .anyRequest().hasRole("ADMIN")
      
    .and()
  
    .httpBasic();
  // @formatter:on
}
 
Example 19
Source Project: Spring   Source File: AuthorizationApplication.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
       http
           .requestMatcher(EndpointRequest.toAnyEndpoint())
               .authorizeRequests()
                   .requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll()
           .anyRequest().authenticated()
           .and()
           .httpBasic();
	}
 
Example 20
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.toAnyEndpoint())
            .authorizeRequests().anyRequest().hasRole("ENDPOINT_ADMIN")
            .and()
            .httpBasic();
}
 
Example 21
Source Project: pacbot   Source File: SpringSecurityConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	http.anonymous().and().antMatcher("/user").authorizeRequests()
	.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().
        antMatchers(AUTH_WHITELIST).permitAll().
        anyRequest().authenticated()
	.and()
       .csrf()
       .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
 
Example 22
Source Project: pacbot   Source File: SpringSecurityConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	http.anonymous().and().antMatcher("/user").authorizeRequests()
	.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().
        antMatchers(AUTH_WHITELIST).permitAll().
        anyRequest().authenticated()
	.and()
       .csrf()
       .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
 
Example 23
Source Project: pacbot   Source File: AuthConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	http.anonymous().and().antMatcher("/user").authorizeRequests()
	
	.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().
        antMatchers(AUTH_WHITELIST).permitAll().
        antMatchers("/actuator/**").permitAll().
        anyRequest().authenticated()
	.and()
       .csrf()
       .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
       .ignoringAntMatchers("/instances", "/actuator/**");
}
 
Example 24
Source Project: pacbot   Source File: WebSecurityConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
  protected void configure(HttpSecurity http) throws Exception {
  	http.authorizeRequests().anyRequest().authenticated()
  	.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().
      antMatchers("/actuator/**").permitAll().anyRequest().authenticated();
http.formLogin().loginPage("/login").permitAll();
http.logout().clearAuthentication(true)
      .logoutSuccessUrl("/")
      .logoutUrl("/logout-session")
      .deleteCookies("JSESSIONID")
      .invalidateHttpSession(true);
http.requestMatchers().antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access", "/implicit/redirect");
http.authorizeRequests().antMatchers("/oauth/authorize").authenticated().anyRequest().authenticated();
http.csrf().ignoringAntMatchers("/instances", "/actuator/**");
  }
 
Example 25
Source Project: pacbot   Source File: AuthConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	http.anonymous().and().antMatcher("/user").authorizeRequests()
	.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().
        antMatchers(AUTH_WHITELIST).permitAll().
        anyRequest().authenticated()
	.and()
       .csrf()
       .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
 
Example 26
Source Project: pacbot   Source File: SpringSecurityConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	http.anonymous().and().antMatcher("/user").authorizeRequests()
	.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().
        antMatchers(AUTH_WHITELIST).permitAll().
        anyRequest().authenticated()
	.and()
       .csrf()
       .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
 
Example 27
Source Project: Spring-Boot-2.0-Projects   Source File: SecurityConfig.java    License: MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.httpBasic().and()
            .authorizeRequests()
            .requestMatchers(EndpointRequest.to("info", "health")).permitAll()
            .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("SYSTEM")
            .antMatchers("/**").hasRole("USER");

}
 
Example 28
Source Project: ssh-shell-spring-boot   Source File: DemoSecurity.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .requestMatchers(EndpointRequest.to("info")).permitAll()
            .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR");
}
 
Example 29
@Override
protected void configure(HttpSecurity http) throws Exception {
	// @formatter:off
	http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest().authenticated().and()
			.httpBasic();
	// @formatter:on
}
 
Example 30
Source Project: mirrorgate   Source File: EmbeddedConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(final HttpSecurity http) throws Exception {
    http
        .cors()
        .and()
        .csrf()
        .disable()
        .authorizeRequests()
        .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // Disabling actuation security
}