Java Code Examples for org.springframework.security.cas.web.CasAuthenticationFilter

The following examples show how to use org.springframework.security.cas.web.CasAuthenticationFilter. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling()
			.authenticationEntryPoint(casAuthenticationEntryPoint()).and().addFilter(casAuthenticationFilter())
			.addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class)
			.addFilterBefore(requestCasGlobalLogoutFilter(), LogoutFilter.class);

	http.headers().frameOptions().disable().authorizeRequests().antMatchers("/").permitAll()
			.antMatchers("/login", "/logout", "/secure").authenticated().antMatchers("/filtered")
			.hasAuthority(AuthoritiesConstants.ADMIN).anyRequest().authenticated();

	/**
	 * <logout invalidate-session="true" delete-cookies="JSESSIONID" />
	 */
	http.logout().logoutUrl("/logout").logoutSuccessUrl("/").invalidateHttpSession(true)
			.deleteCookies("JSESSIONID");

	// http.csrf();
}
 
Example 2
Source Project: dubbo-postman   Source File: WebSecurityConfig.java    License: MIT License 5 votes vote down vote up
/**
 * 认证过滤器
 */
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
    CasAuthenticationFilter filter = new CasAuthenticationFilter();
    filter.setAuthenticationManager(authenticationManager());
    filter.setFilterProcessesUrl("/cas_security_check");
    return filter;
}
 
Example 3
Source Project: cymbal   Source File: SecurityConfiguration.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
public FilterRegistrationBean casAuthenticationFilterRegistrationBean(
        final CasAuthenticationFilter casAuthenticationFilter) {
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
    filterRegistrationBean.setFilter(casAuthenticationFilter);
    filterRegistrationBean.addUrlPatterns("/*");
    filterRegistrationBean.setOrder(3);
    return filterRegistrationBean;
}
 
Example 4
Source Project: Spring-Security-Third-Edition   Source File: CasConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public CasAuthenticationFilter casFilter() {
    CasAuthenticationFilter caf = new CasAuthenticationFilter();
    caf.setAuthenticationManager(authenticationManager);
    caf.setFilterProcessesUrl("/login");
    caf.setProxyGrantingTicketStorage(pgtStorage());
    caf.setProxyReceptorUrl("/pgtUrl");
    return caf;
}
 
Example 5
Source Project: Spring-Security-Third-Edition   Source File: CasConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public CasAuthenticationFilter casFilter() {
    CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
    casAuthenticationFilter.setAuthenticationManager(authenticationManager);
    casAuthenticationFilter.setFilterProcessesUrl("/login");
    return casAuthenticationFilter;
}
 
Example 6
Source Project: Spring-Security-Third-Edition   Source File: CasConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public CasAuthenticationFilter casFilter() {
    CasAuthenticationFilter caf = new CasAuthenticationFilter();
    caf.setAuthenticationManager(authenticationManager);
    caf.setFilterProcessesUrl("/login");
    caf.setProxyGrantingTicketStorage(pgtStorage());
    caf.setProxyReceptorUrl("/pgtUrl");

    caf.setServiceProperties(serviceProperties());
    caf.setAuthenticationDetailsSource(
            new ServiceAuthenticationDetailsSource(
                    serviceProperties())
    );
    return caf;
}
 
Example 7
Source Project: Spring-Security-Third-Edition   Source File: CasConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public CasAuthenticationFilter casFilter() {
    CasAuthenticationFilter caf = new CasAuthenticationFilter();
    caf.setAuthenticationManager(authenticationManager);
    caf.setFilterProcessesUrl("/login");
    caf.setProxyGrantingTicketStorage(pgtStorage());
    caf.setProxyReceptorUrl("/pgtUrl");

    caf.setServiceProperties(serviceProperties());
    caf.setAuthenticationDetailsSource(
            new ServiceAuthenticationDetailsSource(
                    serviceProperties())
    );
    return caf;
}
 
Example 8
Source Project: Spring-Security-Third-Edition   Source File: CasConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public CasAuthenticationFilter casFilter() {
    CasAuthenticationFilter caf = new CasAuthenticationFilter();
    caf.setAuthenticationManager(authenticationManager);
    caf.setFilterProcessesUrl("/login");
    caf.setProxyGrantingTicketStorage(pgtStorage());
    caf.setProxyReceptorUrl("/pgtUrl");

    caf.setServiceProperties(serviceProperties());
    caf.setAuthenticationDetailsSource(
            new ServiceAuthenticationDetailsSource(
                    serviceProperties())
    );
    return caf;
}
 
Example 9
Source Project: Spring-Security-Third-Edition   Source File: CasConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public CasAuthenticationFilter casFilter() {
    CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
    casAuthenticationFilter.setAuthenticationManager(authenticationManager);
    casAuthenticationFilter.setFilterProcessesUrl("/login");
    return casAuthenticationFilter;
}
 
Example 10
Source Project: tutorials   Source File: CasSecuredApplication.java    License: MIT License 5 votes vote down vote up
@Bean
public CasAuthenticationFilter casAuthenticationFilter(
  AuthenticationManager authenticationManager,
  ServiceProperties serviceProperties) throws Exception {
    CasAuthenticationFilter filter = new CasAuthenticationFilter();
    filter.setAuthenticationManager(authenticationManager);
    filter.setServiceProperties(serviceProperties);
    return filter;
}
 
Example 11
Source Project: tutorials   Source File: WebSecurityConfig.java    License: MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers( "/secured", "/login").authenticated()
      .and()
      .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
      .and()
      .addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
      .addFilterBefore(logoutFilter, LogoutFilter.class)
      .csrf().ignoringAntMatchers("/exit/cas");
}
 
Example 12
Source Project: we-cmdb   Source File: SpringWebConfig.java    License: Apache License 2.0 4 votes vote down vote up
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
    CasAuthenticationFilter filter = new CasAuthenticationFilter();
    filter.setAuthenticationManager(authenticationManager());
    return filter;
}
 
Example 13
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example 14
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    // Login
    /*http.formLogin()
            .loginPage("/login/form")
            .loginProcessingUrl("/login")
            .failureUrl("/login/form?error")
            .usernameParameter("username")
            .passwordParameter("password")
            .defaultSuccessUrl("/default", true)
            .permitAll();*/

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl("/login/form?logout")
            .deleteCookies("JSESSIONID").invalidateHttpSession(true)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example 15
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example 16
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example 17
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example 18
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}