org.springframework.security.config.annotation.web.builders.WebSecurity Java Examples

The following examples show how to use org.springframework.security.config.annotation.web.builders.WebSecurity. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This is the equivalent to:
 * <pre>
 *     <http pattern="/resources/**" security="none"/>
 *     <http pattern="/css/**" security="none"/>
 *     <http pattern="/webjars/**" security="none"/>
 * </pre>
 *
 * @param web WebSecurity
 * @throws Exception
 */
@Override
public void configure(final WebSecurity web) throws Exception {
    web.ignoring()
            .antMatchers("/resources/**")
            .antMatchers("/css/**")
            .antMatchers("/webjars/**")
    ;

    // Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
    // and not the default Filter from AutoConfiguration.
    final HttpSecurity http = getHttp();
    web.postBuildAction(() -> {
        web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
    });
}
 
Example #2
Source File: SecurityConfiguration.java    From radman with MIT License 6 votes vote down vote up
@Override
public void configure(WebSecurity web) {
    web.ignoring().antMatchers(
            // Vaadin Flow static resources //
            "/VAADIN/**",
            // the standard favicon URI
            "/favicon.ico",
            // the robots exclusion standard
            "/robots.txt",
            // web application manifest //
            "/manifest.webmanifest",
            "/sw.js",
            "/offline-page.html",
            // (development mode) static resources //
            "/frontend/**",
            // (development mode) webjars //
            "/webjars/**",
            // (production mode) static resources //
            "/frontend-es5/**", "/frontend-es6/**");
}
 
Example #3
Source File: WebSecurityConfig.java    From spring-react-boilerplate with MIT License 6 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
    // AuthenticationTokenFilter will ignore the below paths
    web.ignoring()
            .antMatchers(
                    HttpMethod.POST,
                    authenticationPath
            )
            // allow anonymous resource requests
            .and()
            .ignoring()
            .antMatchers(
                    HttpMethod.GET,
                    "/",
                    "/*.html",
                    "/favicon.ico",
                    "/**/*.html",
                    "/**/*.css",
                    "/**/*.js"
            )

            .and()
            .ignoring()
            .antMatchers("/h2-console/**/**");
}
 
Example #4
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This is the equivalent to:
 * <pre>
 *     <http pattern="/resources/**" security="none"/>
 *     <http pattern="/css/**" security="none"/>
 *     <http pattern="/webjars/**" security="none"/>
 * </pre>
 *
 * @param web WebSecurity
 * @throws Exception
 */
@Override
public void configure(final WebSecurity web) throws Exception {
    web.ignoring()
            .antMatchers("/resources/**")
            .antMatchers("/css/**")
            .antMatchers("/webjars/**")
    ;

    // Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
    // and not the default Filter from AutoConfiguration.
    final HttpSecurity http = getHttp();
    web.postBuildAction(() -> {
        web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
    });
}
 
Example #5
Source File: WebSecurityConfig.java    From api-server-seed with Apache License 2.0 6 votes vote down vote up
@Override
public void configure(WebSecurity web) {
    web
            .ignoring()
            .antMatchers(
                    "swagger-ui.html",
                    "**/swagger-ui.html",
                    "/favicon.ico",
                    "/**/*.css",
                    "/**/*.js",
                    "/**/*.png",
                    "/**/*.gif",
                    "/swagger-resources/**",
                    "/v2/**",
                    "/**/*.ttf"
            );
    web.ignoring().antMatchers("/v2/api-docs",
            "/swagger-resources/configuration/ui",
            "/swagger-resources",
            "/swagger-resources/configuration/security",
            "/swagger-ui.html"
    );
}
 
Example #6
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This is the equivalent to:
 * <pre>
 *     <http pattern="/resources/**" security="none"/>
 *     <http pattern="/css/**" security="none"/>
 *     <http pattern="/webjars/**" security="none"/>
 * </pre>
 *
 * see https://w3stacks.com/questions/spring-boot/3925/spring-boot-security-thymeleaf-sec-authorize-url-not-working
 * See http://vkuzel.blogspot.com/2017/02/how-not-to-get-confused-by-spring-boot.html
 *
 * @param web
 * @throws Exception
 */
@Override
public void configure(final WebSecurity web) throws Exception {

    // Ignore static resources and webjars from Spring Security
    web.ignoring()
            .antMatchers("/resources/**")
            .antMatchers("/css/**")
            .antMatchers("/webjars/**")
    ;


    // Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
    // and not the default Filter from AutoConfiguration.
    final HttpSecurity http = getHttp();
    web.postBuildAction(() -> {
        web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
    });
}
 
Example #7
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This is the equivalent to:
 * <pre>
 *     <http pattern="/resources/**" security="none"/>
 *     <http pattern="/css/**" security="none"/>
 *     <http pattern="/webjars/**" security="none"/>
 * </pre>
 *
 * @param web
 * @throws Exception
 */
@Override
public void configure(final WebSecurity web) throws Exception {

    // Ignore static resources and webjars from Spring Security
    web.ignoring()
            .antMatchers("/resources/**")
            .antMatchers("/css/**")
            .antMatchers("/webjars/**")
    ;

    // Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
    // and not the default Filter from AutoConfiguration.
    final HttpSecurity http = getHttp();
    web.postBuildAction(() -> {
        web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
    });
}
 
Example #8
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This is the equivalent to:
 * <pre>
 *     <http pattern="/resources/**" security="none"/>
 *     <http pattern="/css/**" security="none"/>
 *     <http pattern="/webjars/**" security="none"/>
 * </pre>
 *
 * @param web WebSecurity
 * @throws Exception
 */
@Override
public void configure(final WebSecurity web) throws Exception {
    web.ignoring()
            .antMatchers("/resources/**")
            .antMatchers("/css/**")
            .antMatchers("/webjars/**")
    ;

    // Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
    // and not the default Filter from AutoConfiguration.
    final HttpSecurity http = getHttp();
    web.postBuildAction(() -> {
        web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
    });
}
 
Example #9
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This is the equivalent to:
 * <pre>
 *     <http pattern="/resources/**" security="none"/>
 *     <http pattern="/css/**" security="none"/>
 *     <http pattern="/webjars/**" security="none"/>
 * </pre>
 *
 * @param web WebSecurity
 * @throws Exception
 */
@Override
public void configure(final WebSecurity web) throws Exception {
    web.ignoring()
            .antMatchers("/resources/**")
            .antMatchers("/css/**")
            .antMatchers("/webjars/**")
    ;

    // Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
    // and not the default Filter from AutoConfiguration.
    final HttpSecurity http = getHttp();
    web.postBuildAction(() -> {
        web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
    });
}
 
Example #10
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
/**
 * This is the equivalent to:
 * <pre>
 *     <http pattern="/resources/**" security="none"/>
 *     <http pattern="/css/**" security="none"/>
 *     <http pattern="/webjars/**" security="none"/>
 * </pre>
 *
 * @param web WebSecurity
 * @throws Exception
 */
@Override
public void configure(final WebSecurity web) throws Exception {
    web.ignoring()
            .antMatchers("/resources/**")
            .antMatchers("/css/**")
            .antMatchers("/webjars/**")
    ;

    // Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
    // and not the default Filter from AutoConfiguration.
    final HttpSecurity http = getHttp();
    web.postBuildAction(() -> {
        web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
    });
}
 
Example #11
Source File: SecurityConfiguration.java    From angularjs-springboot-bookstore with MIT License 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
        .antMatchers("/scripts/**/*.{js,html}")
        .antMatchers("/bower_components/**")
        .antMatchers("/i18n/**")
        .antMatchers("/assets/**")
        .antMatchers("/swagger-ui/**")
        .antMatchers("/api/register")
        .antMatchers("/api/activate")
        .antMatchers("/api/account/reset_password/init")
        .antMatchers("/api/account/reset_password/finish")
        .antMatchers("/test/**");
}
 
Example #12
Source File: AppSecurityModelG.java    From Spring-5.0-Cookbook with MIT License 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
  web
    .ignoring()
       .antMatchers("/resources/**")
       .antMatchers("/css/**")
       .antMatchers("/js/**")
       .antMatchers("/image/**");
}
 
Example #13
Source File: SecurityConfiguration.java    From api-layer with Eclipse Public License 2.0 5 votes vote down vote up
@Override
public void configure(WebSecurity web) {
    // skip security filters matchers
    String[] noSecurityAntMatchers = {
        "/",
        "/static/**",
        "/favicon.ico",
        "/api-doc"
    };

    web.ignoring().antMatchers(noSecurityAntMatchers);
}
 
Example #14
Source File: SecurityConfiguration.java    From jhipster-ribbon-hystrix with GNU General Public License v3.0 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
        .antMatchers(HttpMethod.OPTIONS, "/**")
        .antMatchers("/app/**/*.{js,html}")
        .antMatchers("/bower_components/**")
        .antMatchers("/i18n/**")
        .antMatchers("/content/**")
        .antMatchers("/swagger-ui/index.html")
        .antMatchers("/test/**")
        .antMatchers("/h2-console/**");
}
 
Example #15
Source File: APISecurityConfig.java    From ReCiter with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
	if(!securityEnabled) {
     web
     .ignoring()
     .antMatchers("/reciter/**");
	} 
}
 
Example #16
Source File: MicroserviceSecurityConfiguration.java    From tutorials with MIT License 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
        .antMatchers(HttpMethod.OPTIONS, "/**")
        .antMatchers("/app/**/*.{js,html}")
        .antMatchers("/bower_components/**")
        .antMatchers("/i18n/**")
        .antMatchers("/content/**")
        .antMatchers("/swagger-ui/index.html")
        .antMatchers("/test/**")
        .antMatchers("/h2-console/**");
}
 
Example #17
Source File: SecurityConfiguration.java    From jhipster-online with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(WebSecurity web) {
    web.ignoring()
        .antMatchers(HttpMethod.OPTIONS, "/**")
        .antMatchers("/app/**/*.{js,html}")
        .antMatchers("/i18n/**")
        .antMatchers("/content/**")
        .antMatchers("/swagger-ui/index.html")
        .antMatchers("/test/**")
        .antMatchers("/h2-console/**");
}
 
Example #18
Source File: AppSecurityConfig.java    From Spring-5.0-Cookbook with MIT License 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
  web
    .ignoring()
       .antMatchers("/resources/**")
       .antMatchers("/css/**")
       .antMatchers("/js/**")
       .antMatchers("/image/**");
}
 
Example #19
Source File: SecurityConfiguration.java    From ehcache3-samples with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
        .antMatchers(HttpMethod.OPTIONS, "/**")
        .antMatchers("/app/**/*.{js,html}")
        .antMatchers("/i18n/**")
        .antMatchers("/content/**")
        .antMatchers("/h2-console/**")
        .antMatchers("/swagger-ui/index.html")
        .antMatchers("/test/**");
}
 
Example #20
Source File: NiFiWebApiSecurityConfiguration.java    From nifi with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(WebSecurity webSecurity) throws Exception {
    // ignore the access endpoints for obtaining the access config, the access token
    // granting, and access status for a given user (note: we are not ignoring the
    // the /access/download-token and /access/ui-extension-token endpoints
    webSecurity
            .ignoring()
                .antMatchers("/access", "/access/config", "/access/token", "/access/kerberos",
                        "/access/oidc/exchange", "/access/oidc/callback", "/access/oidc/request",
                        "/access/knox/callback", "/access/knox/request");
}
 
Example #21
Source File: WallRideSecurityConfiguration.java    From wallride with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
	// @formatter:off
	web
		.ignoring()
			.antMatchers("/_admin/resources/**")
			.antMatchers("/_admin/webjars/**")
			.antMatchers("/_admin/setup**")
			.antMatchers("/_admin/signup**");
	// @formatter:on
}
 
Example #22
Source File: SecurityConfiguration.java    From java-microservices-examples with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
        .antMatchers(HttpMethod.OPTIONS, "/**")
        .antMatchers("/app/**/*.{js,html}")
        .antMatchers("/i18n/**")
        .antMatchers("/content/**")
        .antMatchers("/h2-console/**")
        .antMatchers("/swagger-ui/index.html")
        .antMatchers("/test/**");
}
 
Example #23
Source File: AppSecurityModelD.java    From Spring-5.0-Cookbook with MIT License 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
     web
       .ignoring()
          .antMatchers("/resources/**")
          .antMatchers("/css/**")
          .antMatchers("/js/**")
          .antMatchers("/image/**");
   }
 
Example #24
Source File: SecurityConfiguration.java    From expper with GNU General Public License v3.0 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
        .antMatchers("/scripts/**/*.{js,html}")
        .antMatchers("/dist/scripts/**/*.{js,html}")
        .antMatchers("/bower_components/**")
        .antMatchers("/i18n/**")
        .antMatchers("/assets/**")
        .antMatchers("/swagger-ui/index.html")
        .antMatchers("/test/**");
}
 
Example #25
Source File: AppSecurityModelC.java    From Spring-5.0-Cookbook with MIT License 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
   web
      .ignoring()
         .antMatchers("/resources/**")
         .antMatchers("/css/**")
         .antMatchers("/js/**")
         .antMatchers("/image/**");
  }
 
Example #26
Source File: SecurityConfig.java    From promregator with Apache License 2.0 5 votes vote down vote up
private WebSecurity determineWebSecurityForEndpoint(WebSecurity secInitial, String endpoint, InboundAuthorizationMode iam) {

		WebSecurity sec = secInitial;
		if (iam == InboundAuthorizationMode.NONE) {
			System.err.println(String.format("Endpoint %s is NOT authentication protected", endpoint));
			sec = sec.ignoring().antMatchers(endpoint).and();
		}
		return sec;
	}
 
Example #27
Source File: AppSecurityConfig.java    From Spring-5.0-Cookbook with MIT License 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
  web
    .ignoring()
       .antMatchers("/resources/**")
       .antMatchers("/css/**")
       .antMatchers("/js/**")
       .antMatchers("/image/**");
}
 
Example #28
Source File: _MicroserviceSecurityConfiguration.java    From jhipster-ribbon-hystrix with GNU General Public License v3.0 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
        .antMatchers(HttpMethod.OPTIONS, "/**")
        .antMatchers("/app/**/*.{js,html}")
        .antMatchers("/bower_components/**")
        .antMatchers("/i18n/**")
        .antMatchers("/content/**")
        .antMatchers("/swagger-ui/index.html")
        .antMatchers("/test/**")
        .antMatchers("/h2-console/**");
}
 
Example #29
Source File: SecurityConfig.java    From spring-boot-cookbook with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
    //allow Swagger URL to be accessed without authentication
    web.ignoring().antMatchers( //"/v2/api-docs",//change to /swagger and custom the groupName
            "/swagger",// Resolve conflicts version number
            "/swagger-resources/configuration/ui",//用来获取支持的动作
            "/swagger-resources",//用来获取api-docs的URI
            "/swagger-resources/configuration/security",//安全选项
            "/webjars/**",///swagger-ui.html使用的一些资源文件在webjars目录下。eg:http://localhost/webjars/springfox-swagger-ui/images/logo_small.png
            "/swagger-ui.html",
            "/h2/**" // h2/query.jsp?jsessionid=f2e1c5f5748414b8b4f8e844f74ef99d.The H2 database provides a browser-based console that Spring Boot can auto-configure for you.
    );
}
 
Example #30
Source File: SecurityConfiguration.java    From alchemy with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring()
        .antMatchers(HttpMethod.OPTIONS, "/**")
        .antMatchers("/app/**/*.{js,html}")
        .antMatchers("/i18n/**")
        .antMatchers("/content/**")
        .antMatchers("/h2-console/**")
        .antMatchers("/swagger-ui/index.html")
        .antMatchers("/test/**");
}