Java Code Examples for org.springframework.security.config.http.SessionCreationPolicy

The following examples show how to use org.springframework.security.config.http.SessionCreationPolicy. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Override
protected void configure(HttpSecurity http) throws Exception {

    http = http.addFilter(new WebAsyncManagerIntegrationFilter());
    http = http.addFilterBefore(jwtAuthFilter(), UsernamePasswordAuthenticationFilter.class);

    http
            .antMatcher("/ext/**")
            .csrf().requireCsrfProtectionMatcher(csrfSecurityRequestMatcher).and()
            .headers().frameOptions().sameOrigin().and()
            .authorizeRequests()
            .antMatchers(
                    "/ext/stream/**",
                    "/ext/coverArt*",
                    "/ext/share/**",
                    "/ext/hls/**")
            .hasAnyRole("TEMP", "USER").and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .exceptionHandling().and()
            .securityContext().and()
            .requestCache().and()
            .anonymous().and()
            .servletApi();
}
 
Example 2
Source Project: XS2A-Sandbox   Source File: TppWebSecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .authorizeRequests().antMatchers(INDEX_WHITELIST).permitAll()
        .and()
        .authorizeRequests().antMatchers(APP_WHITELIST).permitAll()
        .and()
        .authorizeRequests().antMatchers(ACTUATOR_WHITELIST).permitAll()
        .and()
        .authorizeRequests().antMatchers(SWAGGER_WHITELIST).permitAll()
        .and()
        .cors()
        .and()
        .authorizeRequests().anyRequest().authenticated();

    http.headers().frameOptions().disable();
    http.httpBasic().disable();
    http.addFilterBefore(new DisableEndpointFilter(environment), BasicAuthenticationFilter.class);
    http.addFilterBefore(new LoginAuthenticationFilter(userMgmtStaffRestClient), BasicAuthenticationFilter.class);
    http.addFilterBefore(new TokenAuthenticationFilter(ledgersUserMgmt, authInterceptor), BasicAuthenticationFilter.class);
}
 
Example 3
Source Project: XS2A-Sandbox   Source File: WebSecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/api/v1/**")
        .authorizeRequests()
        .antMatchers(APP_WHITELIST).permitAll()
            .and()
        .authorizeRequests().anyRequest()
        .authenticated()
            .and()
        .httpBasic()
        .disable();

    http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http.headers().frameOptions().disable();

    http.addFilterBefore(new LoginAuthenticationFilter(userMgmtRestClient), BasicAuthenticationFilter.class);
    http.addFilterBefore(new TokenAuthenticationFilter(userMgmtRestClient, authInterceptor), BasicAuthenticationFilter.class);
}
 
Example 4
Source Project: XS2A-Sandbox   Source File: WebSecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests().antMatchers(APP_INDEX_WHITELIST).permitAll()
        .and()
        .authorizeRequests().antMatchers(APP_SCA_WHITELIST).permitAll()
        .and()
        .authorizeRequests().antMatchers(APP_WHITELIST).permitAll()
        .and()
        .authorizeRequests().antMatchers(SWAGGER_WHITELIST).permitAll()
        .and()
        .authorizeRequests().antMatchers(ACTUATOR_WHITELIST).permitAll()
        .and()
        .cors()
        .and()
        .authorizeRequests().anyRequest().authenticated();

    http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http.headers().frameOptions().disable();

    http.addFilterBefore(new JWTAuthenticationFilter(tokenAuthenticationService), BasicAuthenticationFilter.class);
}
 
Example 5
Source Project: MyShopPlus   Source File: WebSecurityConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Override
    protected void configure(HttpSecurity http) throws Exception {
        /**
         * 将授权访问配置改为注解方式
         * @see LoginController#info()
         */
        http.exceptionHandling()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

//        http.exceptionHandling()
//                .and()
//                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//                .and()
//                .authorizeRequests()
//                // 授权访问
//                .antMatchers("/user/info").hasAuthority("USER")
//                .antMatchers("/user/logout").hasAuthority("USER");
    }
 
Example 6
Source Project: cubeai   Source File: MicroserviceSecurityConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
        .disable()
        .headers()
        .frameOptions()
        .disable()
    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
        .authorizeRequests()
        .antMatchers("/api/profile-info").permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .antMatchers("/swagger-resources/configuration/ui").permitAll();
}
 
Example 7
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        .csrf().disable()
        .exceptionHandling().authenticationEntryPoint(jwtUnAuthorizedResponseAuthenticationEntryPoint).and()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
        .authorizeRequests()
        .anyRequest().authenticated();

   httpSecurity
        .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    
    httpSecurity
        .headers()
        .frameOptions().sameOrigin()  //H2 Console Needs this setting
        .cacheControl(); //disable caching
}
 
Example 8
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        .csrf().disable()
        .exceptionHandling().authenticationEntryPoint(jwtUnAuthorizedResponseAuthenticationEntryPoint).and()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
        .authorizeRequests()
        .anyRequest().authenticated();

   httpSecurity
        .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    
    httpSecurity
        .headers()
        .frameOptions().sameOrigin()  //H2 Console Needs this setting
        .cacheControl(); //disable caching
}
 
Example 9
@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
        .disable()
        .headers()
        .frameOptions()
        .disable()
    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
        .requestMatcher(authorizationHeaderRequestMatcher())
        .authorizeRequests()
        .antMatchers("/services/**").authenticated()
        .antMatchers("/api/profile-info").permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN);
}
 
Example 10
@Override
public void configure(HttpSecurity http) throws Exception {
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl = setHttp(http)
            .authorizeRequests()
            .antMatchers(securityProperties.getIgnore().getUrls()).permitAll()
            .antMatchers(HttpMethod.OPTIONS).permitAll()
            .anyRequest();
    setAuthenticate(authorizedUrl);

    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
                .httpBasic().disable()
                .headers()
                .frameOptions().disable()
            .and()
                .csrf().disable();
}
 
Example 11
Source Project: cubeai   Source File: MicroserviceSecurityConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
        .disable()
        .headers()
        .frameOptions()
        .disable()
    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
        .authorizeRequests()
        .antMatchers("/api/profile-info").permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .antMatchers("/swagger-resources/configuration/ui").permitAll();
}
 
Example 12
Source Project: spring-security   Source File: WebSecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http
            .cors()
            .and().csrf().disable();//开启跨域
    http
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
            /*匿名请求:不需要进行登录拦截的url*/
            .authorizeRequests()
                .antMatchers("/getVerifyCode", "/auth/**").permitAll()
                .anyRequest().authenticated()//其他的路径都是登录后才可访问
                .and()
            .exceptionHandling()
                .authenticationEntryPoint(authenticationEntryPoint)
                .accessDeniedHandler(accessDeniedHandler);
     http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
     http.headers().cacheControl();
}
 
Example 13
Source Project: WeEvent   Source File: BrowerSecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

    http.exceptionHandling().accessDeniedHandler(jsonAccessDeniedHandler);

    http.formLogin() // define user login page
            .loginPage("/user/require")
            .loginProcessingUrl("/user/login")
            .usernameParameter("username")
            .passwordParameter("password")
            .permitAll()
            .successHandler(authenticationSuccessHandler) // if login success
            .failureHandler(loginfailHandler) // if login fail
            .and()
            .addFilterAfter(new UserFilter(), LoginFilter.class)
            .addFilter(new LoginFilter(authenticationManagerBean(), authenticationSuccessHandler,loginfailHandler))
            .authorizeRequests()
            .antMatchers("/user/**", "/", "/static/**", "/weevent-governance/user/**").permitAll()
            .anyRequest().authenticated()
            .and().csrf()
            .disable().httpBasic().authenticationEntryPoint(jsonAuthenticationEntryPoint)
            .disable().cors().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and().logout().logoutUrl("/user/logout")
            .logoutSuccessHandler(jsonLogoutSuccessHandler)
            .permitAll();
}
 
Example 14
Source Project: Blog   Source File: WebSecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {

    //禁用csrf
    //options全部放行
    //post put delete get 全部拦截校验
    httpSecurity.csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            .antMatchers(HttpMethod.POST).authenticated()
            .antMatchers(HttpMethod.PUT).authenticated()
            .antMatchers(HttpMethod.DELETE).authenticated()
            .antMatchers(HttpMethod.GET).authenticated();

    httpSecurity
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
    httpSecurity.headers().cacheControl();
}
 
Example 15
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            .antMatchers("/login/**","/oauth/**").permitAll()
            // 监控端点内部放行
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").permitAll()
            .and()
            .logout().permitAll()
            // /logout退出清除cookie
            .addLogoutHandler(new CookieClearingLogoutHandler("token", "remember-me"))
            .logoutSuccessHandler(new LogoutSuccessHandler())
            .and()
            // 认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable()
            // 禁用httpBasic
            .httpBasic().disable();
}
 
Example 16
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            .antMatchers("/").permitAll()
            .anyRequest().authenticated()
            // 动态权限验证
            .anyRequest().access("@accessManager.check(request,authentication)")
            .and()
            //认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new JsonAccessDeniedHandler(accessLogService))
            .authenticationEntryPoint(new JsonAuthenticationEntryPoint(accessLogService))
            .and()
            .csrf().disable();
    // 日志前置过滤器
    http.addFilterBefore(new PreRequestFilter(), AbstractPreAuthenticatedProcessingFilter.class);
    // 签名验证过滤器
    http.addFilterAfter(new PreSignatureFilter(baseAppServiceClient, apiProperties,new JsonSignatureDeniedHandler(accessLogService)), AbstractPreAuthenticatedProcessingFilter.class);
    // 访问验证前置过滤器
    http.addFilterAfter(new PreCheckFilter(accessManager, new JsonAccessDeniedHandler(accessLogService)), AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example 17
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            // 监控端点内部放行
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            // fegin访问或无需身份认证
            .antMatchers(
                    "/generate/**"
            ).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example 18
Source Project: cubeai   Source File: MicroserviceSecurityConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
        .disable()
        .headers()
        .frameOptions()
        .disable()
    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
        .authorizeRequests()
        .antMatchers("/api/profile-info").permitAll()
        .antMatchers("/api/solutions").permitAll()
        .antMatchers("/model/ability").permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .antMatchers("/swagger-resources/configuration/ui").permitAll();
}
 
Example 19
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            // 指定监控可访问权限
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example 20
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            // 指定监控访问权限
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example 21
Source Project: open-cloud   Source File: ResourceServerConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            .antMatchers(
                    "/email/**",
                    "/sms/**",
                    "/webhook/**"
            ).permitAll()
            // 指定监控访问权限
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example 22
Source Project: spring-boot-study   Source File: WebSecurityConfig.java    License: MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    // 本示例不需要使用CSRF
    httpSecurity.csrf().disable()
            // 认证页面不需要权限
            .authorizeRequests().antMatchers("/authenticate").permitAll().
            //其他页面
                    anyRequest().authenticated().and().
            //登录页面 模拟客户端
            formLogin().loginPage("/login.html").permitAll().and().
            // store user's state.
             exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
            //不使用session
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

    //验证请求是否正确
    httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
 
Example 23
Source Project: cubeai   Source File: MicroserviceSecurityConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
        .disable()
        .headers()
        .frameOptions()
        .disable()
    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
        .authorizeRequests()
        .antMatchers("/api/profile-info").permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .antMatchers("/swagger-resources/configuration/ui").permitAll();
}
 
Example 24
Source Project: docker-crash-course   Source File: JWTWebSecurityConfig.java    License: MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        .csrf().disable()
        .exceptionHandling().authenticationEntryPoint(jwtUnAuthorizedResponseAuthenticationEntryPoint).and()
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
        .authorizeRequests()
        .anyRequest().authenticated();

   httpSecurity
        .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    
    httpSecurity
        .headers()
        .frameOptions().sameOrigin()  //H2 Console Needs this setting
        .cacheControl(); //disable caching
}
 
Example 25
Source Project: spring-security-samples   Source File: SecurityConfig.java    License: MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http
		.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
		.and()
		.authorizeRequests()

		// require the user to have the "dummy" role
		.antMatchers("/**").hasRole("dummy")

		.anyRequest().authenticated()
		.and()
		.oauth2ResourceServer()
		.jwt()
		.jwtAuthenticationConverter(jwtAuthenticationConverter());
}
 
Example 26
Source Project: cubeai   Source File: MicroserviceSecurityConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
        .ignoringAntMatchers("/h2-console/**")
        .ignoringAntMatchers("/umu/api/ueditor")
        .ignoringAntMatchers("/ability/model/**")
        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
    .and()
        .addFilterBefore(corsFilter, CsrfFilter.class)
        .headers()
        .frameOptions()
        .disable()
    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
        .authorizeRequests()
        .antMatchers("/api/profile-info").permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .antMatchers("/swagger-resources/configuration/ui").permitAll();
}
 
Example 27
Source Project: cola   Source File: JwtSecurityConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {

	http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	http.authorizeRequests()
			.antMatchers("/login", "/logout", "/error").permitAll()
			.and()
			.formLogin()
			.loginProcessingUrl("/login")
			.failureHandler(this.failureHandler())
			.successHandler(this.successHandler())
			.and()
			.logout()
			.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
			.logoutSuccessHandler(new JwtLogoutSuccessHandler())
			.and()
			.exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint())
			.and()
			.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	http.addFilterAfter(this.jwtAuthenticationFilter, SecurityContextPersistenceFilter.class);
}
 
Example 28
Source Project: syhthems-platform   Source File: SsoWebSecurityConfig.java    License: MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .cors().configurationSource(corsConfigurationSource())
        .and()
            .headers()
            .httpStrictTransportSecurity().disable()
            .defaultsDisabled().cacheControl().and()
        .and()
            .authorizeRequests()
                .antMatchers("/error",
                        "/sso/.well-known/*",
                        "/sso/oauth/token",
                        "/sso/register",
                        "/sso/login",
                        "/sso/user/check_user_name",
                        "/sso/user/check_user_email").permitAll()
                .anyRequest().authenticated()
        .and()
            .formLogin()
            .loginPage("/sso/login")
            .loginProcessingUrl("/sso/login")
            // .failureHandler(ssoCustomAuthenticationFailureHandler())
            // .successHandler(ssoCustomAuthenticationSuccessHandler())
            .permitAll()
        .and()
            .logout().logoutSuccessHandler(ssoCustomLogoutSuccessHandler()).logoutUrl("/sso/logout")
        .and()
            .csrf().disable()
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);

}
 
Example 29
@Override
public void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
        .disable()
        .headers()
        .frameOptions()
        .disable()
    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
        .authorizeRequests()
     .antMatchers("/api/**").permitAll()
     .antMatchers("/management/**").hasAuthority(PARAM_NAME_ON_AUTHORITY)
     .antMatchers(HttpMethod.DELETE).hasAuthority(PARAM_NAME_ON_AUTHORITY)
     .antMatchers(HttpMethod.PUT).hasAuthority(PARAM_NAME_ON_AUTHORITY)
     .antMatchers("/v2/api-docs",
       "/configuration/ui",
       "/management/health",
       "/swagger-resources/**",
       "/configuration/security",
       "/",
       "/csrf",
       "/webjars/**",
       "/swagger-resources/configuration/security",
       "/swagger-ui.html").permitAll()
            .antMatchers("/**").authenticated();
}
 
Example 30
Source Project: jwt-security   Source File: SecurityConfiguration.java    License: MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.cors().and()
        .csrf().disable()
        .authorizeRequests()
        .antMatchers("/api/public").permitAll()
        .anyRequest().authenticated()
        .and()
        .addFilter(new JwtAuthenticationFilter(authenticationManager()))
        .addFilter(new JwtAuthorizationFilter(authenticationManager()))
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}