Java Code Examples for org.springframework.security.web.context.SecurityContextPersistenceFilter

The following examples show how to use org.springframework.security.web.context.SecurityContextPersistenceFilter. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: cola   Source File: JwtSecurityConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {

	http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	http.authorizeRequests()
			.antMatchers("/login", "/logout", "/error").permitAll()
			.and()
			.formLogin()
			.loginProcessingUrl("/login")
			.failureHandler(this.failureHandler())
			.successHandler(this.successHandler())
			.and()
			.logout()
			.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
			.logoutSuccessHandler(new JwtLogoutSuccessHandler())
			.and()
			.exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint())
			.and()
			.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
	http.addFilterAfter(this.jwtAuthenticationFilter, SecurityContextPersistenceFilter.class);
}
 
Example 2
Source Project: Spring   Source File: SecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .regexMatchers("/chief/.*").hasRole("CHIEF")
            .regexMatchers("/agent/.*").access("hasRole('USER') and principal.name='James Bond'")
            .anyRequest().authenticated()
            .and().httpBasic()
            .and().requiresChannel().anyRequest().requiresSecure();

    http.exceptionHandling().accessDeniedPage("/accessDenied");

    http.formLogin().loginPage("/login").permitAll();

    http.logout().logoutUrl("/customlogout");

    http.addFilterBefore(securityContextPersistenceFilter(), SecurityContextPersistenceFilter.class);
    http.addFilterAt(exceptionTranslationFilter(), ExceptionTranslationFilter.class);
    http.addFilter(filterSecurityInterceptor()); // This ensures filter ordering by default
    http.addFilterAfter(new CustomFilter(), FilterSecurityInterceptor.class);
}
 
Example 3
protected void configure(HttpSecurity http) throws Exception {
    http //
            .cors() //
            .and() //
            .csrf() //
            .disable() //
            .sessionManagement() //
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS) //
            .and() //
            .securityContext() //
            .securityContextRepository(new JwtSsoBasedSecurityContextRepository()) //
            .and() //
            .addFilterBefore(jwtSsoBasedLoginFilter(), SecurityContextPersistenceFilter.class) //
            .addFilterBefore(new JwtSsoBasedRefreshTokenFilter(authenticationManager(), authServerProperties),
                    SecurityContextPersistenceFilter.class) //
            .addFilter(new JwtSsoBasedAuthenticationFilter(authenticationManager(), authServerProperties))//
            .authorizeRequests() //
            .antMatchers(getAuthWhiteList()) //
            .permitAll() //
            .anyRequest() //
            .authenticated() //
            .and() //
            .exceptionHandling() //
            .authenticationEntryPoint(new Http401AuthenticationEntryPoint()) //
            .and() //
            .exceptionHandling() //
            .accessDeniedHandler(new Http403AccessDeniedHandler()); //

}
 
Example 4
Source Project: Spring   Source File: SecurityConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
public SecurityContextPersistenceFilter securityContextPersistenceFilter() {
    final HttpSessionSecurityContextRepository sCRepo = new HttpSessionSecurityContextRepository();
    sCRepo.setAllowSessionCreation(true); //by default true

    return new SecurityContextPersistenceFilter(sCRepo);
}
 
Example 5
Source Project: herd   Source File: AppSpringModuleConfig.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Gets a filter chain proxy.
 *
 * @param trustedUserAuthenticationFilter the trusted user authentication filter.
 * @param httpHeaderAuthenticationFilter the HTTP header authentication filter.
 *
 * @return the filter chain proxy.
 */
@Bean
public FilterChainProxy filterChainProxy(final TrustedUserAuthenticationFilter trustedUserAuthenticationFilter,
    final HttpHeaderAuthenticationFilter httpHeaderAuthenticationFilter)
{
    return new FilterChainProxy(new SecurityFilterChain()
    {
        @Override
        public boolean matches(HttpServletRequest request)
        {
            // Match all URLs.
            return true;
        }

        @Override
        public List<Filter> getFilters()
        {
            List<Filter> filters = new ArrayList<>();

            // Required filter to store session information between HTTP requests.
            filters.add(new SecurityContextPersistenceFilter());

            // Trusted user filter to bypass security based on SpEL expression environment property.
            filters.add(trustedUserAuthenticationFilter);

            // Filter that authenticates based on http headers.
            if (Boolean.valueOf(configurationHelper.getProperty(ConfigurationValue.SECURITY_HTTP_HEADER_ENABLED)))
            {
                filters.add(httpHeaderAuthenticationFilter);
            }

            // Anonymous user filter.
            filters.add(new AnonymousAuthenticationFilter("AnonymousFilterKey"));

            return filters;
        }
    });
}