Java Code Examples for org.springframework.security.web.util.matcher.NegatedRequestMatcher

The following examples show how to use org.springframework.security.web.util.matcher.NegatedRequestMatcher. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Override
protected void configure(HttpSecurity http) throws Exception {

  http
      .requestMatchers()
      .requestMatchers(
          new NegatedRequestMatcher(
              new OrRequestMatcher(
                  new AntPathRequestMatcher("/me")
              )
          )
      )
      .and()
      .authorizeRequests()
      .antMatchers("/fevicon.ico").anonymous()
      .antMatchers("/user").authenticated()
      .and().formLogin();
}
 
Example 2
Source Project: flair-registry   Source File: OAuth2SsoConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
        .disable()
        .headers()
        .frameOptions()
        .disable()
    .and()
        .requestMatcher(new NegatedRequestMatcher(authorizationHeaderRequestMatcher))
        .authorizeRequests()
        .antMatchers("/services/**").authenticated()
        .antMatchers("/eureka/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .antMatchers("/api/profile-info").permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers("/config/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .anyRequest().permitAll();
}
 
Example 3
Source Project: secure-rest-spring-tut   Source File: ApplicationSecurity.java    License: MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.authorizeRequests()
		.antMatchers(HttpMethod.OPTIONS, "/*/**").permitAll()
		.antMatchers("/login", "/rest/open/**").permitAll()
		.antMatchers("/logout", "/rest/**").authenticated();

	// Handlers and entry points
	http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
	http.formLogin().successHandler(authenticationSuccessHandler);
	http.formLogin().failureHandler(authenticationFailureHandler);

	// Logout
	http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);

	// CORS
	http.addFilterBefore(corsFilter, ChannelProcessingFilter.class);

	// CSRF
	http.csrf().requireCsrfProtectionMatcher(
		new AndRequestMatcher(
			// Apply CSRF protection to all paths that do NOT match the ones below

			// We disable CSRF at login/logout, but only for OPTIONS methods
			new NegatedRequestMatcher(new AntPathRequestMatcher("/login*/**", HttpMethod.OPTIONS.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/logout*/**", HttpMethod.OPTIONS.toString())),

			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.GET.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.HEAD.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.OPTIONS.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.TRACE.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest/open*/**"))
		)
	);
	http.addFilterAfter(new CsrfTokenResponseCookieBindingFilter(), CsrfFilter.class); // CSRF tokens handling
}
 
Example 4
Source Project: ambari-logsearch   Source File: LogsearchJWTFilter.java    License: Apache License 2.0 4 votes vote down vote up
public LogsearchJWTFilter(RequestMatcher requestMatcher, AuthPropsConfig authPropsConfig, RoleDao roleDao) {
  super(new NegatedRequestMatcher(requestMatcher));
  this.authPropsConfig = authPropsConfig;
  this.roleDao = roleDao;
}
 
Example 5
public LogsearchKRBAuthenticationFilter(RequestMatcher requestMatcher) {
  this.requestMatcher = new NegatedRequestMatcher(requestMatcher);
}
 
Example 6
Source Project: spring-custom-token-auth   Source File: WebSecurityConfig.java    License: MIT License 4 votes vote down vote up
protected AbstractAuthenticationProcessingFilter createCustomFilter() throws Exception {
	//here we define the interfaces which don't need any authorisation
	AuthFilter filter = new AuthFilter(new NegatedRequestMatcher(
	  new AndRequestMatcher(
		 new AntPathRequestMatcher("/login"),
		 new AntPathRequestMatcher("/health")
	  )
	));
	filter.setAuthenticationManager(authenticationManagerBean());
	return filter;
}
 
Example 7
Source Project: moserp   Source File: TestSecurityConfiguration.java    License: Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    NegatedRequestMatcher matcher = new NegatedRequestMatcher(new AntPathRequestMatcher("/login", "POST"));
    http.csrf().disable().authorizeRequests().requestMatchers(matcher).authenticated().and().httpBasic();
}