org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer Java Examples

The following examples show how to use org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityConfig.java    From lolibox with Apache License 2.0 6 votes vote down vote up
@Override
    protected void configure(HttpSecurity http) throws Exception {
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
        registry.antMatchers("/admin/**").hasAuthority(Role.ADMIN.toString())
                .antMatchers("/image/**").permitAll()
//                .antMatchers("/webjars/**").permitAll()
//                .antMatchers("/js/**").permitAll()
//                .antMatchers("/css/**").permitAll()
//                .antMatchers("/img/**").permitAll()

                .and().formLogin().loginPage("/signin").defaultSuccessUrl("/").permitAll()
                .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll()
                .and().csrf().ignoringAntMatchers("/admin/**"/*,"/oauth*//**"*/);

        http.headers().frameOptions().disable().and()
                .rememberMe().tokenRepository(reMemberMeRepository);

    }
 
Example #2
Source File: SophiaResourceServerConfig.java    From sophia_scaffolding with Apache License 2.0 6 votes vote down vote up
@Override
@SneakyThrows
public void configure(HttpSecurity httpSecurity) {
    //允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
    httpSecurity.headers().frameOptions().disable();
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>
            .ExpressionInterceptUrlRegistry registry = httpSecurity
            .authorizeRequests();

    registry.antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
    //对配置的url放行 不进行验证
    ignorePropertiesConfig.getUrls()
            .forEach(url -> registry.antMatchers(url).permitAll());
    registry.anyRequest().authenticated()
            .and().csrf().disable();
}
 
Example #3
Source File: SophiaResourceServerConfig.java    From sophia_scaffolding with Apache License 2.0 6 votes vote down vote up
@Override
@SneakyThrows
public void configure(HttpSecurity httpSecurity) {
    //允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
    httpSecurity.headers().frameOptions().disable();
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>
            .ExpressionInterceptUrlRegistry registry = httpSecurity
            .authorizeRequests();

    registry.antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
    //对配置的url放行 不进行验证
    ignorePropertiesConfig.getUrls()
            .forEach(url -> registry.antMatchers(url).permitAll());
    registry.anyRequest().authenticated()
            .and().csrf().disable();
}
 
Example #4
Source File: FwResourceServerConfiguration.java    From fw-cloud-framework with MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.formLogin()
			// 可以通过授权登录进行访问
			.loginPage("/auth/login")
			.loginProcessingUrl("/auth/signin")
			.and()
			.authorizeRequests();

	for (String url : fwUrlsConfiguration.getCollects()) {
		registry.antMatchers(url)
				.permitAll();
	}

	registry.anyRequest()
			.authenticated()
			.and()
			.csrf()
			.disable();
	http.apply(ajaxSecurityConfigurer);
}
 
Example #5
Source File: SpringWebConfig.java    From we-cmdb with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
    if (securityProperties.isEnabled()) {
        registry = configureWhiteListAuthentication(registry, true);
        if (AuthenticationType.lOCAL.getCode().equalsIgnoreCase(securityProperties.getAuthenticationProvider())) {
            configureLocalAuthentication(registry);
        } else if (AuthenticationType.CAS.getCode().equalsIgnoreCase(securityProperties.getAuthenticationProvider())) {
            configureCasAuthentication(registry);
        } else if (AuthenticationType.PLATFORM_AUTH.getCode().equalsIgnoreCase(securityProperties.getAuthenticationProvider())) {
            configurePlatformAuthentication(registry);
        } else {
            throw new CmdbException("Unsupported authentication-provider: " + securityProperties.getAuthenticationProvider());
        }
    } else {
        registry = configureWhiteListAuthentication(registry, false);
        configurePrivacyFreeAuthentication(registry);
    }
}
 
Example #6
Source File: WebSecurityConfigration.java    From Taroco with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry =
            http
                    // 默认的用户名密码认证器
                    .authenticationProvider(daoAuthenticationProvider())
                    .apply(mobileTokenAuthenticationSecurityConfigration)
                    .and()
                    .apply(smsCodeAuthenticationSecurityConfigration)
                    .and()
                    .addFilterAt(customAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
                    .formLogin().loginPage("/").permitAll()
                    .loginProcessingUrl("/login").permitAll()
                    .and().logout().logoutUrl("/logout").permitAll().logoutSuccessHandler(logoutSuccessHandler)
                    // 异常处理filter: ExceptionTranslationFilter
                    .and().exceptionHandling()
                    // 匿名用户访问无权限资源时的异常
                    //.authenticationEntryPoint(exceptionEntryPoint)
                    // 认证过的用户访问无权限资源时的异常
                    .accessDeniedHandler(accessDeniedHandler)
                    // 开启RememberMe
                    .and().rememberMe().key(RM_KEY).rememberMeServices(rememberMeServices())
                    .and().authorizeRequests();

    final List<String> urlPermitAll = oauth2Properties.getUrlPermitAll();
    urlPermitAll.forEach(url -> registry.antMatchers(url).permitAll());
    registry.anyRequest().authenticated().and().cors().and().csrf().disable();
}
 
Example #7
Source File: DefaultResourceServerConf.java    From microservices-platform with Apache License 2.0 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl = setHttp(http)
            .authorizeRequests()
            .antMatchers(securityProperties.getIgnore().getUrls()).permitAll()
            .antMatchers(HttpMethod.OPTIONS).permitAll()
            .anyRequest();
    setAuthenticate(authorizedUrl);

    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
                .httpBasic().disable()
                .headers()
                .frameOptions().disable()
            .and()
                .csrf().disable();
}
 
Example #8
Source File: WebSecurityConfig.java    From Milkomeda with MIT License 6 votes vote down vote up
@Override
protected void additionalConfigure(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry urlRegistry, HttpSecurity http) throws Exception {
    // 允许其它测试模块访问
    urlRegistry
            .antMatchers("/collect/**").permitAll()
            .antMatchers("/echo/**").permitAll()
            .antMatchers("/test/**").permitAll()
            .antMatchers("/order/**").permitAll()
            .antMatchers("/particle/**").permitAll()
            .antMatchers("/pay/**").permitAll()
            .antMatchers("/user/**").permitAll()
            .antMatchers("/ice/**").permitAll()
            .antMatchers("/job/**").permitAll()
            .antMatchers("/neutron/**").permitAll()
            .antMatchers("/moon/**").permitAll()
            .antMatchers("/fusion/**").permitAll()
            .antMatchers("/halo/**").permitAll()
            .antMatchers("/hydrogen/**").permitAll()
            .antMatchers("/audit/**").permitAll()
            .antMatchers("/seckill/**").permitAll()
            .antMatchers("/sundial/**").permitAll();
}
 
Example #9
Source File: SpringWebConfig.java    From we-cmdb with Apache License 2.0 6 votes vote down vote up
protected void configureCasAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) throws Exception {
    registry.and()
            .exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint())
            .and()
            .addFilter(casAuthenticationFilter())
            .addFilterBefore(logoutFilter(), LogoutFilter.class)
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .logout()
            .permitAll()
            .and()
            .csrf()
            .disable();
            //.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
 
Example #10
Source File: SpringWebConfig.java    From we-cmdb with Apache License 2.0 6 votes vote down vote up
protected ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry configurePlatformAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) throws Exception {
    registry.antMatchers("/index.html").permitAll()
            .antMatchers("/swagger-ui.html/**", "/swagger-resources/**").permitAll()
            .antMatchers("/webjars/**").permitAll()
            .antMatchers("/v2/api-docs").permitAll()
            .antMatchers("/csrf").permitAll()
            .antMatchers("/**/*.png").permitAll()
            .antMatchers("/maintain/**").permitAll()
            .anyRequest()
            .authenticated()
            .and()
            .addFilter(jwtSsoBasedAuthenticationFilter())
            .csrf()
            .disable()
            .exceptionHandling()
            .authenticationEntryPoint(new Http401AuthenticationEntryPoint());
    return registry;
}
 
Example #11
Source File: SpringWebConfig.java    From we-cmdb with Apache License 2.0 6 votes vote down vote up
protected ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry configureWhiteListAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry,
        boolean checkRequired) throws Exception {
    List<String> convertedList = new ArrayList<String>();
    if (checkRequired) {
        if (StringUtils.isNotBlank(securityProperties.getWhitelistIpAddress())) {
            List<String> whiteListIpAddress = Arrays.asList(securityProperties.getWhitelistIpAddress().split(","));
            for (String ipAddress : whiteListIpAddress) {
                convertedList.add(String.format("hasIpAddress('%s')", ipAddress));
            }

            return registry.antMatchers("/**")
                    .access(StringUtils.join(convertedList, " or "));
        }
    } else {
        return registry.antMatchers("/**").permitAll();
    }
    return registry;
}
 
Example #12
Source File: SpringWebConfig.java    From we-cmdb with Apache License 2.0 6 votes vote down vote up
protected void configurePrivacyFreeAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) throws Exception {
    registry.antMatchers("/login-privacy-free*").permitAll()
            .antMatchers("/logout*").permitAll()
            .antMatchers("/ui/v2/**").permitAll()
            .antMatchers("/maintain/**").permitAll()
            .anyRequest().authenticated()
        .and()
            .formLogin()
            .loginPage("/login-privacy-free.html")
            .loginProcessingUrl("/login-privacy-free")
            .defaultSuccessUrl("/index.html")
            .failureUrl("/login-privacy-free.html?error=true")
        .and()
            .logout()
            .logoutUrl("/logout")
            .deleteCookies("JSESSIONID")
            .logoutSuccessUrl("/login-privacy-free.html")
        .and()
            .csrf()
            .disable();
}
 
Example #13
Source File: SpringWebConfig.java    From we-cmdb with Apache License 2.0 6 votes vote down vote up
protected void configureLocalAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) throws Exception {
    registry.antMatchers("/login-with-password*").permitAll()
            .antMatchers("/logout*").permitAll()
            .antMatchers("/ui/v2/**").permitAll()
            .antMatchers("/maintain/**").permitAll()
            .anyRequest().authenticated()
        .and()
            .formLogin()
            .loginPage("/login-with-password.html")
            .loginProcessingUrl("/login-with-password")
            .defaultSuccessUrl("/index.html")
            .failureUrl("/login-with-password.html?error=true")
        .and()
            .logout()
            .logoutUrl("/logout")
            .deleteCookies("JSESSIONID")
            .logoutSuccessUrl("/login-with-password.html")
        .and()
            .csrf()
            .disable();
}
 
Example #14
Source File: SecurityConfig.java    From mall with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity
            .authorizeRequests();
    //不需要保护的资源路径允许访问
    for (String url : ignoreUrlsConfig().getUrls()) {
        registry.antMatchers(url).permitAll();
    }
    //允许跨域请求的OPTIONS请求
    registry.antMatchers(HttpMethod.OPTIONS)
            .permitAll();
    // 任何请求需要身份认证
    registry.and()
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            // 关闭跨站请求防护及不使用session
            .and()
            .csrf()
            .disable()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            // 自定义权限拒绝处理类
            .and()
            .exceptionHandling()
            .accessDeniedHandler(restfulAccessDeniedHandler())
            .authenticationEntryPoint(restAuthenticationEntryPoint())
            // 自定义权限拦截器JWT过滤器
            .and()
            .addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    //有动态权限配置时添加动态权限校验过滤器
    if(dynamicSecurityService!=null){
        registry.and().addFilterBefore(dynamicSecurityFilter(), FilterSecurityInterceptor.class);
    }
}
 
Example #15
Source File: ResourceServerConfiguration.java    From Taroco with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    //允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
    http.headers().frameOptions().disable();
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
            .authorizeRequests();
    oauth2Properties.getUrlPermitAll().forEach(url -> registry.antMatchers(url).permitAll());
    // 角色和权限的验证交给拦截器去做, 这里只判断是否登录
    registry.anyRequest()
            .access("@permissionService.hasPermission(request, authentication)");
}
 
Example #16
Source File: AbstractSecurityConfig.java    From freeacs with MIT License 5 votes vote down vote up
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry conditionalUseFileAuth(
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests) {
    if (!fileAuthUsed) {
        return authorizeRequests.antMatchers(contextPath + FileController.CTX_PATH + "/**").permitAll();
    }
    return authorizeRequests;
}
 
Example #17
Source File: ResourceServerConfiguration.java    From pig with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    //允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
    http.headers().frameOptions().disable();
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
            .authorizeRequests();
    filterIgnorePropertiesConfig.getUrls().forEach(url -> registry.antMatchers(url).permitAll());
    registry.anyRequest()
            .access("@permissionService.hasPermission(request,authentication)");
}
 
Example #18
Source File: PigSecurityConfigurerAdapter.java    From pig with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry =
            http.formLogin().loginPage("/authentication/require")
                    .loginProcessingUrl("/authentication/form")
                    .and()
                    .authorizeRequests();
    filterIgnorePropertiesConfig.getUrls().forEach(url -> registry.antMatchers(url).permitAll());
    registry.anyRequest().authenticated()
            .and()
            .csrf().disable();
    http.apply(mobileSecurityConfigurer);
}
 
Example #19
Source File: ResourceServerConfiguration.java    From fw-cloud-framework with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	// 首先进行验证码过滤逻辑
	http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
	// 允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
	http.headers().frameOptions().disable();
	ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
			.authorizeRequests();
	// 排除无需认证的请求
	for (String url : urlsConfiguration.getCollects()) {
		registry.antMatchers(url).permitAll();
	}
	// 通过切面进行验证 { @link PermissionService.hasPermission }
	registry.anyRequest().access("@permissionService.hasPermission(request,authentication)");
}
 
Example #20
Source File: AuthConfig.java    From elucidate-server with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizationConfigurer = http
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .authorizeRequests()
        .anyRequest();

    if (authEnabled) {
        authorizationConfigurer.authenticated();
    } else {
        authorizationConfigurer.permitAll();
    }
}
 
Example #21
Source File: SecurityConfig.java    From openvidu with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

	// Security for API REST
	ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry conf = http.cors().and()
			.csrf().disable().authorizeRequests()
			// /api
			.antMatchers("/api/**").authenticated()
			// /config
			.antMatchers(HttpMethod.GET, "/config/openvidu-publicurl").permitAll()
			.antMatchers(HttpMethod.GET, "/config/**").authenticated()
			// /cdr
			.antMatchers(HttpMethod.GET, "/cdr/**").authenticated()
			// /accept-certificate
			.antMatchers(HttpMethod.GET, "/accept-certificate").permitAll()
			// Dashboard
			.antMatchers(HttpMethod.GET, "/dashboard/**").authenticated();

	// Security for recording layouts
	conf.antMatchers("/layouts/**").authenticated();

	// Security for recorded video files
	if (openviduConf.getOpenViduRecordingPublicAccess()) {
		conf = conf.antMatchers("/recordings/**").permitAll();
	} else {
		conf = conf.antMatchers("/recordings/**").authenticated();
	}

	conf.and().httpBasic();
}
 
Example #22
Source File: WebAppSecurityConfig.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
protected void configureUrlAuthorization(
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry
        expressionInterceptUrlRegistry) {
  List<AccessDecisionVoter<?>> listOfVoters = new ArrayList<>();
  listOfVoters.add(new WebExpressionVoter());
  listOfVoters.add(molgenisAccessDecisionVoter());
  expressionInterceptUrlRegistry.accessDecisionManager(new AffirmativeBased(listOfVoters));

  expressionInterceptUrlRegistry.antMatchers("/").permitAll();
}
 
Example #23
Source File: BlackResourceServerConfigurerAdapter.java    From black-shop with Apache License 2.0 5 votes vote down vote up
/**
 * 默认资源服务器的配置
 * @param httpSecurity
 */
@Override
@SneakyThrows
public void configure(HttpSecurity httpSecurity) {
	httpSecurity.headers().frameOptions().disable();
	ExpressionUrlAuthorizationConfigurer<HttpSecurity>
			.ExpressionInterceptUrlRegistry registry = httpSecurity
			.authorizeRequests();
	//registry.antMatchers("/user/test").permitAll();
	permitAllUrlProperties.getIgnoreUrls()
			.forEach(url -> registry.antMatchers(url).permitAll());
	registry.anyRequest().authenticated()
			.and().csrf().disable();
}
 
Example #24
Source File: SophiaResourceServerConfig.java    From sophia_scaffolding with Apache License 2.0 5 votes vote down vote up
@Override
@SneakyThrows
public void configure(HttpSecurity httpSecurity) {
    //允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
    httpSecurity.headers().frameOptions().disable();
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>
            .ExpressionInterceptUrlRegistry registry = httpSecurity
            .authorizeRequests();
    //对配置的url放行 不进行验证
    ignorePropertiesConfig.getUrls()
            .forEach(url -> registry.antMatchers(url).permitAll());
    registry.anyRequest().authenticated()
            .and().csrf().disable();
}
 
Example #25
Source File: SecurityConfig.java    From mall-swarm with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity
            .authorizeRequests();
    //不需要保护的资源路径允许访问
    for (String url : ignoreUrlsConfig().getUrls()) {
        registry.antMatchers(url).permitAll();
    }
    //允许跨域请求的OPTIONS请求
    registry.antMatchers(HttpMethod.OPTIONS)
            .permitAll();
    // 任何请求需要身份认证
    registry.and()
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            // 关闭跨站请求防护及不使用session
            .and()
            .csrf()
            .disable()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            // 自定义权限拒绝处理类
            .and()
            .exceptionHandling()
            .accessDeniedHandler(restfulAccessDeniedHandler())
            .authenticationEntryPoint(restAuthenticationEntryPoint())
            // 自定义权限拦截器JWT过滤器
            .and()
            .addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    //有动态权限配置时添加动态权限校验过滤器
    if(dynamicSecurityService!=null){
        registry.and().addFilterBefore(dynamicSecurityFilter(), FilterSecurityInterceptor.class);
    }
}
 
Example #26
Source File: CrustConfigurerAdapter.java    From Milkomeda with MIT License 5 votes vote down vote up
/**
 * 预设置添加允许访问路径
 *
 * @param http HttpSecurity
 * @throws Exception 配置异常
 */
protected void presetConfigure(HttpSecurity http) throws Exception {
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry urlRegistry =
            http.authorizeRequests()
                    // 跨域预检请求
                    .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                    // 登录
                    .antMatchers(props.getLoginUrl()).permitAll()
                    .antMatchers(props.getPermitURLs().toArray(new String[0])).permitAll();
    if (!CollectionUtils.isEmpty(props.getAdditionPermitUrls())) {
        urlRegistry.antMatchers(props.getAdditionPermitUrls().toArray(new String[0])).permitAll();
    }
    // 标记匿名访问
    Map<RequestMappingInfo, HandlerMethod> handlerMethodMap = applicationContext.getBean(RequestMappingHandlerMapping.class).getHandlerMethods();
    Set<String> anonUrls = new HashSet<>();
    for (Map.Entry<RequestMappingInfo, HandlerMethod> infoEntry : handlerMethodMap.entrySet()) {
        HandlerMethod handlerMethod = infoEntry.getValue();
        CrustAnon crustAnon = handlerMethod.getMethodAnnotation(CrustAnon.class);
        if (null != crustAnon) {
            anonUrls.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());
        }
    }
    if (!CollectionUtils.isEmpty(anonUrls)) {
        urlRegistry.antMatchers(anonUrls.toArray(new String[0])).permitAll();
    }

    // 自定义额外允许路径
    additionalConfigure(urlRegistry, http);
    // 其他所有请求需要身份认证
    urlRegistry.anyRequest().authenticated();
}
 
Example #27
Source File: BaseResourceServerConfigurerAdapter.java    From smaker with GNU Lesser General Public License v3.0 5 votes vote down vote up
/**
 * 默认的配置,对外暴露
 *
 * @param http
 * @throws Exception
 */
@Override
public void configure(HttpSecurity http) throws Exception{
	//允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
	http.headers().frameOptions().disable();
	ExpressionUrlAuthorizationConfigurer<HttpSecurity>
		.ExpressionInterceptUrlRegistry registry = http
		.authorizeRequests();
	filterIgnorePropertiesConfig.getUrls()
		.forEach(url -> registry.antMatchers(url).permitAll());
	registry.anyRequest().authenticated()
		.and().csrf().disable();
}
 
Example #28
Source File: WatchdogTestProvider.java    From watchdog-spring-boot-starter with MIT License 4 votes vote down vote up
@Override
public boolean configure(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
    return true;
}
 
Example #29
Source File: ResourceServerConfiguration.java    From watchdog-spring-boot-starter with MIT License 4 votes vote down vote up
private void registerWatchdogProvider(ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests) {
    Map<String, WatchdogUrlRegistryProvider> watchdogProviders = applicationContext.getBeansOfType(WatchdogUrlRegistryProvider.class);
    watchdogProviders.values().forEach(provider -> {
        provider.configure(authorizeRequests);
    });
}
 
Example #30
Source File: AbstractSecurityConfig.java    From freeacs with MIT License 4 votes vote down vote up
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry allowHealthEndpoint(
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests) {
    return authorizeRequests.antMatchers(contextPath + OKController.CTX_PATH).permitAll();
}