org.springframework.security.web.util.matcher.NegatedRequestMatcher Java Examples

The following examples show how to use org.springframework.security.web.util.matcher.NegatedRequestMatcher. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: WebSecurityConfig.java    From Mastering-Microservices-with-Java-Third-Edition with MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

  http
      .requestMatchers()
      .requestMatchers(
          new NegatedRequestMatcher(
              new OrRequestMatcher(
                  new AntPathRequestMatcher("/me")
              )
          )
      )
      .and()
      .authorizeRequests()
      .antMatchers("/fevicon.ico").anonymous()
      .antMatchers("/user").authenticated()
      .and().formLogin();
}
 
Example #2
Source File: OAuth2SsoConfiguration.java    From flair-registry with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf()
        .disable()
        .headers()
        .frameOptions()
        .disable()
    .and()
        .requestMatcher(new NegatedRequestMatcher(authorizationHeaderRequestMatcher))
        .authorizeRequests()
        .antMatchers("/services/**").authenticated()
        .antMatchers("/eureka/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .antMatchers("/api/profile-info").permitAll()
        .antMatchers("/api/**").authenticated()
        .antMatchers("/config/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .antMatchers("/management/health").permitAll()
        .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
        .anyRequest().permitAll();
}
 
Example #3
Source File: ApplicationSecurity.java    From secure-rest-spring-tut with MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.authorizeRequests()
		.antMatchers(HttpMethod.OPTIONS, "/*/**").permitAll()
		.antMatchers("/login", "/rest/open/**").permitAll()
		.antMatchers("/logout", "/rest/**").authenticated();

	// Handlers and entry points
	http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
	http.formLogin().successHandler(authenticationSuccessHandler);
	http.formLogin().failureHandler(authenticationFailureHandler);

	// Logout
	http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);

	// CORS
	http.addFilterBefore(corsFilter, ChannelProcessingFilter.class);

	// CSRF
	http.csrf().requireCsrfProtectionMatcher(
		new AndRequestMatcher(
			// Apply CSRF protection to all paths that do NOT match the ones below

			// We disable CSRF at login/logout, but only for OPTIONS methods
			new NegatedRequestMatcher(new AntPathRequestMatcher("/login*/**", HttpMethod.OPTIONS.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/logout*/**", HttpMethod.OPTIONS.toString())),

			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.GET.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.HEAD.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.OPTIONS.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.TRACE.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest/open*/**"))
		)
	);
	http.addFilterAfter(new CsrfTokenResponseCookieBindingFilter(), CsrfFilter.class); // CSRF tokens handling
}
 
Example #4
Source File: LogsearchJWTFilter.java    From ambari-logsearch with Apache License 2.0 4 votes vote down vote up
public LogsearchJWTFilter(RequestMatcher requestMatcher, AuthPropsConfig authPropsConfig, RoleDao roleDao) {
  super(new NegatedRequestMatcher(requestMatcher));
  this.authPropsConfig = authPropsConfig;
  this.roleDao = roleDao;
}
 
Example #5
Source File: LogsearchKRBAuthenticationFilter.java    From ambari-logsearch with Apache License 2.0 4 votes vote down vote up
public LogsearchKRBAuthenticationFilter(RequestMatcher requestMatcher) {
  this.requestMatcher = new NegatedRequestMatcher(requestMatcher);
}
 
Example #6
Source File: WebSecurityConfig.java    From spring-custom-token-auth with MIT License 4 votes vote down vote up
protected AbstractAuthenticationProcessingFilter createCustomFilter() throws Exception {
	//here we define the interfaces which don't need any authorisation
	AuthFilter filter = new AuthFilter(new NegatedRequestMatcher(
	  new AndRequestMatcher(
		 new AntPathRequestMatcher("/login"),
		 new AntPathRequestMatcher("/health")
	  )
	));
	filter.setAuthenticationManager(authenticationManagerBean());
	return filter;
}
 
Example #7
Source File: TestSecurityConfiguration.java    From moserp with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    NegatedRequestMatcher matcher = new NegatedRequestMatcher(new AntPathRequestMatcher("/login", "POST"));
    http.csrf().disable().authorizeRequests().requestMatchers(matcher).authenticated().and().httpBasic();
}