org.springframework.security.web.authentication.Http403ForbiddenEntryPoint Java Examples

The following examples show how to use org.springframework.security.web.authentication.Http403ForbiddenEntryPoint. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: JsonWebTokenSecurityConfig.java    From trivia-microservices with MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http
			// disable CSRF, http basic, form login
			.csrf().disable() //
			.httpBasic().disable() //
			.formLogin().disable()

			// ReST is stateless, no sessions
			.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) //

			.and()

			// return 403 when not authenticated
			.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());

	// Let child classes set up authorization paths
	setupAuthorization(http);

	http.addFilterBefore(jsonWebTokenFilter, UsernamePasswordAuthenticationFilter.class);
}
 
Example #2
Source File: InceptionSecurity.java    From inception with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity aHttp) throws Exception
{
    aHttp
        .rememberMe()
        .and()
        .csrf().disable()
        .addFilterBefore(preAuthFilter(), RequestHeaderAuthenticationFilter.class)
        .authorizeRequests()
            // Resources need to be publicly accessible so they don't trigger the login
            // page. Otherwise it could happen that the user is redirected to a resource
            // upon login instead of being forwarded to a proper application page.
            .antMatchers("/favicon.ico").permitAll()
            .antMatchers("/favicon.png").permitAll()
            .antMatchers("/assets/**").permitAll()
            .antMatchers("/images/**").permitAll()
            .antMatchers("/resources/**").permitAll()
            .antMatchers("/wicket/resource/**").permitAll()
            .antMatchers("/swagger-ui.html").access("hasAnyRole('ROLE_REMOTE')")
            .antMatchers("/admin/**").access("hasAnyRole('ROLE_ADMIN')")
            .antMatchers("/doc/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
            .antMatchers("/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
            .anyRequest().denyAll()
        .and()
        .exceptionHandling()
            .authenticationEntryPoint(new Http403ForbiddenEntryPoint())
        .and()
            .headers().frameOptions().sameOrigin();
}
 
Example #3
Source File: SecurityConfigurer.java    From spring-cloud-gcp with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http
			.authorizeRequests().antMatchers("/topsecret").authenticated()
			.and()
			.oauth2ResourceServer()
				.jwt()
				.and()
				.authenticationEntryPoint(new Http403ForbiddenEntryPoint());
}
 
Example #4
Source File: SecurityConfiguration.java    From spring-cloud-gcp with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http
			.authorizeRequests()
			.antMatchers("/").permitAll()
			.antMatchers("/css/**").permitAll()
			.antMatchers("/templates/**").permitAll()
			.antMatchers("/answer").authenticated()
			.and()
			.oauth2ResourceServer()
			.jwt()
			.and()
			.authenticationEntryPoint(new Http403ForbiddenEntryPoint());

}
 
Example #5
Source File: IdolSecurity.java    From find with MIT License 5 votes vote down vote up
@SuppressWarnings("ProhibitedExceptionDeclared")
@Override
protected void configure(final HttpSecurity http) throws Exception {
    final LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>();
    entryPoints.put(new AntPathRequestMatcher("/api/**"), new Http403ForbiddenEntryPoint());
    entryPoints.put(AnyRequestMatcher.INSTANCE, new LoginUrlAuthenticationEntryPoint(FindController.DEFAULT_LOGIN_PAGE));
    final AuthenticationEntryPoint authenticationEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);

    http
        .csrf()
            .disable()
        .exceptionHandling()
            .authenticationEntryPoint(authenticationEntryPoint)
            .accessDeniedPage("/authentication-error")
            .and()
        .logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(FindController.DEFAULT_LOGIN_PAGE)
            .and()
        .authorizeRequests()
            .antMatchers(FindController.APP_PATH + "/**").hasAnyRole(FindRole.USER.name())
            .antMatchers(FindController.CONFIG_PATH).hasRole(FindRole.CONFIG.name())
            .antMatchers("/api/public/**").hasRole(FindRole.USER.name())
            .antMatchers("/api/bi/**").hasRole(FindRole.BI.name())
            .antMatchers("/api/config/**").hasRole(FindRole.CONFIG.name())
            .antMatchers("/api/admin/**").hasRole(FindRole.ADMIN.name())
            .antMatchers(FindController.DEFAULT_LOGIN_PAGE).permitAll()
            .antMatchers(FindController.LOGIN_PATH).permitAll()
            .antMatchers("/").permitAll()
            .anyRequest().denyAll()
            .and()
        .headers()
            .defaultsDisabled()
            .frameOptions()
            .sameOrigin();

    idolSecurityCustomizer.customize(http, authenticationManager());
}
 
Example #6
Source File: WebAnnoSecurity.java    From webanno with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity aHttp) throws Exception
{
    aHttp
        .rememberMe()
        .and()
        .csrf().disable()
        .addFilterBefore(preAuthFilter(), RequestHeaderAuthenticationFilter.class)
        .authorizeRequests()
            // Resources need to be publicly accessible so they don't trigger the login
            // page. Otherwise it could happen that the user is redirected to a resource
            // upon login instead of being forwarded to a proper application page.
            .antMatchers("/favicon.ico").permitAll()
            .antMatchers("/favicon.png").permitAll()
            .antMatchers("/assets/**").permitAll()
            .antMatchers("/images/**").permitAll()
            .antMatchers("/resources/**").permitAll()
            .antMatchers("/wicket/resource/**").permitAll()
            .antMatchers("/swagger-ui.html").access("hasAnyRole('ROLE_REMOTE')")
            .antMatchers("/admin/**").access("hasAnyRole('ROLE_ADMIN')")
            .antMatchers("/doc/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
            .antMatchers("/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
            .anyRequest().denyAll()
        .and()
        .exceptionHandling()
            .authenticationEntryPoint(new Http403ForbiddenEntryPoint())
        .and()
            .headers().frameOptions().sameOrigin();
}
 
Example #7
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
    return new Http403ForbiddenEntryPoint();
}
 
Example #8
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
    return new Http403ForbiddenEntryPoint();
}
 
Example #9
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
    return new Http403ForbiddenEntryPoint();
}
 
Example #10
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
    return new Http403ForbiddenEntryPoint();
}
 
Example #11
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
    return new Http403ForbiddenEntryPoint();
}
 
Example #12
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
    return new Http403ForbiddenEntryPoint();
}