org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer Java Examples
The following examples show how to use
org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SecurityConfig.java From lolibox with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
registry.antMatchers("/admin/**").hasAuthority(Role.ADMIN.toString())
.antMatchers("/image/**").permitAll()
// .antMatchers("/webjars/**").permitAll()
// .antMatchers("/js/**").permitAll()
// .antMatchers("/css/**").permitAll()
// .antMatchers("/img/**").permitAll()
.and().formLogin().loginPage("/signin").defaultSuccessUrl("/").permitAll()
.and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll()
.and().csrf().ignoringAntMatchers("/admin/**"/*,"/oauth*//**"*/);
http.headers().frameOptions().disable().and()
.rememberMe().tokenRepository(reMemberMeRepository);
}
Example #2
| Source File: SophiaResourceServerConfig.java From sophia_scaffolding with Apache License 2.0 | 6 votes |
|
@Override
@SneakyThrows
public void configure(HttpSecurity httpSecurity) {
//允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
httpSecurity.headers().frameOptions().disable();
ExpressionUrlAuthorizationConfigurer<HttpSecurity>
.ExpressionInterceptUrlRegistry registry = httpSecurity
.authorizeRequests();
registry.antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
//对配置的url放行 不进行验证
ignorePropertiesConfig.getUrls()
.forEach(url -> registry.antMatchers(url).permitAll());
registry.anyRequest().authenticated()
.and().csrf().disable();
}
Example #3
| Source File: SophiaResourceServerConfig.java From sophia_scaffolding with Apache License 2.0 | 6 votes |
|
@Override
@SneakyThrows
public void configure(HttpSecurity httpSecurity) {
//允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
httpSecurity.headers().frameOptions().disable();
ExpressionUrlAuthorizationConfigurer<HttpSecurity>
.ExpressionInterceptUrlRegistry registry = httpSecurity
.authorizeRequests();
registry.antMatchers(HttpMethod.OPTIONS, "/**").permitAll();
//对配置的url放行 不进行验证
ignorePropertiesConfig.getUrls()
.forEach(url -> registry.antMatchers(url).permitAll());
registry.anyRequest().authenticated()
.and().csrf().disable();
}
Example #4
| Source File: FwResourceServerConfiguration.java From fw-cloud-framework with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.formLogin()
// 可以通过授权登录进行访问
.loginPage("/auth/login")
.loginProcessingUrl("/auth/signin")
.and()
.authorizeRequests();
for (String url : fwUrlsConfiguration.getCollects()) {
registry.antMatchers(url)
.permitAll();
}
registry.anyRequest()
.authenticated()
.and()
.csrf()
.disable();
http.apply(ajaxSecurityConfigurer);
}
Example #5
| Source File: SpringWebConfig.java From we-cmdb with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
if (securityProperties.isEnabled()) {
registry = configureWhiteListAuthentication(registry, true);
if (AuthenticationType.lOCAL.getCode().equalsIgnoreCase(securityProperties.getAuthenticationProvider())) {
configureLocalAuthentication(registry);
} else if (AuthenticationType.CAS.getCode().equalsIgnoreCase(securityProperties.getAuthenticationProvider())) {
configureCasAuthentication(registry);
} else if (AuthenticationType.PLATFORM_AUTH.getCode().equalsIgnoreCase(securityProperties.getAuthenticationProvider())) {
configurePlatformAuthentication(registry);
} else {
throw new CmdbException("Unsupported authentication-provider: " + securityProperties.getAuthenticationProvider());
}
} else {
registry = configureWhiteListAuthentication(registry, false);
configurePrivacyFreeAuthentication(registry);
}
}
Example #6
| Source File: WebSecurityConfigration.java From Taroco with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry =
http
// 默认的用户名密码认证器
.authenticationProvider(daoAuthenticationProvider())
.apply(mobileTokenAuthenticationSecurityConfigration)
.and()
.apply(smsCodeAuthenticationSecurityConfigration)
.and()
.addFilterAt(customAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.formLogin().loginPage("/").permitAll()
.loginProcessingUrl("/login").permitAll()
.and().logout().logoutUrl("/logout").permitAll().logoutSuccessHandler(logoutSuccessHandler)
// 异常处理filter: ExceptionTranslationFilter
.and().exceptionHandling()
// 匿名用户访问无权限资源时的异常
//.authenticationEntryPoint(exceptionEntryPoint)
// 认证过的用户访问无权限资源时的异常
.accessDeniedHandler(accessDeniedHandler)
// 开启RememberMe
.and().rememberMe().key(RM_KEY).rememberMeServices(rememberMeServices())
.and().authorizeRequests();
final List<String> urlPermitAll = oauth2Properties.getUrlPermitAll();
urlPermitAll.forEach(url -> registry.antMatchers(url).permitAll());
registry.anyRequest().authenticated().and().cors().and().csrf().disable();
}
Example #7
| Source File: DefaultResourceServerConf.java From microservices-platform with Apache License 2.0 | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl = setHttp(http)
.authorizeRequests()
.antMatchers(securityProperties.getIgnore().getUrls()).permitAll()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.anyRequest();
setAuthenticate(authorizedUrl);
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.httpBasic().disable()
.headers()
.frameOptions().disable()
.and()
.csrf().disable();
}
Example #8
| Source File: WebSecurityConfig.java From Milkomeda with MIT License | 6 votes |
|
@Override
protected void additionalConfigure(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry urlRegistry, HttpSecurity http) throws Exception {
// 允许其它测试模块访问
urlRegistry
.antMatchers("/collect/**").permitAll()
.antMatchers("/echo/**").permitAll()
.antMatchers("/test/**").permitAll()
.antMatchers("/order/**").permitAll()
.antMatchers("/particle/**").permitAll()
.antMatchers("/pay/**").permitAll()
.antMatchers("/user/**").permitAll()
.antMatchers("/ice/**").permitAll()
.antMatchers("/job/**").permitAll()
.antMatchers("/neutron/**").permitAll()
.antMatchers("/moon/**").permitAll()
.antMatchers("/fusion/**").permitAll()
.antMatchers("/halo/**").permitAll()
.antMatchers("/hydrogen/**").permitAll()
.antMatchers("/audit/**").permitAll()
.antMatchers("/seckill/**").permitAll()
.antMatchers("/sundial/**").permitAll();
}
Example #9
| Source File: SpringWebConfig.java From we-cmdb with Apache License 2.0 | 6 votes |
|
protected void configureCasAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) throws Exception {
registry.and()
.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint())
.and()
.addFilter(casAuthenticationFilter())
.addFilterBefore(logoutFilter(), LogoutFilter.class)
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.logout()
.permitAll()
.and()
.csrf()
.disable();
//.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
Example #10
| Source File: SpringWebConfig.java From we-cmdb with Apache License 2.0 | 6 votes |
|
protected ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry configurePlatformAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) throws Exception {
registry.antMatchers("/index.html").permitAll()
.antMatchers("/swagger-ui.html/**", "/swagger-resources/**").permitAll()
.antMatchers("/webjars/**").permitAll()
.antMatchers("/v2/api-docs").permitAll()
.antMatchers("/csrf").permitAll()
.antMatchers("/**/*.png").permitAll()
.antMatchers("/maintain/**").permitAll()
.anyRequest()
.authenticated()
.and()
.addFilter(jwtSsoBasedAuthenticationFilter())
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(new Http401AuthenticationEntryPoint());
return registry;
}
Example #11
| Source File: SpringWebConfig.java From we-cmdb with Apache License 2.0 | 6 votes |
|
protected ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry configureWhiteListAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry,
boolean checkRequired) throws Exception {
List<String> convertedList = new ArrayList<String>();
if (checkRequired) {
if (StringUtils.isNotBlank(securityProperties.getWhitelistIpAddress())) {
List<String> whiteListIpAddress = Arrays.asList(securityProperties.getWhitelistIpAddress().split(","));
for (String ipAddress : whiteListIpAddress) {
convertedList.add(String.format("hasIpAddress('%s')", ipAddress));
}
return registry.antMatchers("/**")
.access(StringUtils.join(convertedList, " or "));
}
} else {
return registry.antMatchers("/**").permitAll();
}
return registry;
}
Example #12
| Source File: SpringWebConfig.java From we-cmdb with Apache License 2.0 | 6 votes |
|
protected void configurePrivacyFreeAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) throws Exception {
registry.antMatchers("/login-privacy-free*").permitAll()
.antMatchers("/logout*").permitAll()
.antMatchers("/ui/v2/**").permitAll()
.antMatchers("/maintain/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login-privacy-free.html")
.loginProcessingUrl("/login-privacy-free")
.defaultSuccessUrl("/index.html")
.failureUrl("/login-privacy-free.html?error=true")
.and()
.logout()
.logoutUrl("/logout")
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/login-privacy-free.html")
.and()
.csrf()
.disable();
}
Example #13
| Source File: SpringWebConfig.java From we-cmdb with Apache License 2.0 | 6 votes |
|
protected void configureLocalAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) throws Exception {
registry.antMatchers("/login-with-password*").permitAll()
.antMatchers("/logout*").permitAll()
.antMatchers("/ui/v2/**").permitAll()
.antMatchers("/maintain/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login-with-password.html")
.loginProcessingUrl("/login-with-password")
.defaultSuccessUrl("/index.html")
.failureUrl("/login-with-password.html?error=true")
.and()
.logout()
.logoutUrl("/logout")
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/login-with-password.html")
.and()
.csrf()
.disable();
}
Example #14
| Source File: SecurityConfig.java From mall with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity
.authorizeRequests();
//不需要保护的资源路径允许访问
for (String url : ignoreUrlsConfig().getUrls()) {
registry.antMatchers(url).permitAll();
}
//允许跨域请求的OPTIONS请求
registry.antMatchers(HttpMethod.OPTIONS)
.permitAll();
// 任何请求需要身份认证
registry.and()
.authorizeRequests()
.anyRequest()
.authenticated()
// 关闭跨站请求防护及不使用session
.and()
.csrf()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// 自定义权限拒绝处理类
.and()
.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler())
.authenticationEntryPoint(restAuthenticationEntryPoint())
// 自定义权限拦截器JWT过滤器
.and()
.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//有动态权限配置时添加动态权限校验过滤器
if(dynamicSecurityService!=null){
registry.and().addFilterBefore(dynamicSecurityFilter(), FilterSecurityInterceptor.class);
}
}
Example #15
| Source File: ResourceServerConfiguration.java From Taroco with Apache License 2.0 | 5 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
//允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
http.headers().frameOptions().disable();
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
.authorizeRequests();
oauth2Properties.getUrlPermitAll().forEach(url -> registry.antMatchers(url).permitAll());
// 角色和权限的验证交给拦截器去做, 这里只判断是否登录
registry.anyRequest()
.access("@permissionService.hasPermission(request, authentication)");
}
Example #16
| Source File: AbstractSecurityConfig.java From freeacs with MIT License | 5 votes |
|
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry conditionalUseFileAuth(
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests) {
if (!fileAuthUsed) {
return authorizeRequests.antMatchers(contextPath + FileController.CTX_PATH + "/**").permitAll();
}
return authorizeRequests;
}
Example #17
| Source File: ResourceServerConfiguration.java From pig with MIT License | 5 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
//允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
http.headers().frameOptions().disable();
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
.authorizeRequests();
filterIgnorePropertiesConfig.getUrls().forEach(url -> registry.antMatchers(url).permitAll());
registry.anyRequest()
.access("@permissionService.hasPermission(request,authentication)");
}
Example #18
| Source File: PigSecurityConfigurerAdapter.java From pig with MIT License | 5 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry =
http.formLogin().loginPage("/authentication/require")
.loginProcessingUrl("/authentication/form")
.and()
.authorizeRequests();
filterIgnorePropertiesConfig.getUrls().forEach(url -> registry.antMatchers(url).permitAll());
registry.anyRequest().authenticated()
.and()
.csrf().disable();
http.apply(mobileSecurityConfigurer);
}
Example #19
| Source File: ResourceServerConfiguration.java From fw-cloud-framework with MIT License | 5 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
// 首先进行验证码过滤逻辑
http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
// 允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
http.headers().frameOptions().disable();
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
.authorizeRequests();
// 排除无需认证的请求
for (String url : urlsConfiguration.getCollects()) {
registry.antMatchers(url).permitAll();
}
// 通过切面进行验证 { @link PermissionService.hasPermission }
registry.anyRequest().access("@permissionService.hasPermission(request,authentication)");
}
Example #20
| Source File: AuthConfig.java From elucidate-server with MIT License | 5 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizationConfigurer = http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.anyRequest();
if (authEnabled) {
authorizationConfigurer.authenticated();
} else {
authorizationConfigurer.permitAll();
}
}
Example #21
| Source File: SecurityConfig.java From openvidu with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
// Security for API REST
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry conf = http.cors().and()
.csrf().disable().authorizeRequests()
// /api
.antMatchers("/api/**").authenticated()
// /config
.antMatchers(HttpMethod.GET, "/config/openvidu-publicurl").permitAll()
.antMatchers(HttpMethod.GET, "/config/**").authenticated()
// /cdr
.antMatchers(HttpMethod.GET, "/cdr/**").authenticated()
// /accept-certificate
.antMatchers(HttpMethod.GET, "/accept-certificate").permitAll()
// Dashboard
.antMatchers(HttpMethod.GET, "/dashboard/**").authenticated();
// Security for recording layouts
conf.antMatchers("/layouts/**").authenticated();
// Security for recorded video files
if (openviduConf.getOpenViduRecordingPublicAccess()) {
conf = conf.antMatchers("/recordings/**").permitAll();
} else {
conf = conf.antMatchers("/recordings/**").authenticated();
}
conf.and().httpBasic();
}
Example #22
| Source File: WebAppSecurityConfig.java From molgenis with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
protected void configureUrlAuthorization(
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry
expressionInterceptUrlRegistry) {
List<AccessDecisionVoter<?>> listOfVoters = new ArrayList<>();
listOfVoters.add(new WebExpressionVoter());
listOfVoters.add(molgenisAccessDecisionVoter());
expressionInterceptUrlRegistry.accessDecisionManager(new AffirmativeBased(listOfVoters));
expressionInterceptUrlRegistry.antMatchers("/").permitAll();
}
Example #23
| Source File: BlackResourceServerConfigurerAdapter.java From black-shop with Apache License 2.0 | 5 votes |
|
/**
* 默认资源服务器的配置
* @param httpSecurity
*/
@Override
@SneakyThrows
public void configure(HttpSecurity httpSecurity) {
httpSecurity.headers().frameOptions().disable();
ExpressionUrlAuthorizationConfigurer<HttpSecurity>
.ExpressionInterceptUrlRegistry registry = httpSecurity
.authorizeRequests();
//registry.antMatchers("/user/test").permitAll();
permitAllUrlProperties.getIgnoreUrls()
.forEach(url -> registry.antMatchers(url).permitAll());
registry.anyRequest().authenticated()
.and().csrf().disable();
}
Example #24
| Source File: SophiaResourceServerConfig.java From sophia_scaffolding with Apache License 2.0 | 5 votes |
|
@Override
@SneakyThrows
public void configure(HttpSecurity httpSecurity) {
//允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
httpSecurity.headers().frameOptions().disable();
ExpressionUrlAuthorizationConfigurer<HttpSecurity>
.ExpressionInterceptUrlRegistry registry = httpSecurity
.authorizeRequests();
//对配置的url放行 不进行验证
ignorePropertiesConfig.getUrls()
.forEach(url -> registry.antMatchers(url).permitAll());
registry.anyRequest().authenticated()
.and().csrf().disable();
}
Example #25
| Source File: SecurityConfig.java From mall-swarm with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity
.authorizeRequests();
//不需要保护的资源路径允许访问
for (String url : ignoreUrlsConfig().getUrls()) {
registry.antMatchers(url).permitAll();
}
//允许跨域请求的OPTIONS请求
registry.antMatchers(HttpMethod.OPTIONS)
.permitAll();
// 任何请求需要身份认证
registry.and()
.authorizeRequests()
.anyRequest()
.authenticated()
// 关闭跨站请求防护及不使用session
.and()
.csrf()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// 自定义权限拒绝处理类
.and()
.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler())
.authenticationEntryPoint(restAuthenticationEntryPoint())
// 自定义权限拦截器JWT过滤器
.and()
.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//有动态权限配置时添加动态权限校验过滤器
if(dynamicSecurityService!=null){
registry.and().addFilterBefore(dynamicSecurityFilter(), FilterSecurityInterceptor.class);
}
}
Example #26
| Source File: CrustConfigurerAdapter.java From Milkomeda with MIT License | 5 votes |
|
/**
* 预设置添加允许访问路径
*
* @param http HttpSecurity
* @throws Exception 配置异常
*/
protected void presetConfigure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry urlRegistry =
http.authorizeRequests()
// 跨域预检请求
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// 登录
.antMatchers(props.getLoginUrl()).permitAll()
.antMatchers(props.getPermitURLs().toArray(new String[0])).permitAll();
if (!CollectionUtils.isEmpty(props.getAdditionPermitUrls())) {
urlRegistry.antMatchers(props.getAdditionPermitUrls().toArray(new String[0])).permitAll();
}
// 标记匿名访问
Map<RequestMappingInfo, HandlerMethod> handlerMethodMap = applicationContext.getBean(RequestMappingHandlerMapping.class).getHandlerMethods();
Set<String> anonUrls = new HashSet<>();
for (Map.Entry<RequestMappingInfo, HandlerMethod> infoEntry : handlerMethodMap.entrySet()) {
HandlerMethod handlerMethod = infoEntry.getValue();
CrustAnon crustAnon = handlerMethod.getMethodAnnotation(CrustAnon.class);
if (null != crustAnon) {
anonUrls.addAll(infoEntry.getKey().getPatternsCondition().getPatterns());
}
}
if (!CollectionUtils.isEmpty(anonUrls)) {
urlRegistry.antMatchers(anonUrls.toArray(new String[0])).permitAll();
}
// 自定义额外允许路径
additionalConfigure(urlRegistry, http);
// 其他所有请求需要身份认证
urlRegistry.anyRequest().authenticated();
}
Example #27
| Source File: BaseResourceServerConfigurerAdapter.java From smaker with GNU Lesser General Public License v3.0 | 5 votes |
|
/**
* 默认的配置,对外暴露
*
* @param http
* @throws Exception
*/
@Override
public void configure(HttpSecurity http) throws Exception{
//允许使用iframe 嵌套,避免swagger-ui 不被加载的问题
http.headers().frameOptions().disable();
ExpressionUrlAuthorizationConfigurer<HttpSecurity>
.ExpressionInterceptUrlRegistry registry = http
.authorizeRequests();
filterIgnorePropertiesConfig.getUrls()
.forEach(url -> registry.antMatchers(url).permitAll());
registry.anyRequest().authenticated()
.and().csrf().disable();
}
Example #28
| Source File: WatchdogTestProvider.java From watchdog-spring-boot-starter with MIT License | 4 votes |
|
@Override
public boolean configure(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
return true;
}
Example #29
| Source File: ResourceServerConfiguration.java From watchdog-spring-boot-starter with MIT License | 4 votes |
|
private void registerWatchdogProvider(ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests) {
Map<String, WatchdogUrlRegistryProvider> watchdogProviders = applicationContext.getBeansOfType(WatchdogUrlRegistryProvider.class);
watchdogProviders.values().forEach(provider -> {
provider.configure(authorizeRequests);
});
}
Example #30
| Source File: AbstractSecurityConfig.java From freeacs with MIT License | 4 votes |
|
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry allowHealthEndpoint(
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests) {
return authorizeRequests.antMatchers(contextPath + OKController.CTX_PATH).permitAll();
}
