org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint Java Examples

The following examples show how to use org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityConfiguration.java    From OAuth-2.0-Cookbook with MIT License 7 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
        .addFilterAfter(openIdConnectFilter, OAuth2ClientContextFilter.class)
        .authorizeRequests()
        .antMatchers("/").permitAll().and()
        .authorizeRequests()
        .antMatchers(apiBaseUri).authenticated().and()
        .authorizeRequests().anyRequest().authenticated().and()
        .httpBasic().authenticationEntryPoint(
            new LoginUrlAuthenticationEntryPoint(callbackUri)).and()
            .logout()
            .logoutSuccessUrl("/")
            .permitAll().and()
            .csrf().disable();
}
 
Example #2
Source File: SecurityConfiguration.java    From OAuth-2.0-Cookbook with MIT License 7 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
            .addFilterAfter(openIdConnectFilter, OAuth2ClientContextFilter.class)
            .authorizeRequests()
            .antMatchers("/").permitAll().and()
            .authorizeRequests()
            .antMatchers(apiBaseUri).authenticated().and()
            .authorizeRequests().anyRequest().authenticated().and()
            .httpBasic().authenticationEntryPoint(
            new LoginUrlAuthenticationEntryPoint(callbackUri)).and()
            .logout()
            .logoutSuccessUrl("/")
            .permitAll().and()
            .csrf().disable();
}
 
Example #3
Source File: SecurityConfiguration.java    From OAuth-2.0-Cookbook with MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
        .addFilterAfter(facebookLoginFilter, OAuth2ClientContextFilter.class)
        .authorizeRequests()
        .antMatchers("/", "/callback").permitAll().and()
        .authorizeRequests()
        .antMatchers("/profile/*").authenticated().and()
        .authorizeRequests().anyRequest().authenticated().and()
        .httpBasic().authenticationEntryPoint(
            new LoginUrlAuthenticationEntryPoint("/callback")).and()
            .logout().logoutSuccessUrl("/").permitAll().and()
            .headers().frameOptions().disable().and()
            .csrf().disable();
}
 
Example #4
Source File: SecurityConfig.java    From movie-db-java-on-azure with MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    boolean usingFacebookAuthentication = facebook().getClientId() != null && !facebook().getClientId().isEmpty();
    if (usingFacebookAuthentication) {
        // @formatter:off
        http.antMatcher("/**").authorizeRequests().antMatchers("/**").permitAll().anyRequest()
                .authenticated().and().exceptionHandling()
                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).and().logout()
                .logoutSuccessUrl("/").permitAll().and().csrf()
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
                .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
        // @formatter:on
    } else {
        http.antMatcher("/**").authorizeRequests().anyRequest().permitAll();
    }
}
 
Example #5
Source File: SecurityConfig.java    From Spring with Apache License 2.0 5 votes vote down vote up
@Bean

    public ExceptionTranslationFilter exceptionTranslationFilter() {
        final AuthenticationEntryPoint loginUrlAuthenticationEntryPoint
                = new LoginUrlAuthenticationEntryPoint("/login.jsp");

        final AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl();
        accessDeniedHandlerImpl.setErrorPage("/accessDenied.jsp");

        final ExceptionTranslationFilter eTranslationFilter = new ExceptionTranslationFilter(loginUrlAuthenticationEntryPoint);
        eTranslationFilter.setAccessDeniedHandler(accessDeniedHandlerImpl);
        return eTranslationFilter;
    }
 
Example #6
Source File: SecurityConfig.java    From Vaadin4Spring-MVP-Sample-SpringSecurity with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	
	http.exceptionHandling()			
		.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
			.and()
		.authorizeRequests()								
			.antMatchers("/**").permitAll()
			.and()		
		.rememberMe()
			.key("vaadin4spring")
			.rememberMeServices(persistentTokenBasedRememberMeServices())
			.and()				
		.csrf().disable();
}
 
Example #7
Source File: WebAnnoSecurity.java    From webanno with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity aHttp) throws Exception
{
    aHttp
        .rememberMe()
        .and()
        .csrf().disable()
        .authorizeRequests()
            .antMatchers("/login.html*").permitAll()
            // Resources need to be publicly accessible so they don't trigger the login
            // page. Otherwise it could happen that the user is redirected to a resource
            // upon login instead of being forwarded to a proper application page.
            .antMatchers("/favicon.ico").permitAll()
            .antMatchers("/favicon.png").permitAll()
            .antMatchers("/assets/**").permitAll()
            .antMatchers("/images/**").permitAll()
            .antMatchers("/resources/**").permitAll()
            .antMatchers("/wicket/resource/**").permitAll()
            .antMatchers("/swagger-ui.html").access("hasAnyRole('ROLE_REMOTE')")
            .antMatchers("/admin/**").access("hasAnyRole('ROLE_ADMIN')")
            .antMatchers("/doc/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
            .antMatchers("/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
            .anyRequest().denyAll()
        .and()
        .exceptionHandling()
            .defaultAuthenticationEntryPointFor(
                    new LoginUrlAuthenticationEntryPoint("/login.html"), 
                    new AntPathRequestMatcher("/**"))
        .and()
            .headers().frameOptions().sameOrigin();
}
 
Example #8
Source File: AjaxSupportedAuthenticationEntryPoint.java    From onetwo with Apache License 2.0 5 votes vote down vote up
@Override
public void afterPropertiesSet() throws Exception {
	if(defaultAuthenticationEntryPoint==null){
		LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint(securityConfig.getLoginUrl());
		entryPoint.setForceHttps(forceHttps);
		entryPoint.setPortMapper(new PortMapperImpl(){
			public Integer lookupHttpsPort(Integer httpPort) {
				Integer port = super.lookupHttpsPort(httpPort);
				return port==null?httpsPort:port;
			}
		});
		PropertyAccessorFactory.forDirectFieldAccess(entryPoint).setPropertyValue("redirectStrategy.contextRelative", contextRelative);
		this.defaultAuthenticationEntryPoint = entryPoint;
	}
}
 
Example #9
Source File: IdolSecurity.java    From find with MIT License 5 votes vote down vote up
@SuppressWarnings("ProhibitedExceptionDeclared")
@Override
protected void configure(final HttpSecurity http) throws Exception {
    final LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>();
    entryPoints.put(new AntPathRequestMatcher("/api/**"), new Http403ForbiddenEntryPoint());
    entryPoints.put(AnyRequestMatcher.INSTANCE, new LoginUrlAuthenticationEntryPoint(FindController.DEFAULT_LOGIN_PAGE));
    final AuthenticationEntryPoint authenticationEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);

    http
        .csrf()
            .disable()
        .exceptionHandling()
            .authenticationEntryPoint(authenticationEntryPoint)
            .accessDeniedPage("/authentication-error")
            .and()
        .logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(FindController.DEFAULT_LOGIN_PAGE)
            .and()
        .authorizeRequests()
            .antMatchers(FindController.APP_PATH + "/**").hasAnyRole(FindRole.USER.name())
            .antMatchers(FindController.CONFIG_PATH).hasRole(FindRole.CONFIG.name())
            .antMatchers("/api/public/**").hasRole(FindRole.USER.name())
            .antMatchers("/api/bi/**").hasRole(FindRole.BI.name())
            .antMatchers("/api/config/**").hasRole(FindRole.CONFIG.name())
            .antMatchers("/api/admin/**").hasRole(FindRole.ADMIN.name())
            .antMatchers(FindController.DEFAULT_LOGIN_PAGE).permitAll()
            .antMatchers(FindController.LOGIN_PATH).permitAll()
            .antMatchers("/").permitAll()
            .anyRequest().denyAll()
            .and()
        .headers()
            .defaultsDisabled()
            .frameOptions()
            .sameOrigin();

    idolSecurityCustomizer.customize(http, authenticationManager());
}
 
Example #10
Source File: WebSecurityConfig.java    From mojito with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    logger.debug("Configuring web security");

    http.headers().cacheControl().disable();

    http.csrf().ignoringAntMatchers("/shutdown", "/api/rotation");

    http.authorizeRequests()
            .antMatchers("/intl/*", "/img/*", "/fonts/*", "/login/**", "/webjars/**", "/cli/**", "/health").permitAll()
            .antMatchers("/shutdown", "/api/rotation").hasIpAddress("127.0.0.1").anyRequest().permitAll()
            .anyRequest().fullyAuthenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .successHandler(new ShowPageAuthenticationSuccessHandler())
            .and()
            .logout().logoutSuccessUrl("/login?logout").permitAll();

    if (headerAuth) {
        http.addFilterBefore(requestHeaderAuthenticationFilter(), BasicAuthenticationFilter.class);
    }

    if (oauth2Enabled) {
        http.addFilterBefore(oauthFilter(), BasicAuthenticationFilter.class);
    }

    http.exceptionHandling().defaultAuthenticationEntryPointFor(new Http401AuthenticationEntryPoint("API_UNAUTHORIZED"), new AntPathRequestMatcher("/api/*"));
    http.exceptionHandling().defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(oauth2Enabled ? "/login/oauth" : "/login"), new AntPathRequestMatcher("/*"));
}
 
Example #11
Source File: AuthConfiguration.java    From apollo with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
  http.csrf().disable();
  http.headers().frameOptions().sameOrigin();
  http.authorizeRequests()
      .antMatchers(BY_PASS_URLS).permitAll()
      .antMatchers("/**").authenticated();
  http.formLogin().loginPage("/signin").defaultSuccessUrl("/", true).permitAll().failureUrl("/signin?#/error").and()
          .httpBasic();
  http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true)
          .logoutSuccessUrl("/signin?#/logout");
  http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));
}
 
Example #12
Source File: AuthConfiguration.java    From apollo with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
  http.csrf().disable();
  http.headers().frameOptions().sameOrigin();
  http.authorizeRequests()
      .antMatchers(BY_PASS_URLS).permitAll()
      .antMatchers("/**").hasAnyRole(USER_ROLE);
  http.formLogin().loginPage("/signin").defaultSuccessUrl("/", true).permitAll().failureUrl("/signin?#/error").and()
      .httpBasic();
  http.logout().logoutUrl("/user/logout").invalidateHttpSession(true).clearAuthentication(true)
      .logoutSuccessUrl("/signin?#/logout");
  http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin"));
}
 
Example #13
Source File: InceptionSecurity.java    From inception with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity aHttp) throws Exception
{
    aHttp
        .rememberMe()
        .and()
        .csrf().disable()
        .authorizeRequests()
            .antMatchers("/login.html*").permitAll()
            // Resources need to be publicly accessible so they don't trigger the login
            // page. Otherwise it could happen that the user is redirected to a resource
            // upon login instead of being forwarded to a proper application page.
            .antMatchers("/favicon.ico").permitAll()
            .antMatchers("/favicon.png").permitAll()
            .antMatchers("/assets/**").permitAll()
            .antMatchers("/images/**").permitAll()
            .antMatchers("/resources/**").permitAll()
            .antMatchers("/wicket/resource/**").permitAll()
            .antMatchers("/swagger-ui.html").access("hasAnyRole('ROLE_REMOTE')")
            .antMatchers("/admin/**").access("hasAnyRole('ROLE_ADMIN')")
            .antMatchers("/doc/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
            .antMatchers("/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
            .anyRequest().denyAll()
        .and()
        .exceptionHandling()
            .defaultAuthenticationEntryPointFor(
                    new LoginUrlAuthenticationEntryPoint("/login.html"), 
                    new AntPathRequestMatcher("/**"))
        .and()
            .headers().frameOptions().sameOrigin();
}
 
Example #14
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
@Bean
public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint(){
    return new LoginUrlAuthenticationEntryPoint("/login/form");
}
 
Example #15
Source File: RestAwareExceptionTranslationFilter.java    From yes-cart with Apache License 2.0 4 votes vote down vote up
public RestAwareExceptionTranslationFilter(final String loginFormUrl) {
    super(new LoginUrlAuthenticationEntryPoint(loginFormUrl));
}
 
Example #16
Source File: BasicAuthSecurityConfiguration.java    From spring-cloud-dashboard with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	final RequestMatcher textHtmlMatcher = new MediaTypeRequestMatcher(
			contentNegotiationStrategy,
			MediaType.TEXT_HTML);

	final String loginPage = dashboard("/#/login");

	final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
	basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm());
	basicAuthenticationEntryPoint.afterPropertiesSet();

	http
		.csrf()
		.disable()
		.authorizeRequests()
		.antMatchers("/")
		.authenticated()
		.antMatchers(
				dashboard("/**"),
				"/authenticate",
				"/security/info",
				"/features",
				"/assets/**").permitAll()
	.and()
		.formLogin().loginPage(loginPage)
		.loginProcessingUrl(dashboard("/login"))
		.defaultSuccessUrl(dashboard("/")).permitAll()
	.and()
		.logout().logoutUrl(dashboard("/logout"))
			.logoutSuccessUrl(dashboard("/logout-success.html"))
		.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).permitAll()
	.and().httpBasic()
		.and().exceptionHandling()
		.defaultAuthenticationEntryPointFor(
				new LoginUrlAuthenticationEntryPoint(loginPage),
				textHtmlMatcher)
		.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint,
				AnyRequestMatcher.INSTANCE)
	.and()
		.authorizeRequests()
		.anyRequest().authenticated();

	final SessionRepositoryFilter<ExpiringSession> sessionRepositoryFilter = new SessionRepositoryFilter<ExpiringSession>(
			sessionRepository());
	sessionRepositoryFilter
			.setHttpSessionStrategy(new HeaderHttpSessionStrategy());

	http.addFilterBefore(sessionRepositoryFilter,
			ChannelProcessingFilter.class).csrf().disable();
	http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
}
 
Example #17
Source File: SecurityManagedConfiguration.java    From hawkbit with Eclipse Public License 1.0 4 votes vote down vote up
@Override
protected void configure(final HttpSecurity http) throws Exception {

    final boolean enableOidc = oidcUserService != null && authenticationSuccessHandler != null;

    // workaround regex: we need to exclude the URL /UI/HEARTBEAT here
    // because we bound the vaadin application to /UI and not to root,
    // described in vaadin-forum:
    // https://vaadin.com/forum#!/thread/3200565.
    HttpSecurity httpSec;
    if (enableOidc) {
        httpSec = http.regexMatcher("(?!.*HEARTBEAT)^.*\\/(UI|oauth2).*$");
    } else {
        httpSec = http.regexMatcher("(?!.*HEARTBEAT)^.*\\/UI.*$");
    }
    // disable as CSRF is handled by Vaadin
    httpSec.csrf().disable();

    if (hawkbitSecurityProperties.isRequireSsl()) {
        httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
    } else {

        LOG.info(
                "\"******************\\n** Requires HTTPS Security has been disabled for UI, should only be used for developing purposes **\\n******************\"");
    }

    if (!StringUtils.isEmpty(hawkbitSecurityProperties.getContentSecurityPolicy())) {
        httpSec.headers().contentSecurityPolicy(hawkbitSecurityProperties.getContentSecurityPolicy());
    }

    // UI
    httpSec.authorizeRequests().antMatchers("/UI/login/**", "/UI/UIDL/**").permitAll()
            .anyRequest().authenticated();

    if (enableOidc) {
        // OIDC
        httpSec.oauth2Login().userInfoEndpoint().oidcUserService(oidcUserService).and()
                .successHandler(authenticationSuccessHandler).and().oauth2Client();
    } else {
        // UI login / Basic auth
        httpSec.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/UI/login"));
    }

    // UI logout
    httpSec.logout().logoutUrl("/UI/logout*").addLogoutHandler(logoutHandler)
            .logoutSuccessHandler(logoutSuccessHandler);

}
 
Example #18
Source File: WebSecurityConfig.java    From jvue-admin with MIT License 4 votes vote down vote up
@Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        
        httpSecurity
            .csrf().disable()	
//                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
//            .and()		
				.userDetailsService(userDetailsService)
                .authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/error").permitAll()
                .antMatchers("/pub/**").permitAll()
                .antMatchers("/v2/api-docs").permitAll()
                .antMatchers("/*.html").permitAll()
                .antMatchers("/**/*.html").permitAll()
                .antMatchers("/swagger-resources").permitAll()
                .antMatchers("/swagger-resources/**").permitAll()
                .antMatchers("/","/admin/").permitAll()
                .antMatchers("/admin/**","/**/favicon.ico", "/webjars/**").permitAll()
                .antMatchers("/**").authenticated()	
             .and()
                .formLogin()
//				.loginPage("/login")
				.usernameParameter("username")
				.passwordParameter("password")
				.successHandler(authenticationSuccessHandler())
				.failureHandler(authenticationFailureHandler())
				.permitAll()
            .and()
            	.oauth2Login()
            	.successHandler(oauth2SuccessHandler())
			.and().
				rememberMe()/* weex下cookie有问题 .alwaysRemember(true)*/
				//.alwaysRemember(true)
				.tokenValiditySeconds(840000)
				.tokenRepository(tokenRepository())
            .and()
            	.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler)
            .and()
                .headers().cacheControl();
        
//        httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        // authenticationEntryPoint(entryPointUnauthorizedHandler)
        RequestMatcher preferredMatcher = new AntPathRequestMatcher("/api/**");
        RequestMatcher allMatcher = new AntPathRequestMatcher("/**");
		httpSecurity.exceptionHandling()
				.defaultAuthenticationEntryPointFor(entryPointUnauthorizedHandler, preferredMatcher)
				.defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), allMatcher)
				.accessDeniedHandler(restAccessDeniedHandler);

    }
 
Example #19
Source File: SecurityConfiguration.java    From spring-google-openidconnect with MIT License 4 votes vote down vote up
@Bean
public AuthenticationEntryPoint authenticationEntryPoint() {
    return new LoginUrlAuthenticationEntryPoint(LOGIN_URL);
}
 
Example #20
Source File: CrustConfigurerAdapter.java    From Milkomeda with MIT License 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
        .sessionManagement().sessionCreationPolicy(props.isStateless() ?
            SessionCreationPolicy.STATELESS : SessionCreationPolicy.IF_REQUIRED).and()
        .formLogin().disable()
        // 支持跨域,从CorsConfigurationSource中取跨域配置
        .cors()
            .and()
            // 禁用iframe跨域
            .headers()
            .frameOptions()
            .disable();

    // 配置预设置
    presetConfigure(http);

    // 如果是无状态方式
    if (props.isStateless()) {
        // 应用Token认证配置器,忽略登出请求
        http.apply(new CrustAuthenticationConfigurer<>(authFailureHandler())).permissiveRequestUrls(props.getLogoutUrl())
                .and()
                .logout()
                .logoutUrl(props.getLogoutUrl())
                .addLogoutHandler((req, res, auth) -> CrustContext.invalidate())
                .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler());
    } else {
        // 自定义session方式登录
        http.httpBasic().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint(props.getLoginUrl()))
                .and()
                .sessionManagement()
                .sessionFixation().changeSessionId()
                .sessionAuthenticationErrorUrl(props.getLoginUrl())
                .sessionAuthenticationFailureHandler(authFailureHandler().get()).and()
        .logout()
                .logoutUrl(props.getLogoutUrl())
                .addLogoutHandler((req, res, auth) -> CrustContext.invalidate())
                .logoutSuccessUrl(props.getLoginUrl())
                .invalidateHttpSession(true);
    }
}
 
Example #21
Source File: MolgenisWebAppSecurityConfig.java    From molgenis with GNU Lesser General Public License v3.0 4 votes vote down vote up
@Bean
public LoginUrlAuthenticationEntryPoint authenticationEntryPoint() {
  return new AjaxAwareLoginUrlAuthenticationEntryPoint(MolgenisLoginController.URI);
}
 
Example #22
Source File: MultipleEntryPointsSecurityConfig.java    From tutorials with MIT License 4 votes vote down vote up
@Bean
public AuthenticationEntryPoint loginUrlauthenticationEntryPoint(){
    return new LoginUrlAuthenticationEntryPoint("/userLogin");
}
 
Example #23
Source File: MultipleEntryPointsSecurityConfig.java    From tutorials with MIT License 4 votes vote down vote up
@Bean
public AuthenticationEntryPoint loginUrlauthenticationEntryPointWithWarning(){
    return new LoginUrlAuthenticationEntryPoint("/userLoginWithWarning");
}