org.springframework.security.web.util.matcher.AndRequestMatcher Java Examples

The following examples show how to use org.springframework.security.web.util.matcher.AndRequestMatcher. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: WebSecurityConfig.java    From bearchoke with Apache License 2.0 6 votes vote down vote up 
@Bean(name = "authFilter")
public Filter authFilter() throws Exception {
    log.info("Creating authFilter...");

    RequestMatcher antReqMatch = new AntPathRequestMatcher(API_LOGIN_URL);

    List<RequestMatcher> reqMatches = new ArrayList<>();
    reqMatches.add(antReqMatch);
    RequestMatcher reqMatch = new AndRequestMatcher(reqMatches);

    UsernamePasswordAuthenticationFilter filter = new UsernamePasswordAuthenticationFilter();
    filter.setPostOnly(true);
    filter.setUsernameParameter(USERNAME);
    filter.setPasswordParameter(PASSWORD);
    filter.setRequiresAuthenticationRequestMatcher(reqMatch);
    filter.setAuthenticationSuccessHandler(apiAuthenticationSuccessHandler);
    filter.setAuthenticationFailureHandler(apiAuthenticationFailureHandler);
    filter.setAuthenticationManager(authenticationManager());

    return filter;
}
Example #2
Source File: ApplicationSecurity.java    From secure-rest-spring-tut with MIT License 5 votes vote down vote up 
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.authorizeRequests()
		.antMatchers(HttpMethod.OPTIONS, "/*/**").permitAll()
		.antMatchers("/login", "/rest/open/**").permitAll()
		.antMatchers("/logout", "/rest/**").authenticated();

	// Handlers and entry points
	http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
	http.formLogin().successHandler(authenticationSuccessHandler);
	http.formLogin().failureHandler(authenticationFailureHandler);

	// Logout
	http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);

	// CORS
	http.addFilterBefore(corsFilter, ChannelProcessingFilter.class);

	// CSRF
	http.csrf().requireCsrfProtectionMatcher(
		new AndRequestMatcher(
			// Apply CSRF protection to all paths that do NOT match the ones below

			// We disable CSRF at login/logout, but only for OPTIONS methods
			new NegatedRequestMatcher(new AntPathRequestMatcher("/login*/**", HttpMethod.OPTIONS.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/logout*/**", HttpMethod.OPTIONS.toString())),

			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.GET.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.HEAD.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.OPTIONS.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.TRACE.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest/open*/**"))
		)
	);
	http.addFilterAfter(new CsrfTokenResponseCookieBindingFilter(), CsrfFilter.class); // CSRF tokens handling
}
Example #3
Source File: WebSecurityConfig.java    From spring-custom-token-auth with MIT License 4 votes vote down vote up 
protected AbstractAuthenticationProcessingFilter createCustomFilter() throws Exception {
	//here we define the interfaces which don't need any authorisation
	AuthFilter filter = new AuthFilter(new NegatedRequestMatcher(
	  new AndRequestMatcher(
		 new AntPathRequestMatcher("/login"),
		 new AntPathRequestMatcher("/health")
	  )
	));
	filter.setAuthenticationManager(authenticationManagerBean());
	return filter;
}