org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint Java Examples

The following examples show how to use org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityConfiguration.java    From cloud-security-xsuaa-integration with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

	//enforce browser login popup with basic authentication
	BasicAuthenticationEntryPoint authEntryPoint = new BasicAuthenticationEntryPoint();
	authEntryPoint.setRealmName("spring-security-basic-auth");

	// @formatter:off
	http.authorizeRequests()
			.antMatchers("/hello-token").hasAuthority("Display")
			.anyRequest().authenticated()
		.and()
			.sessionManagement()
			.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
		.and().exceptionHandling().authenticationEntryPoint(authEntryPoint).and()
			.oauth2ResourceServer()
			.bearerTokenResolver(getTokenBrokerResolver())
			.jwt()
			.jwtAuthenticationConverter(jwtAuthenticationConverter());

	// @formatter:on
}
 
Example #2
Source File: BasicSpringSecurityConfig.java    From freeacs with MIT License 4 votes vote down vote up
private BasicAuthenticationEntryPoint basicEntryPoint() {
    BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
    basicAuthenticationEntryPoint.setRealmName("FreeACS");
    return basicAuthenticationEntryPoint;
}
 
Example #3
Source File: BasicAuthConfig.java    From ods-provisioning-app with Apache License 2.0 4 votes vote down vote up
@Bean
public BasicAuthenticationEntryPoint basicAuthEntryPoint() {
  BasicAuthenticationEntryPoint entryPoint = new BasicAuthenticationEntryPoint();
  entryPoint.setRealmName(idManagerRealm);
  return entryPoint;
}
 
Example #4
Source File: BasicAuthSecurityTestConfig.java    From ods-provisioning-app with Apache License 2.0 4 votes vote down vote up
@Bean
public BasicAuthenticationEntryPoint basicAuthenticationEntryPoint() {
  BasicAuthenticationEntryPoint entryPoint = new BasicAuthenticationEntryPoint();
  entryPoint.setRealmName(TEST_REALM);
  return entryPoint;
}
 
Example #5
Source File: TraderUISecurityConfiguration.java    From java-trader with Apache License 2.0 4 votes vote down vote up
public BasicAuthenticationEntryPoint getBasicAuthenticationEntryPoint() {
    TraderUIAuthenticationEntryPoint entryPoint = new TraderUIAuthenticationEntryPoint();
    entryPoint.setRealmName(REALM);
    return entryPoint;
}
 
Example #6
Source File: TraderUISecurityConfiguration.java    From java-trader with Apache License 2.0 4 votes vote down vote up
@SuppressWarnings("deprecation")
@Bean
public NoOpPasswordEncoder passwordEncoder() {
    BasicAuthenticationEntryPoint a;
    return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
}
 
Example #7
Source File: BasicAuthenticationSpringConfiguration.java    From promregator with Apache License 2.0 4 votes vote down vote up
@Bean
public BasicAuthenticationFilter basicAuthFilter(AuthenticationManager authenticationManager,
		BasicAuthenticationEntryPoint basicAuthEntryPoint) {
	return new BasicAuthenticationFilter(authenticationManager, basicAuthEntryPoint());
}
 
Example #8
Source File: BasicAuthenticationSpringConfiguration.java    From promregator with Apache License 2.0 4 votes vote down vote up
@Bean
public BasicAuthenticationEntryPoint basicAuthEntryPoint() {
	BasicAuthenticationEntryPoint bauth = new BasicAuthenticationEntryPoint();
	bauth.setRealmName("Promregator");
	return bauth;
}
 
Example #9
Source File: SkipperOAuthSecurityConfiguration.java    From spring-cloud-skipper with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

	final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
	basicAuthenticationEntryPoint.setRealmName(SecurityConfigUtils.BASIC_AUTH_REALM_NAME);
	basicAuthenticationEntryPoint.afterPropertiesSet();

	if (opaqueTokenIntrospector != null) {
		BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(
				providerManager(), basicAuthenticationEntryPoint);
		http.addFilter(basicAuthenticationFilter);
	}

	this.authorizationProperties.getAuthenticatedPaths().add(dashboard("/**"));
	this.authorizationProperties.getAuthenticatedPaths().add(dashboard(""));

	ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security =
			http.authorizeRequests()
					.antMatchers(this.authorizationProperties.getPermitAllPaths().toArray(new String[0]))
					.permitAll()
	.antMatchers(this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0]))
	.authenticated();

	security = SecurityConfigUtils.configureSimpleSecurity(security, this.authorizationProperties);
	security.anyRequest().denyAll();

	http.httpBasic().and()
			.logout()
			.logoutSuccessUrl(dashboard("/logout-success-oauth.html"))
			.and().csrf().disable()
			.exceptionHandling()
			.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/api/**"))
			.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/actuator/**"));

	if (opaqueTokenIntrospector != null) {
		http.oauth2ResourceServer()
			.opaqueToken()
				.introspector(opaqueTokenIntrospector());
	} else if (oAuth2ResourceServerProperties.getJwt().getJwkSetUri() != null) {
		http.oauth2ResourceServer()
			.jwt()
				.jwtAuthenticationConverter(grantedAuthoritiesExtractor());
	}

	this.securityStateBean.setAuthenticationEnabled(true);
}
 
Example #10
Source File: BasicAuthSecurityConfiguration.java    From spring-cloud-dashboard with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	final RequestMatcher textHtmlMatcher = new MediaTypeRequestMatcher(
			contentNegotiationStrategy,
			MediaType.TEXT_HTML);

	final String loginPage = dashboard("/#/login");

	final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
	basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm());
	basicAuthenticationEntryPoint.afterPropertiesSet();

	http
		.csrf()
		.disable()
		.authorizeRequests()
		.antMatchers("/")
		.authenticated()
		.antMatchers(
				dashboard("/**"),
				"/authenticate",
				"/security/info",
				"/features",
				"/assets/**").permitAll()
	.and()
		.formLogin().loginPage(loginPage)
		.loginProcessingUrl(dashboard("/login"))
		.defaultSuccessUrl(dashboard("/")).permitAll()
	.and()
		.logout().logoutUrl(dashboard("/logout"))
			.logoutSuccessUrl(dashboard("/logout-success.html"))
		.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).permitAll()
	.and().httpBasic()
		.and().exceptionHandling()
		.defaultAuthenticationEntryPointFor(
				new LoginUrlAuthenticationEntryPoint(loginPage),
				textHtmlMatcher)
		.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint,
				AnyRequestMatcher.INSTANCE)
	.and()
		.authorizeRequests()
		.anyRequest().authenticated();

	final SessionRepositoryFilter<ExpiringSession> sessionRepositoryFilter = new SessionRepositoryFilter<ExpiringSession>(
			sessionRepository());
	sessionRepositoryFilter
			.setHttpSessionStrategy(new HeaderHttpSessionStrategy());

	http.addFilterBefore(sessionRepositoryFilter,
			ChannelProcessingFilter.class).csrf().disable();
	http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
}
 
Example #11
Source File: SecurityManagedConfiguration.java    From hawkbit with Eclipse Public License 1.0 4 votes vote down vote up
@Override
protected void configure(final HttpSecurity http) throws Exception {

    HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable();

    if (securityProperties.getCors().isEnabled()) {
        httpSec = httpSec.cors().and();
    }

    if (securityProperties.isRequireSsl()) {
        httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
    }

    httpSec.authorizeRequests().anyRequest().authenticated()
            .antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
            .hasAnyAuthority(SpPermission.SYSTEM_ADMIN);

    if (oidcBearerTokenAuthenticationFilter != null) {

        // Only get the first client registration. Testing against every
        // client could increase the
        // attack vector
        ClientRegistration clientRegistration = null;
        for (final ClientRegistration cr : clientRegistrationRepository) {
            clientRegistration = cr;
            break;
        }

        Assert.notNull(clientRegistration, "There must be a valid client registration");
        httpSec.oauth2ResourceServer().jwt().jwkSetUri(clientRegistration.getProviderDetails().getJwkSetUri());

        oidcBearerTokenAuthenticationFilter.setClientRegistration(clientRegistration);

        httpSec.addFilterAfter(oidcBearerTokenAuthenticationFilter, BearerTokenAuthenticationFilter.class);
    } else {
        final BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint();
        basicAuthEntryPoint.setRealmName(securityProperties.getBasicRealm());

        httpSec.addFilterBefore(new Filter() {
            @Override
            public void init(final FilterConfig filterConfig) throws ServletException {
                userAuthenticationFilter.init(filterConfig);
            }

            @Override
            public void doFilter(final ServletRequest request, final ServletResponse response,
                    final FilterChain chain) throws IOException, ServletException {
                userAuthenticationFilter.doFilter(request, response, chain);
            }

            @Override
            public void destroy() {
                userAuthenticationFilter.destroy();
            }
        }, RequestHeaderAuthenticationFilter.class);
        httpSec.httpBasic().and().exceptionHandling().authenticationEntryPoint(basicAuthEntryPoint);
    }

    httpSec.addFilterAfter(
            new AuthenticationSuccessTenantMetadataCreationFilter(systemManagement, systemSecurityContext),
            SessionManagementFilter.class);

    httpSec.anonymous().disable();
    httpSec.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
 
Example #12
Source File: AtlasSecurityConfig.java    From incubator-atlas with Apache License 2.0 4 votes vote down vote up
public BasicAuthenticationEntryPoint getAuthenticationEntryPoint() {
    BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
    basicAuthenticationEntryPoint.setRealmName("atlas.com");
    return basicAuthenticationEntryPoint;
}
 
Example #13
Source File: MultipleEntryPointsSecurityConfig.java    From tutorials with MIT License 4 votes vote down vote up
@Bean
public AuthenticationEntryPoint authenticationEntryPoint(){
    BasicAuthenticationEntryPoint entryPoint = new  BasicAuthenticationEntryPoint();
    entryPoint.setRealmName("admin realm");
    return entryPoint;
}