Java Code Examples for org.springframework.security.config.annotation.web.builders.HttpSecurity

The following examples show how to use org.springframework.security.config.annotation.web.builders.HttpSecurity. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Override
protected void configure(HttpSecurity http) {
    try {
        http.csrf().disable();
        http.authorizeRequests()
                .antMatchers("/", "/index.jsf", "/signup.jsf", "/assets/**").permitAll()
                .antMatchers("/javax.faces.resource/**").permitAll()
                .antMatchers("/ui/**").authenticated()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login.jsf")
                .permitAll()
                .failureUrl("/login.jsf?error=true")
                .defaultSuccessUrl("/index.jsf")
                .and()
                .logout()
                .logoutSuccessUrl("/index.jsf");
    } catch (Exception ex) {
        throw new RuntimeException(ex);
    }
}
 
Example 2
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 6 votes vote down vote up
/**
 * This is the equivalent to:
 * <pre>
 *     <http pattern="/resources/**" security="none"/>
 *     <http pattern="/css/**" security="none"/>
 *     <http pattern="/webjars/**" security="none"/>
 * </pre>
 *
 * @param web
 * @throws Exception
 */
@Override
public void configure(final WebSecurity web) throws Exception {

    // Ignore static resources and webjars from Spring Security
    web.ignoring()
            .antMatchers("/resources/**")
            .antMatchers("/css/**")
            .antMatchers("/webjars/**")
    ;

    // Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
    // and not the default Filter from AutoConfiguration.
    final HttpSecurity http = getHttp();
    web.postBuildAction(() -> {
        web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
    });
}
 
Example 3
@Bean
public ResourceServerConfigurer resourceServerConfigurer() {
	return new ResourceServerConfigurer() {
		@Override
		public void configure(HttpSecurity http) throws Exception {
			http.authorizeRequests()
			    .antMatchers(HttpMethod.GET, "/hello").access("#oauth2.hasAnyScope('account', 'message', 'email')");
		}

		@Override
		public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
			resources.resourceId("resource");
		}
		
	};
}
 
Example 4
@Override
public void configure(final HttpSecurity http) throws Exception {

  http.cors()
      .configurationSource(corsConfigurationSource())
      .and()
      .headers()
      .frameOptions()
      .disable()
      .and()
      .csrf()
      .disable()
      .authorizeRequests()
      .antMatchers(securityProperties.getApiMatcher())
      .authenticated();

}
 
Example 5
Source Project: Spring-Boot-Book   Source File: MultiHttpSecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
   // http.antMatcher("/home/**").
    //为了在product页面获取到用户信息,进行了url修改.2019.4.12
    http.antMatcher("/**").
            //指定登录认证的Controller
                    formLogin().usernameParameter("uname").passwordParameter("pwd").loginPage("/home/login").successHandler(
            MemberAuthenticationSuccessHandler).failureHandler(MemberAuthenticationFailHandler)
            .and()
            .authorizeRequests()
            //登录相关
            .antMatchers("/home/login", "/home/register/mobile", "/home/register/email").permitAll()
            .antMatchers("/home/**").hasRole("USER")
            //限制购物车必须登录
            .antMatchers("/cart/","/cart").hasRole("USER");


    //rabc相关

    http.logout().logoutUrl("/home/logout").permitAll();
    http.rememberMe().rememberMeParameter("rememberme");//记住我功能
    http.headers().frameOptions().sameOrigin();//解决X-Frame-Options deny 造成的页面空白,不然后台不能用frame
}
 
Example 6
Source Project: cf-SpringBootTrader   Source File: WebSecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/", "/registration","/hystrix.stream").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/login")
            .permitAll()
            .and()
        .logout()
        .logoutSuccessHandler(logoutSuccessHandler)
            .permitAll();
}
 
Example 7
Source Project: syndesis   Source File: SecurityConfiguration.java    License: Apache License 2.0 6 votes vote down vote up
@Override
@SuppressWarnings("PMD.SignatureDeclareThrowsException")
protected void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .addFilter(requestHeaderAuthenticationFilter())
        .addFilter(new AnonymousAuthenticationFilter("anonymous"))
        .authorizeRequests()
        .antMatchers(HttpMethod.OPTIONS).permitAll()
        .antMatchers(COMMON_NON_SECURED_PATHS).permitAll()
        .antMatchers(HttpMethod.GET, "/api/v1/credentials/callback").permitAll()
        .antMatchers("/api/v1/**").hasRole("AUTHENTICATED")
        .anyRequest().permitAll();

    http.csrf()
        .ignoringAntMatchers(COMMON_NON_SECURED_PATHS)
        .ignoringAntMatchers("/api/v1/credentials/callback")
        .ignoringAntMatchers("/api/v1/atlas/**")
        .csrfTokenRepository(new SyndesisCsrfRepository());
}
 
Example 8
Source Project: ReCiter   Source File: APISecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    APIKeyAuthFilter filter = new APIKeyAuthFilter(principalRequestHeader);
    filter.setAuthenticationManager(new AuthenticationManager() {
	
        @Override
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            String principal = (String) authentication.getPrincipal();
            if (!principalRequestValue.equals(principal))
            {
                throw new BadCredentialsException("The API key was not found or not the expected value.");
            }
            authentication.setAuthenticated(true);
            return authentication;
        }
    });
    if(securityEnabled) {
     httpSecurity.
         antMatcher("/reciter/**").
         csrf().disable().
         sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).
         and().addFilter(filter).authorizeRequests().anyRequest().authenticated();
    }
}
 
Example 9
@Override
public void configure(HttpSecurity http) throws Exception {
    http

            .requestMatcher(new OAuthRequestedMatcher())
            .csrf().disable()
            .anonymous().disable()
            .authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS).permitAll()
            // when restricting access to 'Roles' you must remove the "ROLE_" part role
            // for "ROLE_USER" use only "USER"
            .antMatchers("/api/hello").access("hasAnyRole('USER')")
            .antMatchers("/api/me").hasAnyRole("USER", "ADMIN")
            .antMatchers("/api/admin").hasRole("ADMIN")
            // use the full name when specifying authority access
            .antMatchers("/api/registerUser").hasAuthority("ROLE_REGISTER")
            // restricting all access to /api/** to authenticated users
            .antMatchers("/api/**").authenticated();
}
 
Example 10
@Override
    protected void configure(HttpSecurity http) throws Exception {

//        静态登录页面的配置
        http.formLogin()
                // 登录页面名称,他会去寻找 resources 下的 resources 和 static 目录
                // 静态页面
                //.loginPage("/login.html")
                // 模板引擎
                .loginPage("/oauth/login")
                // 登录表单提交的路径
                // 静态页面
                // .loginProcessingUrl("/authorization/form")
                // 模板引擎
                .loginProcessingUrl(securityProperties.getLoginProcessingUrl());
                // 关闭 csrf 防护,因为对于我们的所有请求来说,都是需要携带身份信息的
                // .and()
                // .csrf().disable();

//        http.httpBasic();
    }
 
Example 11
Source Project: oauth2-protocol-patterns   Source File: SecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http
		.authorizeRequests(authorizeRequests ->
			authorizeRequests
				.anyRequest().authenticated())
		.oauth2Login(oauth2Login ->
			oauth2Login
				.loginPage("/oauth2/authorization/login-client")
				.failureUrl("/login?error")
				.permitAll())
		.logout(logout ->
			logout
				.logoutSuccessUrl("http://localhost:8090/uaa/logout.do?client_id=login-client&redirect=http://localhost:8080"))
		.oauth2Client();
}
 
Example 12
Source Project: spring-oauth2-jwt-jdbc   Source File: SecurityConfig.java    License: MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().ignoringAntMatchers("/login");

    http.authorizeRequests()
            .antMatchers("/login")
            .permitAll()
            .antMatchers("/oauth/token")
            .authenticated()
            .antMatchers("/oauth/authorize")
            .hasAuthority("ROLE_USER")
            .and()
            .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
            .exceptionHandling()
            .authenticationEntryPoint(jwtAuthEndPoint);
}
 
Example 13
Source Project: spring-security-saml-dsl   Source File: SecurityConfiguration.java    License: MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http
		.authorizeRequests()
			.antMatchers("/saml/**").permitAll()
			.anyRequest().authenticated()
			.and()
		.apply(saml())
			.serviceProvider()
				.keyStore()
					.storeFilePath("saml/keystore.jks")
					.password("secret")
					.keyname("spring")
					.keyPassword("secret")
					.and()
				.protocol("https")
				.hostname("localhost:8443")
				.basePath("/")
				.and()
			.identityProvider()
				.metadataFilePath(metadataUrl)
				.and();
}
 
Example 14
Source Project: OpenLRW   Source File: WebSecurityConfig.java    License: Educational Community License v2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
    .csrf().disable() // We don't need CSRF for JWT based authentication
    .exceptionHandling()
    .authenticationEntryPoint(this.authenticationEntryPoint)
    
    .and()
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

    .and()
        .authorizeRequests()
            .antMatchers(ADMIN_LOGIN_ENTRY_POINT).permitAll()
            .antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login end-point
            .antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token refresh end-point
    .and()
        .authorizeRequests()
            .antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected API End-points
    .and()
        .addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
        .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
}
 
Example 15
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 6 votes vote down vote up
/**
 * This is the equivalent to:
 * <pre>
 *     <http pattern="/resources/**" security="none"/>
 *     <http pattern="/css/**" security="none"/>
 *     <http pattern="/webjars/**" security="none"/>
 * </pre>
 *
 * @param web
 * @throws Exception
 */
@Override
public void configure(final WebSecurity web) throws Exception {

    // Ignore static resources and webjars from Spring Security
    web.ignoring()
            .antMatchers("/resources/**")
            .antMatchers("/css/**")
            .antMatchers("/webjars/**")
    ;

    // Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
    // and not the default Filter from AutoConfiguration.
    final HttpSecurity http = getHttp();
    web.postBuildAction(() -> {
        web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
    });
}
 
Example 16
@Override
protected void configure(HttpSecurity http) throws Exception {
	LOG.debug("message Inside InsightsSecurityConfigurationAdapterSAML,HttpSecurity **** {} ",
			ApplicationConfigProvider.getInstance().getAutheticationProtocol());
	if (AUTH_TYPE.equalsIgnoreCase(ApplicationConfigProvider.getInstance().getAutheticationProtocol())) {
		LOG.debug("message Inside SAMLAuthConfig, check http security **** ");

		http.cors();
		http.csrf().ignoringAntMatchers(AuthenticationUtils.CSRF_IGNORE)
				.csrfTokenRepository(authenticationUtils.csrfTokenRepository())
				.and().addFilterAfter(new InsightsCustomCsrfFilter(), CsrfFilter.class);

		http.exceptionHandling().authenticationEntryPoint(samlEntryPoint());
		http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(),
				BasicAuthenticationFilter.class);

		http.anonymous().disable().authorizeRequests().antMatchers("/error").permitAll().antMatchers("/admin/**")
				.access("hasAuthority('Admin')").antMatchers("/saml/**").permitAll()
				// .antMatchers("/user/insightsso/**").permitAll() ///logout
				.anyRequest().authenticated();

		http.logout().logoutSuccessUrl("/");
	}
}
 
Example 17
Source Project: Spring-Security-Third-Edition   Source File: SecurityConfig.java    License: MIT License 6 votes vote down vote up
/**
 * This is the equivalent to:
 * <pre>
 *     <http pattern="/resources/**" security="none"/>
 *     <http pattern="/css/**" security="none"/>
 *     <http pattern="/webjars/**" security="none"/>
 * </pre>
 *
 * @param web
 * @throws Exception
 */
@Override
public void configure(final WebSecurity web) throws Exception {

    // Ignore static resources and webjars from Spring Security
    web.ignoring()
            .antMatchers("/resources/**")
            .antMatchers("/css/**")
            .antMatchers("/webjars/**")
    ;

    // Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
    // and not the default Filter from AutoConfiguration.
    final HttpSecurity http = getHttp();
    web.postBuildAction(() -> {
        web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
    });
}
 
Example 18
@Bean
public WebSecurityConfigurerAdapter webSecurityConfigure(){
    return new WebSecurityConfigurerAdapter() {
        
        @Override
        protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
            http
                .authorizeRequests()
                .antMatchers("/api/signup", "/api/users/username-check")
                .permitAll()
                .and()
                    .authorizeRequests()
                    .regexMatchers(HttpMethod.GET, "^/api/users/[\\d]*(\\/)?$").authenticated()
                    .regexMatchers(HttpMethod.GET, "^/api/users(\\/)?(\\?.+)?$").hasRole("ADMIN")
                    .regexMatchers(HttpMethod.DELETE, "^/api/users/[\\d]*(\\/)?$").hasRole("ADMIN")
                    .regexMatchers(HttpMethod.POST, "^/api/users(\\/)?$").hasRole("ADMIN")
                .and()
                    .authorizeRequests()
                    .antMatchers("/api/**").authenticated()
                .and()
                    .authorizeRequests()
                    .anyRequest().permitAll()
                .and()
                    .sessionManagement()
                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                    .httpBasic()
                .and()
                    .csrf()
                    .disable();
        // @formatter:on
        }
    };
}
 
Example 19
Source Project: OAuth-2.0-Cookbook   Source File: SecurityConfiguration.java    License: MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    //@formatter:off
    http
        .authorizeRequests().antMatchers("/", "/index.html").permitAll().anyRequest().authenticated().and()
        .formLogin().and()
        .logout().permitAll().and()
        .csrf().disable();
  //@formatter:on
}
 
Example 20
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable()
            .authorizeRequests().antMatchers("/login").permitAll()
            .anyRequest().authenticated()
            .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

    http.addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class);
}
 
Example 21
@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http
        .requestMatchers()
        .mvcMatchers("/.well-known/jwks.json")
        .and()
        .authorizeRequests()
        .mvcMatchers("/.well-known/jwks.json").permitAll();
}
 
Example 22
Source Project: macrozheng-mall   Source File: SecurityConfig.java    License: MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf
            .disable()
            .sessionManagement()// 基于token,所以不需要session
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
                    "/",
                    "/*.html",
                    "/favicon.ico",
                    "/**/*.html",
                    "/**/*.css",
                    "/**/*.js",
                    "/swagger-resources/**",
                    "/v2/api-docs/**"
            )
            .permitAll()
            .antMatchers("/admin/login", "/admin/register")// 对登录注册要允许匿名访问
            .permitAll()
            .antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
            .permitAll()
            .antMatchers("/**")//测试时全部运行访问
            .permitAll()
            .anyRequest()// 除上面外的所有请求全部需要鉴权认证
            .authenticated();
    // 禁用缓存
    httpSecurity.headers().cacheControl();
    // 添加JWT filter
    httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    //添加自定义未授权和未登录结果返回
    httpSecurity.exceptionHandling()
            .accessDeniedHandler(restfulAccessDeniedHandler)
            .authenticationEntryPoint(restAuthenticationEntryPoint);
}
 
Example 23
Source Project: webanno   Source File: WebAnnoSecurity.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity aHttp) throws Exception
{
    aHttp
        .rememberMe()
        .and()
        .csrf().disable()
        .addFilterBefore(preAuthFilter(), RequestHeaderAuthenticationFilter.class)
        .authorizeRequests()
            // Resources need to be publicly accessible so they don't trigger the login
            // page. Otherwise it could happen that the user is redirected to a resource
            // upon login instead of being forwarded to a proper application page.
            .antMatchers("/favicon.ico").permitAll()
            .antMatchers("/favicon.png").permitAll()
            .antMatchers("/assets/**").permitAll()
            .antMatchers("/images/**").permitAll()
            .antMatchers("/resources/**").permitAll()
            .antMatchers("/wicket/resource/**").permitAll()
            .antMatchers("/swagger-ui.html").access("hasAnyRole('ROLE_REMOTE')")
            .antMatchers("/admin/**").access("hasAnyRole('ROLE_ADMIN')")
            .antMatchers("/doc/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
            .antMatchers("/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
            .anyRequest().denyAll()
        .and()
        .exceptionHandling()
            .authenticationEntryPoint(new Http403ForbiddenEntryPoint())
        .and()
            .headers().frameOptions().sameOrigin();
}
 
Example 24
Source Project: Taroco   Source File: WebSecurityConfigration.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry =
            http
                    // 默认的用户名密码认证器
                    .authenticationProvider(daoAuthenticationProvider())
                    .apply(mobileTokenAuthenticationSecurityConfigration)
                    .and()
                    .apply(smsCodeAuthenticationSecurityConfigration)
                    .and()
                    .addFilterAt(customAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
                    .formLogin().loginPage("/").permitAll()
                    .loginProcessingUrl("/login").permitAll()
                    .and().logout().logoutUrl("/logout").permitAll().logoutSuccessHandler(logoutSuccessHandler)
                    // 异常处理filter: ExceptionTranslationFilter
                    .and().exceptionHandling()
                    // 匿名用户访问无权限资源时的异常
                    //.authenticationEntryPoint(exceptionEntryPoint)
                    // 认证过的用户访问无权限资源时的异常
                    .accessDeniedHandler(accessDeniedHandler)
                    // 开启RememberMe
                    .and().rememberMe().key(RM_KEY).rememberMeServices(rememberMeServices())
                    .and().authorizeRequests();

    final List<String> urlPermitAll = oauth2Properties.getUrlPermitAll();
    urlPermitAll.forEach(url -> registry.antMatchers(url).permitAll());
    registry.anyRequest().authenticated().and().cors().and().csrf().disable();
}
 
Example 25
Source Project: find   Source File: ReverseProxyIdolSecurityCustomizer.java    License: MIT License 5 votes vote down vote up
@SuppressWarnings("ProhibitedExceptionDeclared")
@Override
public void customize(final HttpSecurity http, final AuthenticationManager authenticationManager) throws Exception {
    final J2eePreAuthenticatedProcessingFilter filter = new J2eePreAuthenticatedProcessingFilter() {
        @Override
        protected Object getPreAuthenticatedPrincipal(final HttpServletRequest httpRequest) {
            return StringUtils.isNotBlank(preAuthenticatedUsername) ? preAuthenticatedUsername
                : super.getPreAuthenticatedPrincipal(httpRequest);
        }
    };
    filter.setAuthenticationManager(authenticationManager);

    http.addFilter(filter);
}
 
Example 26
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/api/configuration").permitAll()
            .antMatchers("/hystrix.stream").permitAll()
            .anyRequest().authenticated()
            .and()
            .httpBasic().disable();
}
 
Example 27
@Override
protected void configure(HttpSecurity http) throws Exception {
  http
      .authorizeRequests().anyRequest().permitAll()
      .and()
      .httpBasic().disable()
      .csrf().disable();
}
 
Example 28
Source Project: pacbot   Source File: AuthConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	http.anonymous().and().antMatcher("/user").authorizeRequests()
	.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().
        antMatchers(AUTH_WHITELIST).permitAll().
        anyRequest().authenticated()
	.and()
       .csrf()
       .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
 
Example 29
@Override
public void configure(HttpSecurity http) {
    TenantAuthenticationProvider provider = new TenantAuthenticationProvider();
    provider.setUserDetailsService(userDetailsService);
    provider.setPasswordEncoder(passwordEncoder);
    http.authenticationProvider(provider);
}
 
Example 30
Source Project: cola-cloud   Source File: SecurityAccessAutoConfiguration.java    License: MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    //排除Swagger文档
    http.authorizeRequests().antMatchers("/v2/api-docs").permitAll().and().csrf().disable()
            .authorizeRequests().anyRequest().authenticated().filterSecurityInterceptorOncePerRequest(false)
            .and().addFilterAfter(securityAccessInterceptor(), FilterSecurityInterceptor.class);
    log.info("Security Access Control is enabled on Web Application");
}