Java Code Examples for org.springframework.security.web.access.channel.ChannelProcessingFilter

The following examples show how to use org.springframework.security.web.access.channel.ChannelProcessingFilter. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: framework   Source File: WebSecurityConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

    http
            .addFilterBefore(new InterfaceAccessKeyFilter(), ChannelProcessingFilter.class)
            .addFilterAfter(new CsrfFilter(), InterfaceAccessKeyFilter.class)
            .addFilterBefore(new TokenFilter(), UsernamePasswordAuthenticationFilter.class)
            .addFilterAfter(new TokenSessionFilter(), TokenFilter.class)
            .addFilterAfter(new PermissionFilter(), TokenSessionFilter.class)
            .csrf().disable()
            .headers().frameOptions().sameOrigin()
            .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
            .and()
                .authorizeRequests().antMatchers("/api/register", "/interface/**", "/api/login", "/api/logout").permitAll()
                .anyRequest().authenticated();

}
 
Example 2
@Override
protected void configure(HttpSecurity http) throws Exception {
	LOG.debug("message Inside InsightsSecurityConfigurationAdapterSAML,HttpSecurity **** {} ",
			ApplicationConfigProvider.getInstance().getAutheticationProtocol());
	if (AUTH_TYPE.equalsIgnoreCase(ApplicationConfigProvider.getInstance().getAutheticationProtocol())) {
		LOG.debug("message Inside SAMLAuthConfig, check http security **** ");

		http.cors();
		http.csrf().ignoringAntMatchers(AuthenticationUtils.CSRF_IGNORE)
				.csrfTokenRepository(authenticationUtils.csrfTokenRepository())
				.and().addFilterAfter(new InsightsCustomCsrfFilter(), CsrfFilter.class);

		http.exceptionHandling().authenticationEntryPoint(samlEntryPoint());
		http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(),
				BasicAuthenticationFilter.class);

		http.anonymous().disable().authorizeRequests().antMatchers("/error").permitAll().antMatchers("/admin/**")
				.access("hasAuthority('Admin')").antMatchers("/saml/**").permitAll()
				// .antMatchers("/user/insightsso/**").permitAll() ///logout
				.anyRequest().authenticated();

		http.logout().logoutSuccessUrl("/");
	}
}
 
Example 3
/**
 * Defines the web based security configuration.
 * 
 * @param   http It allows configuring web based security for specific http requests.
 * @throws  Exception 
 */
@Override  
protected void configure(HttpSecurity http) throws Exception {
    http
        .httpBasic()
            .authenticationEntryPoint(samlEntryPoint());      
    http
    		.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
    		.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class)
    		.addFilterBefore(samlFilter(), CsrfFilter.class);
    http        
        .authorizeRequests()
       		.antMatchers("/").permitAll()
       		.antMatchers("/saml/**").permitAll()
       		.antMatchers("/css/**").permitAll()
       		.antMatchers("/img/**").permitAll()
       		.antMatchers("/js/**").permitAll()
       		.anyRequest().authenticated();
    http
    		.logout()
    			.disable();	// The logout procedure is already handled by SAML filters.
}
 
Example 4
Source Project: blackduck-alert   Source File: AuthenticationHandler.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    configureActiveMQProvider();
    configureWithSSL(http);
    configureH2Console(http);
    http.authorizeRequests()
        .requestMatchers(createAllowedPathMatchers()).permitAll()
        .and().authorizeRequests().anyRequest().authenticated()
        .and().exceptionHandling().authenticationEntryPoint(samlEntryPoint())
        .and().csrf().csrfTokenRepository(csrfTokenRepository).ignoringRequestMatchers(createCsrfIgnoreMatchers())
        .and().addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
        .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class)
        .authorizeRequests().withObjectPostProcessor(createRoleProcessor())
        .and().logout().logoutSuccessUrl("/");
}
 
Example 5
Source Project: spring-tsers-auth   Source File: WebSecurityConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

    http
            .csrf()
            .disable();
    http
            .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
            .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
    http
            .authorizeRequests()
            .antMatchers("/").permitAll()
            .antMatchers("/error").permitAll()
            .antMatchers("/saml/**").permitAll()
            .antMatchers("/css/**").permitAll()
            .anyRequest().authenticated();

    http
            .exceptionHandling().accessDeniedHandler(new AccessDeniedHandlerImpl())
            .authenticationEntryPoint(getAuthEntryPoint())
            .and()
            .formLogin()
            .loginProcessingUrl("/authenticate")
            .usernameParameter("username")
            .passwordParameter("password")
            .successHandler(new FormAuthSuccessHandler())
            .failureHandler(new SimpleUrlAuthenticationFailureHandler())
            .and()
            .logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl("/")
            .permitAll();
}
 
Example 6
Source Project: secure-rest-spring-tut   Source File: ApplicationSecurity.java    License: MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.authorizeRequests()
		.antMatchers(HttpMethod.OPTIONS, "/*/**").permitAll()
		.antMatchers("/login", "/rest/open/**").permitAll()
		.antMatchers("/logout", "/rest/**").authenticated();

	// Handlers and entry points
	http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
	http.formLogin().successHandler(authenticationSuccessHandler);
	http.formLogin().failureHandler(authenticationFailureHandler);

	// Logout
	http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);

	// CORS
	http.addFilterBefore(corsFilter, ChannelProcessingFilter.class);

	// CSRF
	http.csrf().requireCsrfProtectionMatcher(
		new AndRequestMatcher(
			// Apply CSRF protection to all paths that do NOT match the ones below

			// We disable CSRF at login/logout, but only for OPTIONS methods
			new NegatedRequestMatcher(new AntPathRequestMatcher("/login*/**", HttpMethod.OPTIONS.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/logout*/**", HttpMethod.OPTIONS.toString())),

			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.GET.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.HEAD.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.OPTIONS.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.TRACE.toString())),
			new NegatedRequestMatcher(new AntPathRequestMatcher("/rest/open*/**"))
		)
	);
	http.addFilterAfter(new CsrfTokenResponseCookieBindingFilter(), CsrfFilter.class); // CSRF tokens handling
}
 
Example 7
@Override
protected void configure(HttpSecurity http) throws Exception {
	final RequestMatcher textHtmlMatcher = new MediaTypeRequestMatcher(
			contentNegotiationStrategy,
			MediaType.TEXT_HTML);

	final String loginPage = dashboard("/#/login");

	final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
	basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm());
	basicAuthenticationEntryPoint.afterPropertiesSet();

	http
		.csrf()
		.disable()
		.authorizeRequests()
		.antMatchers("/")
		.authenticated()
		.antMatchers(
				dashboard("/**"),
				"/authenticate",
				"/security/info",
				"/features",
				"/assets/**").permitAll()
	.and()
		.formLogin().loginPage(loginPage)
		.loginProcessingUrl(dashboard("/login"))
		.defaultSuccessUrl(dashboard("/")).permitAll()
	.and()
		.logout().logoutUrl(dashboard("/logout"))
			.logoutSuccessUrl(dashboard("/logout-success.html"))
		.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).permitAll()
	.and().httpBasic()
		.and().exceptionHandling()
		.defaultAuthenticationEntryPointFor(
				new LoginUrlAuthenticationEntryPoint(loginPage),
				textHtmlMatcher)
		.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint,
				AnyRequestMatcher.INSTANCE)
	.and()
		.authorizeRequests()
		.anyRequest().authenticated();

	final SessionRepositoryFilter<ExpiringSession> sessionRepositoryFilter = new SessionRepositoryFilter<ExpiringSession>(
			sessionRepository());
	sessionRepositoryFilter
			.setHttpSessionStrategy(new HeaderHttpSessionStrategy());

	http.addFilterBefore(sessionRepositoryFilter,
			ChannelProcessingFilter.class).csrf().disable();
	http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
}