Java Code Examples for org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilterAfter()
The following examples show how to use
org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilterAfter() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: JwtSecurityConfiguration.java From cola with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests()
.antMatchers("/login", "/logout", "/error").permitAll()
.and()
.formLogin()
.loginProcessingUrl("/login")
.failureHandler(this.failureHandler())
.successHandler(this.successHandler())
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessHandler(new JwtLogoutSuccessHandler())
.and()
.exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint())
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterAfter(this.jwtAuthenticationFilter, SecurityContextPersistenceFilter.class);
}
Example 2
| Source File: SecurityConfig.java From Spring with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.regexMatchers("/chief/.*").hasRole("CHIEF")
.regexMatchers("/agent/.*").access("hasRole('USER') and principal.name='James Bond'")
.anyRequest().authenticated()
.and().httpBasic()
.and().requiresChannel().anyRequest().requiresSecure();
http.exceptionHandling().accessDeniedPage("/accessDenied");
http.formLogin().loginPage("/login").permitAll();
http.logout().logoutUrl("/customlogout");
http.addFilterBefore(securityContextPersistenceFilter(), SecurityContextPersistenceFilter.class);
http.addFilterAt(exceptionTranslationFilter(), ExceptionTranslationFilter.class);
http.addFilter(filterSecurityInterceptor()); // This ensures filter ordering by default
http.addFilterAfter(new CustomFilter(), FilterSecurityInterceptor.class);
}
Example 3
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
// 动态权限验证
.anyRequest().access("@accessManager.check(request,authentication)")
.and()
//认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
.exceptionHandling()
.accessDeniedHandler(new JsonAccessDeniedHandler(accessLogService))
.authenticationEntryPoint(new JsonAuthenticationEntryPoint(accessLogService))
.and()
.csrf().disable();
// 日志前置过滤器
http.addFilterBefore(new PreRequestFilter(), AbstractPreAuthenticatedProcessingFilter.class);
// 签名验证过滤器
http.addFilterAfter(new PreSignatureFilter(baseAppServiceClient, apiProperties,new JsonSignatureDeniedHandler(accessLogService)), AbstractPreAuthenticatedProcessingFilter.class);
// 访问验证前置过滤器
http.addFilterAfter(new PreCheckFilter(accessManager, new JsonAccessDeniedHandler(accessLogService)), AbstractPreAuthenticatedProcessingFilter.class);
}
Example 4
| Source File: InsightsSecurityConfigurationAdapterKerberos.java From Insights with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
LOG.debug("message Inside InsightsSecurityConfigurationAdapterKerberos,HttpSecurity **** {} ",
ApplicationConfigProvider.getInstance().getAutheticationProtocol());
if (AUTH_TYPE.equalsIgnoreCase(ApplicationConfigProvider.getInstance().getAutheticationProtocol())) {
LOG.debug("message Inside SAMLAuthConfig, check http security **** ");
http.cors();
http.csrf().ignoringAntMatchers(AuthenticationUtils.CSRF_IGNORE)
.csrfTokenRepository(authenticationUtils.csrfTokenRepository())
.and().addFilterAfter(new InsightsCustomCsrfFilter(), CsrfFilter.class);
http.exceptionHandling().authenticationEntryPoint(spnegoEntryPoint());
http.addFilterAfter(kerberosFilter(),
BasicAuthenticationFilter.class);
http.anonymous().disable().authorizeRequests().antMatchers("/error").permitAll().antMatchers("/admin/**")
.access("hasAuthority('Admin')").antMatchers("/saml/**").permitAll()
//.antMatchers("/user/insightsso/**").permitAll() ///logout
.anyRequest().authenticated();
http.logout().logoutSuccessUrl("/");
}
}
Example 5
| Source File: NiFiRegistrySecurityConfig.java From nifi-registry with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.rememberMe().disable()
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(http401AuthenticationEntryPoint())
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// Apply security headers for registry API. Security headers for docs and UI are applied with Jetty filters in registry-core.
http.headers().xssProtection();
http.headers().contentSecurityPolicy("frame-ancestors 'self'");
http.headers().httpStrictTransportSecurity().maxAgeInSeconds(31540000);
http.headers().frameOptions().sameOrigin();
// x509
http.addFilterBefore(x509AuthenticationFilter(), AnonymousAuthenticationFilter.class);
// jwt
http.addFilterBefore(jwtAuthenticationFilter(), AnonymousAuthenticationFilter.class);
// otp
// todo, if needed one-time password auth filter goes here
// add an anonymous authentication filter that will populate the authenticated,
// anonymous user if no other user identity is detected earlier in the Spring filter chain
http.anonymous().authenticationFilter(anonymousAuthenticationFilter);
// After Spring Security filter chain is complete (so authentication is done),
// but before the Jersey application endpoints get the request,
// insert the ResourceAuthorizationFilter to do its authorization checks
http.addFilterAfter(resourceAuthorizationFilter(), FilterSecurityInterceptor.class);
}
Example 6
| Source File: CustomWebSecurityConfigurerAdapter.java From tutorials with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/securityNone")
.permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint);
http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
}
Example 7
| Source File: CustomWebSecurityConfigurerAdapter.java From tutorials with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/securityNone")
.permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint);
http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
}
Example 8
| Source File: NiFiWebApiSecurityConfiguration.java From nifi with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
.rememberMe().disable()
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// x509
http.addFilterBefore(x509FilterBean(), AnonymousAuthenticationFilter.class);
// jwt
http.addFilterBefore(jwtFilterBean(), AnonymousAuthenticationFilter.class);
// otp
http.addFilterBefore(otpFilterBean(), AnonymousAuthenticationFilter.class);
// knox
http.addFilterBefore(knoxFilterBean(), AnonymousAuthenticationFilter.class);
// anonymous
http.addFilterAfter(anonymousFilterBean(), AnonymousAuthenticationFilter.class);
// disable default anonymous handling because it doesn't handle conditional authentication well
http.anonymous().disable();
}
Example 9
| Source File: ApplicationSecurity.java From secure-rest-spring-tut with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/*/**").permitAll()
.antMatchers("/login", "/rest/open/**").permitAll()
.antMatchers("/logout", "/rest/**").authenticated();
// Handlers and entry points
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.formLogin().successHandler(authenticationSuccessHandler);
http.formLogin().failureHandler(authenticationFailureHandler);
// Logout
http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
// CORS
http.addFilterBefore(corsFilter, ChannelProcessingFilter.class);
// CSRF
http.csrf().requireCsrfProtectionMatcher(
new AndRequestMatcher(
// Apply CSRF protection to all paths that do NOT match the ones below
// We disable CSRF at login/logout, but only for OPTIONS methods
new NegatedRequestMatcher(new AntPathRequestMatcher("/login*/**", HttpMethod.OPTIONS.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/logout*/**", HttpMethod.OPTIONS.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.GET.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.HEAD.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.OPTIONS.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.TRACE.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/rest/open*/**"))
)
);
http.addFilterAfter(new CsrfTokenResponseCookieBindingFilter(), CsrfFilter.class); // CSRF tokens handling
}
Example 10
| Source File: ServletContainerConfiguration.java From haven-platform with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
final String uiPrefix = "/ui/";
final String loginUrl = uiPrefix + "login.html";
TokenAuthFilterConfigurer<HttpSecurity> tokenFilterConfigurer =
new TokenAuthFilterConfigurer<>(new RequestTokenHeaderRequestMatcher(),
new TokenAuthProvider(tokenValidator, userDetailsService, authProcessor));
http.csrf().disable()
.authenticationProvider(provider).userDetailsService(userDetailsService)
.anonymous().principal(SecurityUtils.USER_ANONYMOUS).and()
.authorizeRequests().antMatchers(uiPrefix + "/token/login").permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()//allow CORS option calls
.antMatchers(uiPrefix + "**").authenticated()
.and().headers().cacheControl().disable()
.and().formLogin().loginPage(loginUrl).permitAll().defaultSuccessUrl(uiPrefix)
.and().logout().logoutUrl(uiPrefix + "logout").logoutSuccessUrl(loginUrl)
.and().apply(tokenFilterConfigurer);
// enable after testing
// .and().sessionManagement()
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// X-Frame-Options
http.headers()
.frameOptions().sameOrigin();
http.addFilterAfter(new AccessContextFilter(aclContextFactory), SwitchUserFilter.class);
//we use basic in testing and scripts
if (basicAuthEnable) {
http.httpBasic();
}
}
Example 11
| Source File: WebSecurityConfigurer.java From bdf3 with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.headers().frameOptions().disable();
http.headers().xssProtection().disable();
http.headers().disable();
FilterSecurityInterceptor securityInterceptor = createFilterSecurityInterceptor();
http.addFilterAfter(securityInterceptor, org.springframework.security.web.access.intercept.FilterSecurityInterceptor.class);
http.setSharedObject(FilterSecurityInterceptor.class, securityInterceptor);
}
Example 12
| Source File: SpringSecurityConfig.java From springboot_security_restful_api with Apache License 2.0 | 5 votes |
|
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/api/admin/**").hasRole("ADMIN")
.antMatchers("/api/basic/**").hasRole("BASIC")
.antMatchers("/api/session").permitAll()
.antMatchers(HttpMethod.GET).permitAll()
.antMatchers("/api/**").hasRole("BASIC");
http.formLogin();
http.logout()
.logoutUrl("/api/session/logout")
.addLogoutHandler(customLogoutHandler)
.logoutSuccessHandler(customLogoutHandler);
http.exceptionHandling()
.accessDeniedHandler(customAccessDeniedHandler)
.authenticationEntryPoint(customAccessDeniedHandler);
http.csrf()
.ignoringAntMatchers("/api/session/**");
http.addFilterBefore(new AcceptHeaderLocaleFilter(), UsernamePasswordAuthenticationFilter.class);
http.addFilterAt(customAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
http.addFilterAfter(new CsrfTokenResponseHeaderBindingFilter(), CsrfFilter.class);
}
Example 13
| Source File: JwtUsernamePasswordFiterLoginConfig.java From quartz-manager with Apache License 2.0 | 4 votes |
|
@Override
public HttpSecurity login(String loginPath, HttpSecurity http, AuthenticationManager authenticationManager) throws Exception {
log.debug("Configuring login through JwtAuthenticationFilter...");
return http.addFilterAfter(authenticationProcessingFilter(loginPath, authenticationManager), AbstractPreAuthenticatedProcessingFilter.class);
}
Example 14
| Source File: AtlasSecurityConfig.java From atlas with Apache License 2.0 | 4 votes |
|
protected void configure(HttpSecurity httpSecurity) throws Exception {
//@formatter:off
httpSecurity
.authorizeRequests().anyRequest().authenticated()
.and()
.headers()
.addHeaderWriter(new StaticHeadersWriter(HeadersUtil.CONTENT_SEC_POLICY_KEY, HeadersUtil.headerMap.get(HeadersUtil.CONTENT_SEC_POLICY_KEY)))
.addHeaderWriter(new StaticHeadersWriter(SERVER_KEY, HeadersUtil.headerMap.get(SERVER_KEY)))
.and()
.servletApi()
.and()
.csrf().disable()
.sessionManagement()
.enableSessionUrlRewriting(false)
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
.sessionFixation()
.newSession()
.and()
.httpBasic()
.authenticationEntryPoint(getDelegatingAuthenticationEntryPoint())
.and()
.formLogin()
.loginPage("/login.jsp")
.loginProcessingUrl("/j_spring_security_check")
.successHandler(successHandler)
.failureHandler(failureHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.and()
.logout()
.logoutSuccessUrl("/login.jsp")
.deleteCookies("ATLASSESSIONID")
.logoutUrl("/logout.html");
//@formatter:on
boolean configMigrationEnabled = !StringUtils.isEmpty(configuration.getString(ATLAS_MIGRATION_MODE_FILENAME));
if (configuration.getBoolean("atlas.server.ha.enabled", false) ||
configMigrationEnabled) {
if(configMigrationEnabled) {
LOG.info("Atlas is in Migration Mode, enabling ActiveServerFilter");
} else {
LOG.info("Atlas is in HA Mode, enabling ActiveServerFilter");
}
httpSecurity.addFilterAfter(activeServerFilter, BasicAuthenticationFilter.class);
}
httpSecurity
.addFilterAfter(staleTransactionCleanupFilter, BasicAuthenticationFilter.class)
.addFilterBefore(ssoAuthenticationFilter, BasicAuthenticationFilter.class)
.addFilterAfter(atlasAuthenticationFilter, SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(csrfPreventionFilter, AtlasAuthenticationFilter.class);
if (keycloakEnabled) {
httpSecurity
.logout().addLogoutHandler(keycloakLogoutHandler()).and()
.addFilterBefore(keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
.addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(keycloakAuthenticatedActionsRequestFilter(), KeycloakSecurityContextRequestFilter.class);
}
}
Example 15
| Source File: SecurityManagedConfiguration.java From hawkbit with Eclipse Public License 1.0 | 4 votes |
|
@Override
protected void configure(final HttpSecurity http) throws Exception {
HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable();
if (securityProperties.getCors().isEnabled()) {
httpSec = httpSec.cors().and();
}
if (securityProperties.isRequireSsl()) {
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
}
httpSec.authorizeRequests().anyRequest().authenticated()
.antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN);
if (oidcBearerTokenAuthenticationFilter != null) {
// Only get the first client registration. Testing against every
// client could increase the
// attack vector
ClientRegistration clientRegistration = null;
for (final ClientRegistration cr : clientRegistrationRepository) {
clientRegistration = cr;
break;
}
Assert.notNull(clientRegistration, "There must be a valid client registration");
httpSec.oauth2ResourceServer().jwt().jwkSetUri(clientRegistration.getProviderDetails().getJwkSetUri());
oidcBearerTokenAuthenticationFilter.setClientRegistration(clientRegistration);
httpSec.addFilterAfter(oidcBearerTokenAuthenticationFilter, BearerTokenAuthenticationFilter.class);
} else {
final BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint();
basicAuthEntryPoint.setRealmName(securityProperties.getBasicRealm());
httpSec.addFilterBefore(new Filter() {
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
userAuthenticationFilter.init(filterConfig);
}
@Override
public void doFilter(final ServletRequest request, final ServletResponse response,
final FilterChain chain) throws IOException, ServletException {
userAuthenticationFilter.doFilter(request, response, chain);
}
@Override
public void destroy() {
userAuthenticationFilter.destroy();
}
}, RequestHeaderAuthenticationFilter.class);
httpSec.httpBasic().and().exceptionHandling().authenticationEntryPoint(basicAuthEntryPoint);
}
httpSec.addFilterAfter(
new AuthenticationSuccessTenantMetadataCreationFilter(systemManagement, systemSecurityContext),
SessionManagementFilter.class);
httpSec.anonymous().disable();
httpSec.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
Example 16
| Source File: AtlasSecurityConfig.java From incubator-atlas with Apache License 2.0 | 4 votes |
|
protected void configure(HttpSecurity httpSecurity) throws Exception {
//@formatter:off
httpSecurity
.authorizeRequests().anyRequest().authenticated()
.and()
.headers().disable()
.servletApi()
.and()
.csrf().disable()
.sessionManagement()
.enableSessionUrlRewriting(false)
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
.sessionFixation()
.newSession()
.and()
.formLogin()
.loginPage("/login.jsp")
.loginProcessingUrl("/j_spring_security_check")
.successHandler(successHandler)
.failureHandler(failureHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.and()
.logout()
.logoutSuccessUrl("/login.jsp")
.deleteCookies("ATLASSESSIONID")
.logoutUrl("/logout.html")
.and()
.httpBasic()
.authenticationEntryPoint(getDelegatingAuthenticationEntryPoint());
//@formatter:on
if (configuration.getBoolean("atlas.server.ha.enabled", false)) {
LOG.info("Atlas is in HA Mode, enabling ActiveServerFilter");
httpSecurity.addFilterAfter(activeServerFilter, BasicAuthenticationFilter.class);
}
httpSecurity
.addFilterAfter(staleTransactionCleanupFilter, BasicAuthenticationFilter.class)
.addFilterAfter(ssoAuthenticationFilter, BasicAuthenticationFilter.class)
.addFilterAfter(atlasAuthenticationFilter, SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(csrfPreventionFilter, AtlasAuthenticationFilter.class)
.addFilterAfter(atlasAuthorizationFilter, FilterSecurityInterceptor.class);
}
Example 17
| Source File: ClientErrorLoggingConfigurer.java From tutorials with MIT License | 4 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.addFilterAfter(new ClientErrorLoggingFilter(errorCodes), FilterSecurityInterceptor.class);
}
Example 18
| Source File: SecurityConfig.java From para with Apache License 2.0 | 4 votes |
|
private void registerAuthFilters(HttpSecurity http) throws Exception {
if (passwordFilter != null) {
passwordFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(passwordFilter, BasicAuthenticationFilter.class);
}
if (passwordlessFilter != null) {
passwordlessFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(passwordlessFilter, BasicAuthenticationFilter.class);
}
if (openidFilter != null) {
openidFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(openidFilter, BasicAuthenticationFilter.class);
}
if (facebookFilter != null) {
facebookFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(facebookFilter, BasicAuthenticationFilter.class);
}
if (googleFilter != null) {
googleFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(googleFilter, BasicAuthenticationFilter.class);
}
if (linkedinFilter != null) {
linkedinFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(linkedinFilter, BasicAuthenticationFilter.class);
}
if (twitterFilter != null) {
twitterFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(twitterFilter, BasicAuthenticationFilter.class);
}
if (githubFilter != null) {
githubFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(githubFilter, BasicAuthenticationFilter.class);
}
if (microsoftFilter != null) {
microsoftFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(microsoftFilter, BasicAuthenticationFilter.class);
}
if (slackFilter != null) {
slackFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(slackFilter, BasicAuthenticationFilter.class);
}
if (amazonFilter != null) {
amazonFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(amazonFilter, BasicAuthenticationFilter.class);
}
if (oauth2Filter != null) {
oauth2Filter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(oauth2Filter, BasicAuthenticationFilter.class);
}
if (ldapFilter != null) {
ldapFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(ldapFilter, BasicAuthenticationFilter.class);
}
if (samlFilter != null) {
samlFilter.setAuthenticationManager(authenticationManager());
http.addFilterAfter(samlFilter, BasicAuthenticationFilter.class);
}
http.addFilterAfter(samlMetaFilter, BasicAuthenticationFilter.class);
}
Example 19
| Source File: SsoSecurityConfigurer.java From spring-security-oauth2-boot with Apache License 2.0 | 4 votes |
|
@Override
public void configure(HttpSecurity builder) throws Exception {
OAuth2ClientAuthenticationProcessingFilter ssoFilter = this.filter;
ssoFilter.setSessionAuthenticationStrategy(builder.getSharedObject(SessionAuthenticationStrategy.class));
builder.addFilterAfter(ssoFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
Example 20
| Source File: SecurityConfig.java From ambari-logsearch with Apache License 2.0 | 4 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.headers()
.addHeaderWriter(
new LogSearchCompositeHeaderWriter("https".equals(logSearchHttpConfig.getProtocol()),
new XXssProtectionHeaderWriter(),
new XFrameOptionsHeaderWriter(XFrameOptionsHeaderWriter.XFrameOptionsMode.DENY),
new XContentTypeOptionsHeaderWriter(),
new StaticHeadersWriter("Pragma", "no-cache"),
new StaticHeadersWriter("Cache-Control", "no-store")))
.and()
.csrf().disable()
.authorizeRequests()
.requestMatchers(requestMatcher())
.permitAll()
.antMatchers("/**")
.hasRole("USER")
.and()
.authenticationProvider(logsearchAuthenticationProvider())
.httpBasic()
.authenticationEntryPoint(logsearchAuthenticationEntryPoint())
.and()
.addFilterBefore(logsearchTrustedProxyFilter(), BasicAuthenticationFilter.class)
.addFilterAfter(logsearchKRBAuthenticationFilter(), LogsearchTrustedProxyFilter.class)
.addFilterBefore(logsearchUsernamePasswordAuthenticationFilter(), LogsearchKRBAuthenticationFilter.class)
.addFilterAfter(securityContextFormationFilter(), FilterSecurityInterceptor.class)
.addFilterAfter(logsearchMetadataFilter(), LogsearchSecurityContextFormationFilter.class)
.addFilterAfter(logsearchAuditLogFilter(), LogsearchSecurityContextFormationFilter.class)
.addFilterAfter(logsearchServiceLogFilter(), LogsearchSecurityContextFormationFilter.class)
.addFilterAfter(logSearchConfigStateFilter(), LogsearchSecurityContextFormationFilter.class)
.addFilterBefore(logsearchCorsFilter(), LogsearchSecurityContextFormationFilter.class)
.addFilterBefore(logsearchJwtFilter(), LogsearchSecurityContextFormationFilter.class)
.logout()
.logoutUrl("/logout")
.deleteCookies(getCookies())
.logoutSuccessHandler(new LogsearchLogoutSuccessHandler());
if ((logSearchConfigApiConfig.isSolrFilterStorage() || logSearchConfigApiConfig.isZkFilterStorage())
&& !logSearchConfigApiConfig.isConfigApiEnabled())
http.addFilterAfter(logSearchLogLevelFilterManagerFilter(), LogsearchSecurityContextFormationFilter.class);
}
