Java Code Examples for org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilterBefore()
The following examples show how to use
org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilterBefore() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SpringSecurityConfig.java From spring-boot-start-current with Apache License 2.0 | 6 votes |
|
@Override
protected void configure ( HttpSecurity httpSecurity ) throws Exception {
httpSecurity
// jwt不需要csrf
.csrf().disable()
// 开启 cors 的支持
.cors().and()
// jwt不需要session , 所以不创建会话
.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS ).and()
// 异常处理
.exceptionHandling().authenticationEntryPoint( jwtAuthenticationEntryPoint ).and()
.authorizeRequests()
.antMatchers( "/**" ).permitAll()
// 除上面外的所有请求全部需要鉴权认证
.anyRequest().authenticated();
JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter(
userDetailsService() ,
jwtTokenUtil ,
tokenHeader
);
// 基于定制JWT安全过滤器
httpSecurity.addFilterBefore( jwtAuthenticationTokenFilter , UsernamePasswordAuthenticationFilter.class );
// 禁用页面缓存
httpSecurity.headers().cacheControl();
}
Example 2
| Source File: WebSecurityConfig.java From server with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().cors();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/").permitAll()
.antMatchers("/user/login").permitAll()
// 以下为agent调用的接口,放行
.antMatchers("/springboot-admin/**").permitAll()
.antMatchers("/upload/file").permitAll()
.antMatchers("/project/list").permitAll()
.antMatchers("/mobile/list").permitAll()
.antMatchers("/mobile/save").permitAll()
.antMatchers("/browser/save").permitAll()
.antMatchers("/driver/downloadUrl").permitAll()
.antMatchers("/deviceTestTask/**").permitAll();
http.authorizeRequests().anyRequest().authenticated();
http.exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint());
http.addFilterBefore(jwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
}
Example 3
| Source File: WebSecurityConfig.java From spring-boot-study with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// 本示例不需要使用CSRF
httpSecurity.csrf().disable()
// 认证页面不需要权限
.authorizeRequests().antMatchers("/authenticate").permitAll().
//其他页面
anyRequest().authenticated().and().
//登录页面 模拟客户端
formLogin().loginPage("/login.html").permitAll().and().
// store user's state.
exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
//不使用session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//验证请求是否正确
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
Example 4
| Source File: WebSecurityConfig.java From angular-spring-api with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(
HttpMethod.GET,
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
.antMatchers("/api/auth/**").permitAll()
.anyRequest().authenticated();
httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
httpSecurity.headers().cacheControl();
}
Example 5
| Source File: WebSecurityConfig.java From Blog with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
//禁用csrf
//options全部放行
//post put delete get 全部拦截校验
httpSecurity.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.POST).authenticated()
.antMatchers(HttpMethod.PUT).authenticated()
.antMatchers(HttpMethod.DELETE).authenticated()
.antMatchers(HttpMethod.GET).authenticated();
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
httpSecurity.headers().cacheControl();
}
Example 6
| Source File: WebSecurityConfig.java From itweet-boot with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
csrf().disable().headers().frameOptions().disable();
http
.authorizeRequests()
.antMatchers("/admin/login","/","/*","/blog/**","/portfolio/**","/tweet/**").permitAll()
.anyRequest().authenticated() //任何请求,登录后可以访问
.and()
.formLogin()
.loginPage("/admin/login")
.failureUrl("/admin/login?error")
.permitAll() //登录页面用户任意访问
.and()
.logout().permitAll(); //注销行为任意访问
http.addFilterBefore(myFilterSecurityInterceptor, FilterSecurityInterceptor.class);
}
Example 7
| Source File: SecurityConfig.java From mall-learning with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf
.disable()
.sessionManagement()// 基于token,所以不需要session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/swagger-resources/**",
"/v2/api-docs/**"
)
.permitAll()
.antMatchers("/admin/login", "/admin/register")// 对登录注册要允许匿名访问
.permitAll()
.antMatchers("/esProduct/**","/member/readHistory/**")// 搜索及会员浏览记录暂时允许匿名访问
.permitAll()
.antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
.permitAll()
// .antMatchers("/**")//测试时全部运行访问
// .permitAll()
.anyRequest()// 除上面外的所有请求全部需要鉴权认证
.authenticated();
// 禁用缓存
httpSecurity.headers().cacheControl();
// 添加JWT filter
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//添加自定义未授权和未登录结果返回
httpSecurity.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler)
.authenticationEntryPoint(restAuthenticationEntryPoint);
}
Example 8
| Source File: WebSecurityConfig.java From mojito with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
logger.debug("Configuring web security");
http.headers().cacheControl().disable();
http.csrf().ignoringAntMatchers("/shutdown", "/api/rotation");
http.authorizeRequests()
.antMatchers("/intl/*", "/img/*", "/fonts/*", "/login/**", "/webjars/**", "/cli/**", "/health").permitAll()
.antMatchers("/shutdown", "/api/rotation").hasIpAddress("127.0.0.1").anyRequest().permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login")
.successHandler(new ShowPageAuthenticationSuccessHandler())
.and()
.logout().logoutSuccessUrl("/login?logout").permitAll();
if (headerAuth) {
http.addFilterBefore(requestHeaderAuthenticationFilter(), BasicAuthenticationFilter.class);
}
if (oauth2Enabled) {
http.addFilterBefore(oauthFilter(), BasicAuthenticationFilter.class);
}
http.exceptionHandling().defaultAuthenticationEntryPointFor(new Http401AuthenticationEntryPoint("API_UNAUTHORIZED"), new AntPathRequestMatcher("/api/*"));
http.exceptionHandling().defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(oauth2Enabled ? "/login/oauth" : "/login"), new AntPathRequestMatcher("/*"));
}
Example 9
| Source File: SecurityConfig.java From BigDataPlatform with GNU General Public License v3.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf
.disable()
.sessionManagement()// 基于token,所以不需要session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/swagger-resources/**",
"/v2/api-docs/**",
"/webjars/springfox-swagger-ui/**"
)
.permitAll()
.antMatchers("/admin/login", "/admin/register")// 对登录注册要允许匿名访问
.permitAll()
.antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
.permitAll()
// .antMatchers("/**")//测试时全部运行访问
// .permitAll()
.anyRequest()// 除上面外的所有请求全部需要鉴权认证
.authenticated();
// 禁用缓存
httpSecurity.headers().cacheControl();
// 添加JWT filter
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//添加自定义未授权和未登录结果返回
httpSecurity.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler)
.authenticationEntryPoint(restAuthenticationEntryPoint);
}
Example 10
| Source File: SecurityConfig.java From MovieApp with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedHandler)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/",
"/favicon.ico",
"/**/*.png",
"/**/*.gif",
"/**/*.svg",
"/**/*.jpg",
"/**/*.html",
"/**/*.css",
"/**/*.js")
.permitAll()
.anyRequest()
.authenticated();
// Add our custom JWT security filter
http.addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
Example 11
| Source File: SecurityConfig.java From mall-learning with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf
.disable()
.sessionManagement()// 基于token,所以不需要session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/swagger-resources/**",
"/v2/api-docs/**"
)
.permitAll()
.antMatchers("/admin/login", "/admin/register")// 对登录注册要允许匿名访问
.permitAll()
.antMatchers("/esProduct/**","/member/readHistory/**","/order/**")// 测试时放开
.permitAll()
.antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
.permitAll()
// .antMatchers("/**")//测试时全部运行访问
// .permitAll()
.anyRequest()// 除上面外的所有请求全部需要鉴权认证
.authenticated();
// 禁用缓存
httpSecurity.headers().cacheControl();
// 添加JWT filter
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//添加自定义未授权和未登录结果返回
httpSecurity.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler)
.authenticationEntryPoint(restAuthenticationEntryPoint);
}
Example 12
| Source File: SecurityConfig.java From HIS with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf
.disable()
.sessionManagement()// 基于token,所以不需要session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/swagger-resources/**",
"/v2/api-docs/**"
)
.permitAll()
.antMatchers("/staff/login", "/staff/register")// 对登录注册要允许匿名访问
.permitAll()
.antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
.permitAll()
.antMatchers("/**")//测试时全部运行访问
.permitAll()
.anyRequest()// 除上面外的所有请求全部需要鉴权认证
.authenticated();
// 禁用缓存
httpSecurity.headers().frameOptions().disable().cacheControl();
// 添加JWT filter
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//添加自定义未授权和未登录结果返回
httpSecurity.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler)
.authenticationEntryPoint(restAuthenticationEntryPoint);
}
Example 13
| Source File: JWTConfigurer.java From gpmr with Apache License 2.0 | 4 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
JWTFilter customFilter = new JWTFilter(tokenProvider);
http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}
Example 14
| Source File: JWTConfigurer.java From jhipster-ribbon-hystrix with GNU General Public License v3.0 | 4 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
JWTFilter customFilter = new JWTFilter(tokenProvider);
http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}
Example 15
| Source File: TokenConfigurer.java From yshopmall with Apache License 2.0 | 4 votes |
|
@Override
public void configure(HttpSecurity http) {
TokenFilter customFilter = new TokenFilter(tokenProvider);
http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}
Example 16
| Source File: JWTConfigurer.java From flair-engine with Apache License 2.0 | 4 votes |
|
@Override
public void configure(HttpSecurity http) {
JWTFilter customFilter = new JWTFilter(tokenProvider);
http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}
Example 17
| Source File: _JWTConfigurer.java From jhipster-ribbon-hystrix with GNU General Public License v3.0 | 4 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
JWTFilter customFilter = new JWTFilter(tokenProvider);
http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}
Example 18
| Source File: RefreshTokenFilterConfigurer.java From tutorials with MIT License | 4 votes |
|
/**
* Install RefreshTokenFilter as a servlet Filter.
*/
@Override
public void configure(HttpSecurity http) throws Exception {
RefreshTokenFilter customFilter = new RefreshTokenFilter(authenticationService, tokenStore);
http.addFilterBefore(customFilter, OAuth2AuthenticationProcessingFilter.class);
}
Example 19
| Source File: WebSecurityConfig.java From digag-server with Apache License 2.0 | 4 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// 由于使用的是JWT,我们这里不需要csrf
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// 基于token,所以不需要session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// 允许对于网站静态资源的无授权访问
.antMatchers(
HttpMethod.GET,
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/webjars/**",
"/swagger-resources/**",
"/*/api-docs"
).permitAll()
// 对于获取token的rest api要允许匿名访问
.antMatchers("/auth/**").permitAll()
.antMatchers("/druid/**").permitAll()
.antMatchers(HttpMethod.GET, "/entries/**", "/articles/**").permitAll()
// 除上面外的所有请求全部需要鉴权认证
.anyRequest().authenticated();
// 添加JWT filter
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
// 禁用缓存
httpSecurity.headers().cacheControl();
}
Example 20
| Source File: TokenConfigurer.java From sk-admin with Apache License 2.0 | 4 votes |
|
@Override
public void configure(HttpSecurity http) {
TokenFilter customFilter = new TokenFilter(tokenProvider);
http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}
