Java Code Examples for org.springframework.security.config.annotation.web.builders.HttpSecurity#anonymous()
The following examples show how to use
org.springframework.security.config.annotation.web.builders.HttpSecurity#anonymous() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
// .antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// SSL / TLS x509 support
/*http.x509()
.userDetailsService(calendarUserDetailsService)
// .x509AuthenticationFilter(x509Filter())
;*/
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 2
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.addFilterAt(casFilter, CasAuthenticationFilter.class);
http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl(casServerLogout)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 3
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Session Management
http.sessionManagement().sessionFixation().none();
// Logout:
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling().accessDeniedPage("/errors/403");
// remember me configuration
http.rememberMe()
.key("jbcpCalendar")
// .rememberMeParameter("obscure-remember-me")
// .rememberMeCookieName("obscure-remember-me")
// .rememberMeServices(rememberMeServices)
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 4
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.addFilterAt(casFilter, CasAuthenticationFilter.class);
http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl(casServerLogout)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 5
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
/*http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();*/
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout")
.deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
http.addFilterAt(casFilter, CasAuthenticationFilter.class);
// Exception Handling
http.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 6
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout")
.deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 7
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.addFilterAt(casFilter, CasAuthenticationFilter.class);
http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl(casServerLogout)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 8
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Access Decision Manager
http.authorizeRequests()
.anyRequest()
.authenticated()
.accessDecisionManager(accessDecisionManager)
;
// Matching
/*http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");*/
//<expression-handler ref="customWebSecurityExpressionHandler"/>
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 9
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// SSL / TLS x509 support
/*http.x509()
.userDetailsService(calendarUserDetailsService)
// .x509AuthenticationFilter(x509Filter())
;*/
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 10
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout")
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling().accessDeniedPage("/errors/403");
// remember me configuration
http.rememberMe()
.key("jbcpCalendar")
// .rememberMeParameter("obscure-remember-me")
// .rememberMeCookieName("obscure-remember-me")
.rememberMeServices(rememberMeServices);
// SSL / TLS x509 support
http.x509().userDetailsService(userDetailsService);
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 11
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/", "/favicon*").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signin/**").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.requestCache().requestCache(new NullRequestCache());
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 12
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 13
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests()
.expressionHandler(webSecurityExpressionHandler);
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
// .antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
// NOTE: "/events/" is now protected by ACL:
// .antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// remember me configuration
http.rememberMe().key("jbcpCalendar"); //.rememberMeParameter("_spring_security_remember_me");
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
// .authenticationEntryPoint(forbiddenEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 14
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// .expressionHandler(expressionHandler)
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
// .antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
// NOTE: "/events/" is now protected by ACL:
// .antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// remember me configuration
http.rememberMe().key("jbcpCalendar"); //.rememberMeParameter("_spring_security_remember_me");
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
// .authenticationEntryPoint(forbiddenEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 15
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Session Management
http.sessionManagement()
// FIXME: TODO: With running STATELESS, login token is not saved.
.sessionCreationPolicy(SessionCreationPolicy.NEVER)
.sessionAuthenticationStrategy(
sessionAuthenticationStrategy
)
.maximumSessions(-1).sessionRegistry(sessionRegistry)
.expiredUrl("/login/form?expired")
.maxSessionsPreventsLogin(true)
;
// Logout:
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling().accessDeniedPage("/errors/403");
// remember me configuration
// http.rememberMe()
// .key("jbcpCalendar")
// .rememberMeParameter("obscure-remember-me")
// .rememberMeCookieName("obscure-remember-me")
// .rememberMeServices(rememberMeServices)
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 16
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
// .antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// remember me configuration
http.rememberMe().key("jbcpCalendar"); //.rememberMeParameter("_spring_security_remember_me");
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
// .authenticationEntryPoint(forbiddenEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 17
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// .expressionHandler(expressionHandler)
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
// .antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
// NOTE: "/events/" is now protected by ACL:
// .antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// remember me configuration
http.rememberMe().key("jbcpCalendar"); //.rememberMeParameter("_spring_security_remember_me");
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
// .authenticationEntryPoint(forbiddenEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 18
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/", "/favicon*").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signin/**").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.requestCache().requestCache(new NullRequestCache());
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 19
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout")
.deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example 20
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
