org.springframework.security.web.authentication.logout.LogoutFilter Java Examples

The following examples show how to use org.springframework.security.web.authentication.logout.LogoutFilter. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SpringWebConfig.java    From we-cmdb with Apache License 2.0 6 votes vote down vote up
protected void configureCasAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) throws Exception {
    registry.and()
            .exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint())
            .and()
            .addFilter(casAuthenticationFilter())
            .addFilterBefore(logoutFilter(), LogoutFilter.class)
            .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
            .logout()
            .permitAll()
            .and()
            .csrf()
            .disable();
            //.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
 
Example #2
Source File: KeycloakWebSecurityConfigurerAdapter.java    From keycloak with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

    http
            .csrf().requireCsrfProtectionMatcher(keycloakCsrfRequestMatcher())
            .and()
            .sessionManagement()
            .sessionAuthenticationStrategy(sessionAuthenticationStrategy())
            .and()
            .addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
            .addFilterBefore(keycloakAuthenticationProcessingFilter(), LogoutFilter.class)
            .addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.class)
            .addFilterAfter(keycloakAuthenticatedActionsRequestFilter(), KeycloakSecurityContextRequestFilter.class)
            .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
            .and()
            .logout()
            .addLogoutHandler(keycloakLogoutHandler())
            .logoutUrl("/sso/logout").permitAll()
            .logoutSuccessUrl("/");
}
 
Example #3
Source File: SecurityConfiguration.java    From demo-spring-security-cas with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling()
			.authenticationEntryPoint(casAuthenticationEntryPoint()).and().addFilter(casAuthenticationFilter())
			.addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class)
			.addFilterBefore(requestCasGlobalLogoutFilter(), LogoutFilter.class);

	http.headers().frameOptions().disable().authorizeRequests().antMatchers("/").permitAll()
			.antMatchers("/login", "/logout", "/secure").authenticated().antMatchers("/filtered")
			.hasAuthority(AuthoritiesConstants.ADMIN).anyRequest().authenticated();

	/**
	 * <logout invalidate-session="true" delete-cookies="JSESSIONID" />
	 */
	http.logout().logoutUrl("/logout").logoutSuccessUrl("/").invalidateHttpSession(true)
			.deleteCookies("JSESSIONID");

	// http.csrf();
}
 
Example #4
Source File: CasConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
/**
 * Request single point exit filter
 */
@Bean
public LogoutFilter casLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(
            casServerLogout,
            new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout");
    return logoutFilter;
}
 
Example #5
Source File: BaseWebSecurityConfig.java    From jump-the-queue with Apache License 2.0 5 votes vote down vote up
/**
 * Create a simple filter that allows logout on a REST Url /services/rest/logout and returns a simple HTTP status 200
 * ok.
 *
 * @return the filter.
 */
protected Filter getSimpleRestLogoutFilter() {

  LogoutFilter logoutFilter = new LogoutFilter(new LogoutSuccessHandlerReturningOkHttpStatusCode(),
      new SecurityContextLogoutHandler());

  // configure logout for rest logouts
  logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/services/rest/logout"));

  return logoutFilter;
}
 
Example #6
Source File: CasConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
/**
 * Request single point exit filter
 */
@Bean
public LogoutFilter casLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(
            casServerLogout,
            new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout");
    return logoutFilter;
}
 
Example #7
Source File: WebSecurityConfig.java    From spring-boot-security-saml-samples with MIT License 5 votes vote down vote up
/**
 * Defines the web based security configuration.
 *
 * @param http It allows configuring web based security for specific http requests.
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    HttpSessionSecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();
    securityContextRepository.setSpringSecurityContextKey("SPRING_SECURITY_CONTEXT_SAML");
    http
            .securityContext()
            .securityContextRepository(securityContextRepository);
    http
            .httpBasic()
            .disable();
    http
            .csrf()
            .disable();
    http
            .addFilterAfter(metadataGeneratorFilter, BasicAuthenticationFilter.class)
            .addFilterAfter(metadataDisplayFilter, MetadataGeneratorFilter.class)
            .addFilterAfter(samlEntryPoint, MetadataDisplayFilter.class)
            .addFilterAfter(samlWebSSOProcessingFilter, SAMLEntryPoint.class)
            .addFilterAfter(samlWebSSOHoKProcessingFilter, SAMLProcessingFilter.class)
            .addFilterAfter(samlLogoutProcessingFilter, SAMLWebSSOHoKProcessingFilter.class)
            .addFilterAfter(samlIDPDiscovery, SAMLLogoutProcessingFilter.class)
            .addFilterAfter(samlLogoutFilter, LogoutFilter.class);
    http
            .authorizeRequests()
            .antMatchers("/", "/error", "/saml/**", "/idpselection").permitAll()
            .anyRequest().authenticated();
    http
            .exceptionHandling()
            .authenticationEntryPoint(samlEntryPoint);
    http
            .logout()
            .disable();
}
 
Example #8
Source File: CasConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
/**
 * Request single point exit filter
 */
@Bean
public LogoutFilter casLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(
            casServerLogout,
            new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout");
    return logoutFilter;
}
 
Example #9
Source File: SecurityConfiguration.java    From demo-spring-security-cas with Apache License 2.0 5 votes vote down vote up
@Bean
public LogoutFilter requestCasGlobalLogoutFilter() {
	LogoutFilter logoutFilter = new LogoutFilter(env.getRequiredProperty(CAS_URL_LOGOUT) + "?service="
			+ env.getRequiredProperty(APP_SERVICE_HOME), new SecurityContextLogoutHandler());
	// logoutFilter.setFilterProcessesUrl("/logout");
	// logoutFilter.setFilterProcessesUrl("/j_spring_cas_security_logout");
	logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/logout", "POST"));
	return logoutFilter;
}
 
Example #10
Source File: CasConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
/**
 * Request single point exit filter
 */
@Bean
public LogoutFilter casLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(
            casServerLogout,
            new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout");
    return logoutFilter;
}
 
Example #11
Source File: CasConfig.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
/**
 * Request single point exit filter
 */
@Bean
public LogoutFilter casLogoutFilter() {
    LogoutFilter logoutFilter = new LogoutFilter(
            casServerLogout,
            new SecurityContextLogoutHandler());
    logoutFilter.setFilterProcessesUrl("/logout");
    return logoutFilter;
}
 
Example #12
Source File: WebSecurityConfig.java    From tutorials with MIT License 5 votes vote down vote up
@Autowired
public WebSecurityConfig(SingleSignOutFilter singleSignOutFilter, LogoutFilter logoutFilter,
                         CasAuthenticationProvider casAuthenticationProvider,
                         ServiceProperties serviceProperties) {
    this.logoutFilter = logoutFilter;
    this.singleSignOutFilter = singleSignOutFilter;
    this.serviceProperties = serviceProperties;
    this.casAuthenticationProvider = casAuthenticationProvider;
}
 
Example #13
Source File: WebSecurityConfig.java    From tutorials with MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers( "/secured", "/login").authenticated()
      .and()
      .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
      .and()
      .addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
      .addFilterBefore(logoutFilter, LogoutFilter.class)
      .csrf().ignoringAntMatchers("/exit/cas");
}
 
Example #14
Source File: CustomSpringSecurityFilterChain.java    From Spring with Apache License 2.0 5 votes vote down vote up
private static List<SecurityFilterChain> filterChains() {
    final List<SecurityFilterChain> filterChain = new ArrayList<>();

    final LogoutFilter customLogoutFilter =
            new LogoutFilter(new CustomLogoutSuccessHandler(), new SecurityContextLogoutHandler());
    customLogoutFilter.setFilterProcessesUrl("/customlogout");
    filterChain.add(new DefaultSecurityFilterChain(
            new AntPathRequestMatcher("/customlogout**"), customLogoutFilter));
    return filterChain;
}
 
Example #15
Source File: SecurityConfiguration.java    From cymbal with Apache License 2.0 5 votes vote down vote up
@Bean
public FilterRegistrationBean logoutFilterRegistrationBean(final LogoutFilter logoutFilter) {
    FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
    filterRegistrationBean.setFilter(logoutFilter);
    filterRegistrationBean.addUrlPatterns("/*");
    filterRegistrationBean.setOrder(2);
    return filterRegistrationBean;
}
 
Example #16
Source File: WebSecurityConfig.java    From dubbo-postman with MIT License 5 votes vote down vote up
/**
 * Spring Security 基本配置
 * @param httpSecurity
 * @throws Exception
 */
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.exceptionHandling()
            .authenticationEntryPoint(getCasAuthenticationEntryPoint())
            .and().addFilter(casAuthenticationFilter())
            .addFilterBefore(logoutFilter(), LogoutFilter.class)
            .authorizeRequests()
            .antMatchers("/js/**", "/css/**", "/imgs/**","/api/**").permitAll()
            .antMatchers("/external/datasource/**").permitAll()
            .anyRequest().authenticated()
            .and().logout().invalidateHttpSession(true).deleteCookies("SESSION").permitAll()
            .and().csrf().disable();
}
 
Example #17
Source File: UserLoginConfigurer.java    From ChengFeng1.5 with MIT License 5 votes vote down vote up
@Override
public void configure(B http) throws Exception {
    authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
    authFilter.setAuthenticationFailureHandler(new UserLoginFailureHandler());
    authFilter.setSessionAuthenticationStrategy(new NullAuthenticatedSessionStrategy());

    UserInfoAuthenticationFilter filter = postProcess(authFilter);
    http.addFilterAfter(filter, LogoutFilter.class);
}
 
Example #18
Source File: TokenLoginConfigurer.java    From ChengFeng1.5 with MIT License 5 votes vote down vote up
@Override
public void configure(B http) throws Exception {
	authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
	authFilter.setAuthenticationFailureHandler(new TokenRefreshFailureHandler());

	TokenAuthenticationFilter filter = postProcess(authFilter);
	http.addFilterBefore(filter, LogoutFilter.class);
}
 
Example #19
Source File: SpringWebConfig.java    From we-cmdb with Apache License 2.0 4 votes vote down vote up
public LogoutFilter logoutFilter() {
    return new LogoutFilter(securityProperties.getCasServerUrl() + "/logout?service=" + getServerUrl(), new SecurityContextLogoutHandler());
}
 
Example #20
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example #21
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example #22
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example #23
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example #24
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.addFilterAt(casFilter, CasAuthenticationFilter.class);

    http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl(casServerLogout)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();


    // Exception Handling
    http.exceptionHandling()
            .authenticationEntryPoint(casAuthenticationEntryPoint)
            .accessDeniedPage("/errors/403")
    ;


    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example #25
Source File: AtlasSecurityConfig.java    From atlas with Apache License 2.0 4 votes vote down vote up
protected void configure(HttpSecurity httpSecurity) throws Exception {
    //@formatter:off
    httpSecurity
            .authorizeRequests().anyRequest().authenticated()
            .and()
                .headers()
            .addHeaderWriter(new StaticHeadersWriter(HeadersUtil.CONTENT_SEC_POLICY_KEY, HeadersUtil.headerMap.get(HeadersUtil.CONTENT_SEC_POLICY_KEY)))
            .addHeaderWriter(new StaticHeadersWriter(SERVER_KEY, HeadersUtil.headerMap.get(SERVER_KEY)))
                    .and()
                .servletApi()
            .and()
                .csrf().disable()
                .sessionManagement()
                .enableSessionUrlRewriting(false)
                .sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
                .sessionFixation()
                .newSession()
            .and()
            .httpBasic()
            .authenticationEntryPoint(getDelegatingAuthenticationEntryPoint())
            .and()
                .formLogin()
                    .loginPage("/login.jsp")
                    .loginProcessingUrl("/j_spring_security_check")
                    .successHandler(successHandler)
                    .failureHandler(failureHandler)
                    .usernameParameter("j_username")
                    .passwordParameter("j_password")
            .and()
                .logout()
                    .logoutSuccessUrl("/login.jsp")
                    .deleteCookies("ATLASSESSIONID")
                    .logoutUrl("/logout.html");

    //@formatter:on

    boolean configMigrationEnabled = !StringUtils.isEmpty(configuration.getString(ATLAS_MIGRATION_MODE_FILENAME));
    if (configuration.getBoolean("atlas.server.ha.enabled", false) ||
            configMigrationEnabled) {
        if(configMigrationEnabled) {
            LOG.info("Atlas is in Migration Mode, enabling ActiveServerFilter");
        } else {
            LOG.info("Atlas is in HA Mode, enabling ActiveServerFilter");
        }
        httpSecurity.addFilterAfter(activeServerFilter, BasicAuthenticationFilter.class);
    }
    httpSecurity
            .addFilterAfter(staleTransactionCleanupFilter, BasicAuthenticationFilter.class)
            .addFilterBefore(ssoAuthenticationFilter, BasicAuthenticationFilter.class)
            .addFilterAfter(atlasAuthenticationFilter, SecurityContextHolderAwareRequestFilter.class)
            .addFilterAfter(csrfPreventionFilter, AtlasAuthenticationFilter.class);

    if (keycloakEnabled) {
        httpSecurity
          .logout().addLogoutHandler(keycloakLogoutHandler()).and()
          .addFilterBefore(keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)
          .addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
          .addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.class)
          .addFilterAfter(keycloakAuthenticatedActionsRequestFilter(), KeycloakSecurityContextRequestFilter.class);
    }
}
 
Example #26
Source File: WebSecurityConfig.java    From dubbo-postman with MIT License 4 votes vote down vote up
public LogoutFilter logoutFilter() {
    LogoutFilter filter = new LogoutFilter(SSO_URL + "/logout"+"?service="+SERVICE_HOME, new SecurityContextLogoutHandler());
    return filter;
}
 
Example #27
Source File: SecurityConfig.java    From spring-rest-server with GNU Lesser General Public License v3.0 3 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

    CustomAuthenticationSuccessHandler successHandler = new CustomAuthenticationSuccessHandler();
    successHandler.headerUtil(headerUtil);

    http.
            addFilterBefore(authenticationFilter(), LogoutFilter.class).

            csrf().disable().

            formLogin().successHandler(successHandler).
            loginProcessingUrl("/login").

            and().

            logout().
            logoutSuccessUrl("/logout").

            and().

            sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).

            and().

            exceptionHandling().
            accessDeniedHandler(new CustomAccessDeniedHandler()).
            authenticationEntryPoint(new CustomAuthenticationEntryPoint()).

            and().

            authorizeRequests().
            antMatchers(HttpMethod.POST, "/login").permitAll().
            antMatchers(HttpMethod.POST, "/logout").authenticated().
            antMatchers(HttpMethod.GET, "/**").hasRole("USER").
            antMatchers(HttpMethod.POST, "/**").hasRole("ADMIN").
            antMatchers(HttpMethod.DELETE, "/**").hasRole("ADMIN").
            anyRequest().authenticated();

}