org.springframework.security.config.http.SessionCreationPolicy Java Examples
The following examples show how to use
org.springframework.security.config.http.SessionCreationPolicy.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: DefaultResourceServerConf.java From microservices-platform with Apache License 2.0 | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl = setHttp(http)
.authorizeRequests()
.antMatchers(securityProperties.getIgnore().getUrls()).permitAll()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.anyRequest();
setAuthenticate(authorizedUrl);
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.httpBasic().disable()
.headers()
.frameOptions().disable()
.and()
.csrf().disable();
}
Example #2
| Source File: WebSecurityConfig.java From XS2A-Sandbox with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/v1/**")
.authorizeRequests()
.antMatchers(APP_WHITELIST).permitAll()
.and()
.authorizeRequests().anyRequest()
.authenticated()
.and()
.httpBasic()
.disable();
http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.headers().frameOptions().disable();
http.addFilterBefore(new LoginAuthenticationFilter(userMgmtRestClient), BasicAuthenticationFilter.class);
http.addFilterBefore(new TokenAuthenticationFilter(userMgmtRestClient, authInterceptor), BasicAuthenticationFilter.class);
}
Example #3
| Source File: WebSecurityConfig.java From Blog with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
//禁用csrf
//options全部放行
//post put delete get 全部拦截校验
httpSecurity.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.POST).authenticated()
.antMatchers(HttpMethod.PUT).authenticated()
.antMatchers(HttpMethod.DELETE).authenticated()
.antMatchers(HttpMethod.GET).authenticated();
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
httpSecurity.headers().cacheControl();
}
Example #4
| Source File: BrowerSecurityConfig.java From WeEvent with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().accessDeniedHandler(jsonAccessDeniedHandler);
http.formLogin() // define user login page
.loginPage("/user/require")
.loginProcessingUrl("/user/login")
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
.successHandler(authenticationSuccessHandler) // if login success
.failureHandler(loginfailHandler) // if login fail
.and()
.addFilterAfter(new UserFilter(), LoginFilter.class)
.addFilter(new LoginFilter(authenticationManagerBean(), authenticationSuccessHandler,loginfailHandler))
.authorizeRequests()
.antMatchers("/user/**", "/", "/static/**", "/weevent-governance/user/**").permitAll()
.anyRequest().authenticated()
.and().csrf()
.disable().httpBasic().authenticationEntryPoint(jsonAuthenticationEntryPoint)
.disable().cors().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().logout().logoutUrl("/user/logout")
.logoutSuccessHandler(jsonLogoutSuccessHandler)
.permitAll();
}
Example #5
| Source File: MicroserviceSecurityConfiguration.java From cubeai with Apache License 2.0 | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.ignoringAntMatchers("/h2-console/**")
.ignoringAntMatchers("/umu/api/ueditor")
.ignoringAntMatchers("/ability/model/**")
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.addFilterBefore(corsFilter, CsrfFilter.class)
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/profile-info").permitAll()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/swagger-resources/configuration/ui").permitAll();
}
Example #6
| Source File: WebSecurityConfiguration.java From MyShopPlus with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
/**
* 将授权访问配置改为注解方式
* @see LoginController#info()
*/
http.exceptionHandling()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// http.exceptionHandling()
// .and()
// .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// .and()
// .authorizeRequests()
// // 授权访问
// .antMatchers("/user/info").hasAuthority("USER")
// .antMatchers("/user/logout").hasAuthority("USER");
}
Example #7
| Source File: WebSecurityConfig.java From XS2A-Sandbox with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers(APP_INDEX_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(APP_SCA_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(APP_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(SWAGGER_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(ACTUATOR_WHITELIST).permitAll()
.and()
.cors()
.and()
.authorizeRequests().anyRequest().authenticated();
http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.headers().frameOptions().disable();
http.addFilterBefore(new JWTAuthenticationFilter(tokenAuthenticationService), BasicAuthenticationFilter.class);
}
Example #8
| Source File: SecurityConfig.java From spring-security-samples with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
// require the user to have the "dummy" role
.antMatchers("/**").hasRole("dummy")
.anyRequest().authenticated()
.and()
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(jwtAuthenticationConverter());
}
Example #9
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
// 监控端点内部放行
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
// fegin访问或无需身份认证
.antMatchers(
"/generate/**"
).permitAll()
.anyRequest().authenticated()
.and()
//认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable();
}
Example #10
| Source File: JwtSecurityConfiguration.java From cola with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests()
.antMatchers("/login", "/logout", "/error").permitAll()
.and()
.formLogin()
.loginProcessingUrl("/login")
.failureHandler(this.failureHandler())
.successHandler(this.successHandler())
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessHandler(new JwtLogoutSuccessHandler())
.and()
.exceptionHandling().authenticationEntryPoint(new JwtAuthenticationEntryPoint())
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterAfter(this.jwtAuthenticationFilter, SecurityContextPersistenceFilter.class);
}
Example #11
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
// 动态权限验证
.anyRequest().access("@accessManager.check(request,authentication)")
.and()
//认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
.exceptionHandling()
.accessDeniedHandler(new JsonAccessDeniedHandler(accessLogService))
.authenticationEntryPoint(new JsonAuthenticationEntryPoint(accessLogService))
.and()
.csrf().disable();
// 日志前置过滤器
http.addFilterBefore(new PreRequestFilter(), AbstractPreAuthenticatedProcessingFilter.class);
// 签名验证过滤器
http.addFilterAfter(new PreSignatureFilter(baseAppServiceClient, apiProperties,new JsonSignatureDeniedHandler(accessLogService)), AbstractPreAuthenticatedProcessingFilter.class);
// 访问验证前置过滤器
http.addFilterAfter(new PreCheckFilter(accessManager, new JsonAccessDeniedHandler(accessLogService)), AbstractPreAuthenticatedProcessingFilter.class);
}
Example #12
| Source File: GlobalSecurityConfig.java From airsonic-advanced with GNU General Public License v3.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http = http.addFilter(new WebAsyncManagerIntegrationFilter());
http = http.addFilterBefore(jwtAuthFilter(), UsernamePasswordAuthenticationFilter.class);
http
.antMatcher("/ext/**")
.csrf().requireCsrfProtectionMatcher(csrfSecurityRequestMatcher).and()
.headers().frameOptions().sameOrigin().and()
.authorizeRequests()
.antMatchers(
"/ext/stream/**",
"/ext/coverArt*",
"/ext/share/**",
"/ext/hls/**")
.hasAnyRole("TEMP", "USER").and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.exceptionHandling().and()
.securityContext().and()
.requestCache().and()
.anonymous().and()
.servletApi();
}
Example #13
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
.antMatchers("/login/**","/oauth/**").permitAll()
// 监控端点内部放行
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.and()
.logout().permitAll()
// /logout退出清除cookie
.addLogoutHandler(new CookieClearingLogoutHandler("token", "remember-me"))
.logoutSuccessHandler(new LogoutSuccessHandler())
.and()
// 认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable()
// 禁用httpBasic
.httpBasic().disable();
}
Example #14
| Source File: TppWebSecurityConfig.java From XS2A-Sandbox with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests().antMatchers(INDEX_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(APP_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(ACTUATOR_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(SWAGGER_WHITELIST).permitAll()
.and()
.cors()
.and()
.authorizeRequests().anyRequest().authenticated();
http.headers().frameOptions().disable();
http.httpBasic().disable();
http.addFilterBefore(new DisableEndpointFilter(environment), BasicAuthenticationFilter.class);
http.addFilterBefore(new LoginAuthenticationFilter(userMgmtStaffRestClient), BasicAuthenticationFilter.class);
http.addFilterBefore(new TokenAuthenticationFilter(ledgersUserMgmt, authInterceptor), BasicAuthenticationFilter.class);
}
Example #15
| Source File: MicroserviceSecurityConfiguration.java From cubeai with Apache License 2.0 | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/profile-info").permitAll()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/swagger-resources/configuration/ui").permitAll();
}
Example #16
| Source File: MicroserviceSecurityConfiguration.java From cubeai with Apache License 2.0 | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/profile-info").permitAll()
.antMatchers("/api/solutions").permitAll()
.antMatchers("/model/ability").permitAll()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/swagger-resources/configuration/ui").permitAll();
}
Example #17
| Source File: WebSecurityConfig.java From spring-security with Apache License 2.0 | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http
.cors()
.and().csrf().disable();//开启跨域
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
/*匿名请求:不需要进行登录拦截的url*/
.authorizeRequests()
.antMatchers("/getVerifyCode", "/auth/**").permitAll()
.anyRequest().authenticated()//其他的路径都是登录后才可访问
.and()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.accessDeniedHandler(accessDeniedHandler);
http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
http.headers().cacheControl();
}
Example #18
| Source File: MicroserviceSecurityConfiguration.java From cubeai with Apache License 2.0 | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/profile-info").permitAll()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/swagger-resources/configuration/ui").permitAll();
}
Example #19
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
// 指定监控可访问权限
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.anyRequest().authenticated()
.and()
//认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable();
}
Example #20
| Source File: JWTWebSecurityConfig.java From spring-boot-vuejs-fullstack-examples with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(jwtUnAuthorizedResponseAuthenticationEntryPoint).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.anyRequest().authenticated();
httpSecurity
.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
httpSecurity
.headers()
.frameOptions().sameOrigin() //H2 Console Needs this setting
.cacheControl(); //disable caching
}
Example #21
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
// 指定监控访问权限
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.anyRequest().authenticated()
.and()
//认证鉴权错误处理
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable();
}
Example #22
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
.antMatchers(
"/email/**",
"/sms/**",
"/webhook/**"
).permitAll()
// 指定监控访问权限
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.anyRequest().authenticated()
.and()
//认证鉴权错误处理
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable();
}
Example #23
| Source File: JWTWebSecurityConfig.java From pcf-crash-course-with-spring-boot with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(jwtUnAuthorizedResponseAuthenticationEntryPoint).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.anyRequest().authenticated();
httpSecurity
.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
httpSecurity
.headers()
.frameOptions().sameOrigin() //H2 Console Needs this setting
.cacheControl(); //disable caching
}
Example #24
| Source File: WebSecurityConfig.java From spring-boot-study with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// 本示例不需要使用CSRF
httpSecurity.csrf().disable()
// 认证页面不需要权限
.authorizeRequests().antMatchers("/authenticate").permitAll().
//其他页面
anyRequest().authenticated().and().
//登录页面 模拟客户端
formLogin().loginPage("/login.html").permitAll().and().
// store user's state.
exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
//不使用session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//验证请求是否正确
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
Example #25
| Source File: MicroserviceSecurityConfiguration.java From cubeai with Apache License 2.0 | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/profile-info").permitAll()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/swagger-resources/configuration/ui").permitAll();
}
Example #26
| Source File: OAuth2SecurityConfiguration.java From flair-registry with Apache License 2.0 | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.requestMatcher(authorizationHeaderRequestMatcher())
.authorizeRequests()
.antMatchers("/services/**").authenticated()
.antMatchers("/api/profile-info").permitAll()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN);
}
Example #27
| Source File: JWTWebSecurityConfig.java From docker-crash-course with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(jwtUnAuthorizedResponseAuthenticationEntryPoint).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.anyRequest().authenticated();
httpSecurity
.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
httpSecurity
.headers()
.frameOptions().sameOrigin() //H2 Console Needs this setting
.cacheControl(); //disable caching
}
Example #28
| Source File: SecurityConfig.java From HIS with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf
.disable()
.sessionManagement()// 基于token,所以不需要session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/swagger-resources/**",
"/v2/api-docs/**",
"/app/**"
)
.permitAll()
.antMatchers("/staff/login", "/staff/register")// 对登录注册要允许匿名访问
.permitAll()
.antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
.permitAll()
.antMatchers("/**")//测试时全部运行访问
.permitAll()
.anyRequest()// 除上面外的所有请求全部需要鉴权认证
.authenticated();
// 禁用缓存
httpSecurity.headers().frameOptions().disable().cacheControl();
// 添加JWT filter
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//添加自定义未授权和未登录结果返回
httpSecurity.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler)
.authenticationEntryPoint(restAuthenticationEntryPoint);
}
Example #29
| Source File: SecurityConfig.java From mall-learning with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf
.disable()
.sessionManagement()// 基于token,所以不需要session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/swagger-resources/**",
"/v2/api-docs/**"
)
.permitAll()
.antMatchers("/admin/login", "/admin/register")// 对登录注册要允许匿名访问
.permitAll()
.antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
.permitAll()
// .antMatchers("/**")//测试时全部运行访问
// .permitAll()
.anyRequest()// 除上面外的所有请求全部需要鉴权认证
.authenticated();
// 禁用缓存
httpSecurity.headers().cacheControl();
// 添加JWT filter
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//添加自定义未授权和未登录结果返回
httpSecurity.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler)
.authenticationEntryPoint(restAuthenticationEntryPoint);
}
Example #30
| Source File: SecurityConfig.java From HIS with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf()// 由于使用的是JWT,我们这里不需要csrf
.disable()
.sessionManagement()// 基于token,所以不需要session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js",
"/swagger-resources/**",
"/v2/api-docs/**"
)
.permitAll()
.antMatchers("/staff/login", "/staff/register")// 对登录注册要允许匿名访问
.permitAll()
.antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
.permitAll()
.antMatchers("/**")//测试时全部运行访问
.permitAll()
.anyRequest()// 除上面外的所有请求全部需要鉴权认证
.authenticated();
// 禁用缓存
httpSecurity.headers().frameOptions().disable().cacheControl();
// 添加JWT filter
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//添加自定义未授权和未登录结果返回
httpSecurity.exceptionHandling()
.accessDeniedHandler(restfulAccessDeniedHandler)
.authenticationEntryPoint(restAuthenticationEntryPoint);
}
