org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter Java Examples

The following examples show how to use org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityConfiguration.java    From OAuth-2.0-Cookbook with MIT License 7 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
        .addFilterAfter(openIdConnectFilter, OAuth2ClientContextFilter.class)
        .authorizeRequests()
        .antMatchers("/").permitAll().and()
        .authorizeRequests()
        .antMatchers(apiBaseUri).authenticated().and()
        .authorizeRequests().anyRequest().authenticated().and()
        .httpBasic().authenticationEntryPoint(
            new LoginUrlAuthenticationEntryPoint(callbackUri)).and()
            .logout()
            .logoutSuccessUrl("/")
            .permitAll().and()
            .csrf().disable();
}
 
Example #2
Source File: SecurityConfiguration.java    From OAuth-2.0-Cookbook with MIT License 7 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
            .addFilterAfter(openIdConnectFilter, OAuth2ClientContextFilter.class)
            .authorizeRequests()
            .antMatchers("/").permitAll().and()
            .authorizeRequests()
            .antMatchers(apiBaseUri).authenticated().and()
            .authorizeRequests().anyRequest().authenticated().and()
            .httpBasic().authenticationEntryPoint(
            new LoginUrlAuthenticationEntryPoint(callbackUri)).and()
            .logout()
            .logoutSuccessUrl("/")
            .permitAll().and()
            .csrf().disable();
}
 
Example #3
Source File: SecurityConfig.java    From JiwhizBlogWeb with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf().disable() // disable CSRF now. TODO figure out how to config CSRF header in AngularJS
        .authorizeRequests()
            .antMatchers("/api/admin/**").hasAuthority(UserRoleType.ROLE_ADMIN.name())
            .antMatchers("/api/author/**").hasAuthority(UserRoleType.ROLE_AUTHOR.name())
            .antMatchers("/api/user/**").authenticated()
            .antMatchers("/api/public/**").permitAll()
            .antMatchers("/api/currentUser").permitAll()
            .antMatchers("/signin/**").permitAll()
            .antMatchers("/connect/**").permitAll()
            .antMatchers("/dist/**").permitAll()
            .anyRequest().authenticated()
            .and()
        .addFilterBefore(socialAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class)
        .logout()
            .deleteCookies("JSESSIONID")
            .logoutUrl("/signout")
            .logoutSuccessUrl("/")
            .and()
        .rememberMe()
            .rememberMeServices(rememberMeServices());
}
 
Example #4
Source File: SecurityConfig.java    From cloudbreak with Apache License 2.0 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.addFilterAfter(headerAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class)
            .authorizeRequests()
            .antMatchers(V4_API)
            .authenticated()
            .antMatchers(DISTROX_API)
            .authenticated()
            .antMatchers(INTERNAL_DISTROX_API)
            .authenticated()
            .antMatchers(AUTOSCALE_API)
            .authenticated()
            .antMatchers(FLOW_API)
            .authenticated()
            .antMatchers(AUTHORIZATION_API)
            .authenticated()
            .antMatchers(API_ROOT_CONTEXT + "/swagger.json").permitAll()
            .antMatchers(API_ROOT_CONTEXT + "/api-docs/**").permitAll()
            .antMatchers(API_ROOT_CONTEXT + "/**").denyAll();

    http.csrf().disable();

    http.headers().contentTypeOptions();
}
 
Example #5
Source File: SecurityConfig.java    From spring-security-oauth2-demo with GNU General Public License v3.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .apply(smsAuthenticationSecurityConfig)
            .and()
            .authorizeRequests()
            .antMatchers("/code/*").permitAll()
            .antMatchers("/auth/sms").permitAll()
            .antMatchers("/custom/**").permitAll()
            .anyRequest().authenticated()
            .and()
            .csrf().disable()
            .formLogin()
            .and()
            .httpBasic();


    http
            .addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class)
            .addFilterBefore(validateCodeGranterFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #6
Source File: ResourceServerConfiguration.java    From open-cloud with MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            .antMatchers("/").permitAll()
            .anyRequest().authenticated()
            // 动态权限验证
            .anyRequest().access("@accessManager.check(request,authentication)")
            .and()
            //认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new JsonAccessDeniedHandler(accessLogService))
            .authenticationEntryPoint(new JsonAuthenticationEntryPoint(accessLogService))
            .and()
            .csrf().disable();
    // 日志前置过滤器
    http.addFilterBefore(new PreRequestFilter(), AbstractPreAuthenticatedProcessingFilter.class);
    // 签名验证过滤器
    http.addFilterAfter(new PreSignatureFilter(baseAppServiceClient, apiProperties,new JsonSignatureDeniedHandler(accessLogService)), AbstractPreAuthenticatedProcessingFilter.class);
    // 访问验证前置过滤器
    http.addFilterAfter(new PreCheckFilter(accessManager, new JsonAccessDeniedHandler(accessLogService)), AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #7
Source File: SecurityConfig.java    From cloudbreak with Apache License 2.0 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.addFilterAfter(headerAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class)
            .authorizeRequests()
            .antMatchers(API_ROOT_CONTEXT + "/v1/clusters/**").authenticated()
            .antMatchers(API_ROOT_CONTEXT + "/v2/clusters/**").authenticated()
            .antMatchers(API_ROOT_CONTEXT + "/v1/distrox/**").authenticated()
            .antMatchers(API_ROOT_CONTEXT + "/authorization/**").authenticated()
            .antMatchers(API_ROOT_CONTEXT + "/swagger.json").permitAll()
            .antMatchers(API_ROOT_CONTEXT + "/api-docs/**").permitAll()
            .antMatchers(API_ROOT_CONTEXT + "/**").denyAll()
            .and()
            .csrf()
            .disable()
            .headers()
            .contentTypeOptions();

    http.csrf().disable();

    http.headers().contentTypeOptions();
}
 
Example #8
Source File: HodSecurity.java    From find with MIT License 6 votes vote down vote up
@SuppressWarnings("ProhibitedExceptionDeclared")
@Override
protected void configure(final HttpSecurity http) throws Exception {
    final AuthenticationEntryPoint ssoEntryPoint = new SsoAuthenticationEntryPoint(SsoController.SSO_PAGE);

    final SsoAuthenticationFilter<?> ssoAuthenticationFilter = new SsoAuthenticationFilter<>(SsoController.SSO_AUTHENTICATION_URI, EntityType.CombinedSso.INSTANCE);
    ssoAuthenticationFilter.setAuthenticationManager(authenticationManager());

    final LogoutSuccessHandler logoutSuccessHandler = new HodTokenLogoutSuccessHandler(SsoController.SSO_LOGOUT_PAGE, tokenRepository);

    http.regexMatcher("/public(/.*)?|/sso|/authenticate-sso|/api/authentication/.*|/logout")
        .csrf()
            .disable()
        .exceptionHandling()
            .authenticationEntryPoint(ssoEntryPoint)
            .accessDeniedPage(DispatcherServletConfiguration.AUTHENTICATION_ERROR_PATH)
            .and()
        .authorizeRequests()
            .antMatchers(FindController.APP_PATH + "/**").hasRole(FindRole.USER.name())
            .and()
        .logout()
            .logoutSuccessHandler(logoutSuccessHandler)
            .and()
        .addFilterAfter(ssoAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #9
Source File: SecurityConfiguration.java    From OAuth-2.0-Cookbook with MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
        .addFilterAfter(facebookLoginFilter, OAuth2ClientContextFilter.class)
        .authorizeRequests()
        .antMatchers("/", "/callback").permitAll().and()
        .authorizeRequests()
        .antMatchers("/profile/*").authenticated().and()
        .authorizeRequests().anyRequest().authenticated().and()
        .httpBasic().authenticationEntryPoint(
            new LoginUrlAuthenticationEntryPoint("/callback")).and()
            .logout().logoutSuccessUrl("/").permitAll().and()
            .headers().frameOptions().disable().and()
            .csrf().disable();
}
 
Example #10
Source File: WebSecurityConfiguration.java    From cola with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {


	captchaAuthenticationFilter.addRequestMatcher(new AntPathRequestMatcher("/login", HttpMethod.POST.name()), this.failureHandler());

	http.setSharedObject(CaptchaAuthenticationFilter.class, captchaAuthenticationFilter);

	http.authorizeRequests()
			.antMatchers("/login", "/logout", "/error").permitAll()
			.antMatchers("/captcha", "/session-invalid").permitAll()
			.and()
			.formLogin()
			.loginProcessingUrl("/login")
			.loginPage("/login")
			.failureHandler(this.failureHandler())
			.successHandler(this.successHandler())
			//.failureHandler(new WebAuthenticationFailureHandler())
			.and()
			.logout()
			.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
			.logoutSuccessUrl("/login?logout")
			.invalidateHttpSession(false)
			.and()
			.addFilterBefore(captchaAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class)
			.sessionManagement()
			.invalidSessionUrl("/session-invalid")
			.maximumSessions(1)
			.expiredUrl("/session-invalid")
			.sessionRegistry(sessionRegistry)
			.and()
			.sessionFixation()
			.migrateSession()
			.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
			.sessionAuthenticationStrategy(sessionAuthenticationStrategy);
}
 
Example #11
Source File: SecurityConfiguration.java    From spring-google-openidconnect with MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.addFilterAfter(oAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class)
            .addFilterAfter(openIdConnectAuthenticationFilter(), OAuth2ClientContextFilter.class)
            .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
            .and().authorizeRequests()
            .antMatchers(GET, "/").permitAll()
            .antMatchers(GET, "/test").authenticated();
}
 
Example #12
Source File: StatelessAuthenticationSecurityConfig.java    From boot-stateless-social with MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	// Set a custom successHandler on the SocialAuthenticationFilter
	final SpringSocialConfigurer socialConfigurer = new SpringSocialConfigurer();
	socialConfigurer.addObjectPostProcessor(new ObjectPostProcessor<SocialAuthenticationFilter>() {
		@Override
		public <O extends SocialAuthenticationFilter> O postProcess(O socialAuthenticationFilter) {
			socialAuthenticationFilter.setAuthenticationSuccessHandler(socialAuthenticationSuccessHandler);
			return socialAuthenticationFilter;
		}
	});

	http.exceptionHandling().and().anonymous().and().servletApi().and().headers().cacheControl().and()
			.authorizeRequests()

			//allow anonymous font and template requests
			.antMatchers("/").permitAll()
			.antMatchers("/favicon.ico").permitAll()
			.antMatchers("/resources/**").permitAll()

			//allow anonymous calls to social login
			.antMatchers("/auth/**").permitAll()

			//allow anonymous GETs to API
			.antMatchers(HttpMethod.GET, "/api/**").permitAll()

			//defined Admin only API area
			.antMatchers("/admin/**").hasRole("ADMIN")

			//all other request need to be authenticated
			.antMatchers(HttpMethod.GET, "/api/users/current/details").hasRole("USER")
			.anyRequest().hasRole("USER").and()

			// add custom authentication filter for complete stateless JWT based authentication
			.addFilterBefore(statelessAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class)

			// apply the configuration from the socialConfigurer (adds the SocialAuthenticationFilter)
			.apply(socialConfigurer.userIdSource(userIdSource));
}
 
Example #13
Source File: SecurityConfiguration.java    From graviteeio-access-management with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

    http.requestMatchers()
        .antMatchers("/auth/authorize", "/auth/login", "/auth/login/callback", "/auth/logout", "/auth/completeProfile", "/auth/assets/**")
        .and()
    .authorizeRequests()
        .antMatchers("/auth/login", "/auth/assets/**").permitAll()
        .anyRequest().authenticated()
        .and()
    .formLogin()
        .loginPage("/auth/login")
        .authenticationDetailsSource(authenticationDetailsSource())
        .successHandler(authenticationSuccessHandler())
        .failureHandler(authenticationFailureHandler())
        .permitAll()
        .and()
    .logout()
        .logoutRequestMatcher(new AntPathRequestMatcher("/auth/logout"))
        .logoutSuccessHandler(new CustomLogoutSuccessHandler())
        .invalidateHttpSession(true)
        .addLogoutHandler(cookieClearingLogoutHandler())
        .and()
    .exceptionHandling()
        .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/auth/login"))
        .and()
    .cors()
        .and()
    .addFilterBefore(new RecaptchaFilter(reCaptchaService, objectMapper), AbstractPreAuthenticatedProcessingFilter.class)
    .addFilterBefore(socialAuthFilter(), AbstractPreAuthenticatedProcessingFilter.class)
    .addFilterBefore(checkAuthCookieFilter(), AbstractPreAuthenticatedProcessingFilter.class);

    csrf(http);
}
 
Example #14
Source File: SsoSecurityConfigurer.java    From spring-security-oauth2-boot with Apache License 2.0 4 votes vote down vote up
@Override
public void configure(HttpSecurity builder) throws Exception {
	OAuth2ClientAuthenticationProcessingFilter ssoFilter = this.filter;
	ssoFilter.setSessionAuthenticationStrategy(builder.getSharedObject(SessionAuthenticationStrategy.class));
	builder.addFilterAfter(ssoFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #15
Source File: JwtUsernamePasswordFiterLoginConfig.java    From quartz-manager with Apache License 2.0 4 votes vote down vote up
@Override
public HttpSecurity login(String loginPath, HttpSecurity http, AuthenticationManager authenticationManager) throws Exception {
  log.debug("Configuring login through JwtAuthenticationFilter...");
  return http.addFilterAfter(authenticationProcessingFilter(loginPath, authenticationManager), AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #16
Source File: ValidateCodeSecurityConfig.java    From codeway_service with GNU General Public License v3.0 4 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	http.addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #17
Source File: ValidateCodeSecurityConfig.java    From blog-sample with Apache License 2.0 4 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    // 注入过滤器
    http.addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #18
Source File: ValidateCodeSecurityConfig.java    From blog-sample with Apache License 2.0 4 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    // 注入过滤器
    http.addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #19
Source File: ValidateCodeSecurityConfig.java    From codeway_service with GNU General Public License v3.0 4 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	http.addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #20
Source File: SmsValidateCodeConfigurer.java    From fast-family-master with Apache License 2.0 4 votes vote down vote up
@Override
public void configure(HttpSecurity builder) throws Exception {
    SmsValidateCodeFilter smsValidateCodeFilter = new SmsValidateCodeFilter();
    builder.addFilterBefore(smsValidateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #21
Source File: ValidateCodeSecurityConfig.java    From microservices-platform with Apache License 2.0 4 votes vote down vote up
@Override
public void configure(HttpSecurity http) {
	http.addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #22
Source File: ValidateCodeSecurityConfig.java    From open-capacity-platform with Apache License 2.0 4 votes vote down vote up
@Override
public void configure(HttpSecurity http) {
	http.addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class);
}
 
Example #23
Source File: ValidateCodeSecurityConfig.java    From paascloud-master with Apache License 2.0 2 votes vote down vote up
/**
 * Configure.
 *
 * @param http the http
 */
@Override
public void configure(HttpSecurity http) {
	http.addFilterBefore(validateCodeFilter, AbstractPreAuthenticatedProcessingFilter.class);
}