org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest Java Examples

The following examples show how to use org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ResourceServerConfiguration.java    From open-cloud with MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            .antMatchers("/login/**","/oauth/**").permitAll()
            // 监控端点内部放行
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").permitAll()
            .and()
            .logout().permitAll()
            // /logout退出清除cookie
            .addLogoutHandler(new CookieClearingLogoutHandler("token", "remember-me"))
            .logoutSuccessHandler(new LogoutSuccessHandler())
            .and()
            // 认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable()
            // 禁用httpBasic
            .httpBasic().disable();
}
 
Example #2
Source File: WebSecurityConfig.java    From pivotal-bank-demo with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/", "/registration","/hystrix.stream").permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/login")
            .permitAll()
            .and()
        .logout()
        .logoutSuccessHandler(logoutSuccessHandler)
            .permitAll();
}
 
Example #3
Source File: SecurityConfiguration.java    From flowable-engine with Apache License 2.0 6 votes vote down vote up
protected void configure(HttpSecurity http) throws Exception {

            http
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .csrf()
                .disable();

            http
                .requestMatcher(new ActuatorRequestMatcher())
                .authorizeRequests()
                .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
                .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
                .and().httpBasic();
        }
 
Example #4
Source File: SecurityConfiguration.java    From flowable-engine with Apache License 2.0 6 votes vote down vote up
protected void configure(HttpSecurity http) throws Exception {

            http
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .csrf()
                .disable();

            http
                .requestMatcher(new ActuatorRequestMatcher())
                .authorizeRequests()
                .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
                .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
                .and().httpBasic();
        }
 
Example #5
Source File: SecurityConfiguration.java    From flowable-engine with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

    http
        .sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        .csrf()
        .disable();

    http
        .requestMatcher(new ActuatorRequestMatcher())
        .authorizeRequests()
        .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
        .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
        .and().httpBasic();
}
 
Example #6
Source File: SecurityConfiguration.java    From flowable-engine with Apache License 2.0 6 votes vote down vote up
protected void configure(HttpSecurity http) throws Exception {

            http
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .csrf()
                .disable();

            http
                .requestMatcher(new ActuatorRequestMatcher())
                .authorizeRequests()
                .requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
                .requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
                .and().httpBasic();
        }
 
Example #7
Source File: SecurityConfiguration.java    From skeleton-ws-spring-boot with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(final HttpSecurity http) throws Exception {

    // @formatter:off
    
    http
        .csrf().disable()
        .requestMatcher(EndpointRequest.toAnyEndpoint())
        .authorizeRequests()
            // Permit access to health check
            .requestMatchers(EndpointRequest.to("health")).permitAll()
            // Require authorization for everthing else
            .anyRequest().hasRole("SYSADMIN")
        .and()
        .httpBasic().authenticationEntryPoint(actuatorAuthenticationEntryPoint())
        .and()
        .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS); 
    
    // @formatter:on

}
 
Example #8
Source File: ResourceServerConfiguration.java    From open-cloud with MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            .antMatchers(
                    "/email/**",
                    "/sms/**",
                    "/webhook/**"
            ).permitAll()
            // 指定监控访问权限
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example #9
Source File: ResourceServerConfiguration.java    From open-cloud with MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            // 指定监控访问权限
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example #10
Source File: ResourceServerConfiguration.java    From open-cloud with MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            // 指定监控可访问权限
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example #11
Source File: ResourceServerConfiguration.java    From open-cloud with MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            .antMatchers("/login/**","/oauth/**").permitAll()
            // 监控端点内部放行
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage("/login").permitAll()
            .and()
            .logout().permitAll()
            // /logout退出清除cookie
            .addLogoutHandler(new CookieClearingLogoutHandler("token", "remember-me"))
            .logoutSuccessHandler(new LogoutSuccessHandler())
            .and()
            // 认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable()
            // 禁用httpBasic
            .httpBasic().disable();
}
 
Example #12
Source File: ResourceServerConfiguration.java    From open-cloud with MIT License 6 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            // 监控端点内部放行
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            // fegin访问或无需身份认证
            .antMatchers(
                    "/generate/**"
            ).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example #13
Source File: SecurityConfig.java    From POC with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.csrf().disable().authorizeRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll()
			.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
			.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
			.antMatchers(HttpMethod.OPTIONS, "/**").permitAll().antMatchers(HttpMethod.GET, "/ping").permitAll()
			.antMatchers(HttpMethod.DELETE, "/**").hasRole("ADMIN").antMatchers("/**").hasRole("USER").and()
			.httpBasic();
	// H2 database console runs inside a frame, So we need to disable X-Frame-Options
	// in Spring Security.
	http.headers().frameOptions().disable();
}
 
Example #14
Source File: SecurityConfig.java    From streaming-file-server with MIT License 5 votes vote down vote up
@Override protected void configure(final HttpSecurity http) throws Exception {
  // @formatter:off
  http
      .authorizeRequests()
        /*
        .requestMatchers()
          .antMatchers("/actuator/health")
            .permitAll()
        */
        .requestMatchers(EndpointRequest.to("status", "info", "health"))
          .permitAll()
        .requestMatchers(PathRequest.toStaticResources().atCommonLocations())
          .permitAll()
        .anyRequest()
          .authenticated()
      .and()
        .formLogin()
          .disable()
      .headers()
        .frameOptions()
          .sameOrigin()
      .and()
        .csrf()
          .disable()
        .httpBasic()
      .and()
        .logout()
          .logoutUrl("/disconnect")
          .clearAuthentication(true)
          .invalidateHttpSession(true)
          .permitAll()
  ;
  // @formatter:on
}
 
Example #15
Source File: ActuatorSecurityConfig.java    From gaia with Mozilla Public License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .requestMatcher(EndpointRequest.to("health", "info"))
            .authorizeRequests()
            .anyRequest()
            .permitAll();
}
 
Example #16
Source File: SecurityConfiguration.java    From fortune-teller with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
    .csrf().disable()
    .authorizeRequests()
    .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
    .antMatchers("/**").permitAll()
    .and()
    .httpBasic();
  // @formatter:on
}
 
Example #17
Source File: SecurityConfiguration.java    From fortune-teller with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
      .csrf().disable()
      .authorizeRequests()
      .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
      .antMatchers("/**").permitAll()
      .and()
      .httpBasic();
  // @formatter:on
}
 
Example #18
Source File: EmbeddedConfig.java    From mirrorgate with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(final HttpSecurity http) throws Exception {
    http
        .cors()
        .and()
        .csrf()
        .disable()
        .authorizeRequests()
        .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // Disabling actuation security
}
 
Example #19
Source File: ActuatorSecurityConfiguration.java    From spring-security-oauth2-boot with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	// @formatter:off
	http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest().authenticated().and()
			.httpBasic();
	// @formatter:on
}
 
Example #20
Source File: DemoSecurity.java    From ssh-shell-spring-boot with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .requestMatchers(EndpointRequest.to("info")).permitAll()
            .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR");
}
 
Example #21
Source File: ActuatorEndpointsConfiguration.java    From kork with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
  // The health endpoint should always be exposed without auth.
  http.requestMatcher(EndpointRequest.to(HealthEndpoint.class))
      .authorizeRequests()
      .anyRequest()
      .permitAll();
}
 
Example #22
Source File: SpringSecurityConfig.java    From pacbot with Apache License 2.0 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	http.anonymous().and().antMatcher("/user").authorizeRequests()
	.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().
        antMatchers(AUTH_WHITELIST).permitAll().
        anyRequest().authenticated()
	.and()
       .csrf()
       .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
 
Example #23
Source File: ResourceServerConfiguration.java    From open-cloud with MIT License 5 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
            .and()
            .authorizeRequests()
            // 监控端点内部放行
            .requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
            // fegin访问或无需身份认证
            .antMatchers(
                    "/authority/access",
                    "/authority/app",
                    "/app/*/info",
                    "/app/client/*/info",
                    "/gateway/api/**",
                    "/user/add/thirdParty",
                    "/user/info",
                    "/user/login",
                    "/developer/add/thirdParty",
                    "/developer/info",
                    "/developer/login"
            ).permitAll()
            .anyRequest().authenticated()
            .and()
            //认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
            .exceptionHandling()
            .accessDeniedHandler(new OpenAccessDeniedHandler())
            .authenticationEntryPoint(new OpenAuthenticationEntryPoint())
            .and()
            .csrf().disable();
}
 
Example #24
Source File: ActuatorSecurityConfig.java    From spring-in-action-5-samples with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
    .requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
    .authorizeRequests()
      .anyRequest().hasRole("ADMIN")
      
    .and()
  
    .httpBasic();
  // @formatter:on
}
 
Example #25
Source File: ActuatorSecurityConfig.java    From spring-in-action-5-samples with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
    .requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
    .authorizeRequests()
      .anyRequest().hasRole("ADMIN")
      
    .and()
  
    .httpBasic();
  // @formatter:on
}
 
Example #26
Source File: ActuatorSecurityConfig.java    From spring-in-action-5-samples with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
    .requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
    .authorizeRequests()
      .anyRequest().hasRole("ADMIN")
      
    .and()
  
    .httpBasic();
  // @formatter:on
}
 
Example #27
Source File: ActuatorSecurityConfig.java    From spring-in-action-5-samples with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
  // @formatter:off
  http
    .requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
    .authorizeRequests()
      .anyRequest().hasRole("ADMIN")
      
    .and()
  
    .httpBasic();
  // @formatter:on
}
 
Example #28
Source File: AuthorizationApplication.java    From Spring with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
       http
           .requestMatcher(EndpointRequest.toAnyEndpoint())
               .authorizeRequests()
                   .requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll()
           .anyRequest().authenticated()
           .and()
           .httpBasic();
	}
 
Example #29
Source File: SpringSecurityHttpEndpointsBootstrap.java    From thinking-in-spring-boot-samples with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.requestMatcher(EndpointRequest.toAnyEndpoint())
            .authorizeRequests().anyRequest().hasRole("ENDPOINT_ADMIN")
            .and()
            .httpBasic();
}
 
Example #30
Source File: SecurityConfig.java    From Spring-Boot-2.0-Projects with MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.httpBasic().and()
            .authorizeRequests()
            .requestMatchers(EndpointRequest.to("info", "health")).permitAll()
            .requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("SYSTEM")
            .antMatchers("/**").hasRole("USER");

}