List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity authorizeRequests
public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests() throws Exception
From source file:com.castlemock.war.config.SecurityConfig.java
/** * The method configure is responsible for the security configuration. * * @param httpSecurity httpSecurity will be used to configure the authentication process. * @throws Exception Throws an exception if the configuration fails *///from ww w. ja va2 s . c o m @Override protected void configure(final HttpSecurity httpSecurity) throws Exception { httpSecurity.authorizeRequests().antMatchers("/web/**").authenticated().and().formLogin() .loginPage("/login").failureUrl("/login?error").usernameParameter("username") .passwordParameter("password").and().logout().logoutSuccessUrl("/login?logout").and().csrf().and() .rememberMe().tokenRepository(tokenRepository).tokenValiditySeconds(tokenValiditySeconds).and() .exceptionHandling().accessDeniedPage("/forbidden"); httpSecurity.authorizeRequests().antMatchers("/mock/**").permitAll().and().csrf().disable(); httpSecurity.headers().cacheControl().disable(); }
From source file:shiver.me.timbers.spring.security.integration.AllAnnotationAuthenticationConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.antMatcher("/all/**"); http.csrf().disable();//w w w. j a va 2 s. c o m http.authorizeRequests().antMatchers("/all/one").access("hasRole('ONE')").antMatchers("/all/two") .access("hasRole('TWO')").anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/all/signIn") .permitAll(); http.logout().logoutUrl("/all/signOut").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:shiver.me.timbers.spring.security.integration.SpringSecurityConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.antMatcher("/normal/**"); http.csrf().disable();//from w ww .j a va 2s .co m http.authorizeRequests().anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/normal/signIn") .permitAll(); http.logout().logoutUrl("/normal/signOut") .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:ch.javaee.basicMvc.config.SecurityConfig.java
/** * @param http/* w w w . ja v a 2s. c o m*/ * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/users**", "/sessions/**").hasRole("ADMIN") // // everybody can access the main page ("/") and the signup page ("/signup") .antMatchers("/assets/**", "/", "/login", "/signup", "/public/**").permitAll().anyRequest() .hasRole("USER") ; FormLoginConfigurer formLoginConfigurer = http.formLogin(); formLoginConfigurer.loginPage("/login").failureUrl("/login/failure").defaultSuccessUrl("/login/success") .permitAll(); LogoutConfigurer logoutConfigurer = http.logout(); logoutConfigurer.logoutUrl("/logout").logoutSuccessUrl("/logout/success"); }
From source file:com.test.config.BackendConsoleConfig.java
@Override protected void configure(final HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/resources/img/**").permitAll().antMatchers("/login").permitAll() .antMatchers("/**").hasRole("EMPLOYEEGROUP").and().formLogin() .loginProcessingUrl("/j_spring_security_check").loginPage("/login").permitAll() .defaultSuccessUrl("/console").failureHandler(defaultAuthenticationFailureHandler).permitAll().and() .logout().logoutUrl("/j_spring_security_logout").logoutSuccessUrl("/login").permitAll().and() .exceptionHandling().accessDeniedHandler(defaultAccessDeniedHandler); }
From source file:com.miserablemind.butter.security.WebSecurityContext.java
/** * Main configuration method that defines the protected pages, log in form parameters, remember me and access {@link AccessDeniedHandler}. * * @param http A {@link HttpSecurity}. It is similar to Spring Security's XML <http> element in the namespace configuration. * @throws Exception/*from w w w.jav a2 s . com*/ */ @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/login", "/signup", "/error/**", "/reset-password/**", "/forgot-password/**", "/js/**", "/img/**", "/css/**").permitAll().anyRequest() .access("hasRole('ROLE_USER')"); http.formLogin().loginPage("/login").failureUrl("/login?error=true").passwordParameter("password") .usernameParameter("username").loginProcessingUrl("/login-submit").defaultSuccessUrl("/"); http.csrf().disable(); http.logout().invalidateHttpSession(true).logoutUrl("/logout-success"); http.rememberMe().key(this.configSystem.getRememberMeKey()).rememberMeServices(this.rememberMeServices()); http.exceptionHandling().accessDeniedHandler(this.accessDeniedHandler); }
From source file:org.davidmendoza.esu.config.SecurityConfig.java
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN").anyRequest().permitAll().and() .formLogin().loginPage("/login").loginProcessingUrl("/login/authenticate") .failureUrl("/login?error=bad_credentials").successHandler(loginHandler).permitAll().and().logout() .logoutUrl("/logout").logoutSuccessUrl("/").invalidateHttpSession(true); }
From source file:shiver.me.timbers.spring.security.integration.JwtCustomPrincipleSecurityConfigurationAnnotation.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.antMatcher("/custom/**"); http.csrf().disable();/*from w ww. j a v a2 s. c om*/ http.authorizeRequests().anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/custom/signIn") .permitAll(); http.logout().logoutUrl("/custom/signOut") .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:shiver.me.timbers.spring.security.integration.StormpathAuthenticationConfiguration.java
@Override protected final void configure(HttpSecurity http) throws Exception { http.antMatcher("/stormpath/**"); http.csrf().disable();// www.j av a 2 s. c om http.authorizeRequests().antMatchers("/stormpath/one").access("hasRole('ONE')") .antMatchers("/stormpath/two").access("hasRole('TWO')").anyRequest().authenticated(); http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/stormpath/signIn") .permitAll(); http.logout().logoutUrl("/stormpath/signOut") .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()); http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()); }
From source file:org.vaadin.spring.samples.mvp.security.config.HttpSecurityConfigurer.java
void configure(Environment env, ApplicationContext context, HttpSecurity http) throws Exception { // all requests are authenticated http.authorizeRequests().antMatchers("/VAADIN/**", "/PUSH/**", "/UIDL/**", "/login", "/login/**") .permitAll().antMatchers("/**").fullyAuthenticated().and() // Vaadin chokes if this filter is enabled, disable it! .csrf().disable();//from w w w . jav a2 s . c o m // have UI peacefully coexist with Apache CXF web-services String id = env.getProperty("app.security.scheme", Scheme.BASIC.id()); Scheme scheme = Scheme.fromValue(id); switch (scheme) { case FORM: http.formLogin().failureUrl("/login?error").defaultSuccessUrl("/ui").permitAll().and().logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login") .permitAll(); break; case BASIC: http.httpBasic(); break; case DIGEST: // @see http://java.dzone.com/articles/basic-and-digest http.httpBasic(); http.addFilterAfter(context.getBean(DigestAuthenticationFilter.class), BasicAuthenticationFilter.class); break; } // TODO plumb custom HTTP 403 and 404 pages /* http.exceptionHandling().accessDeniedPage("/access?error"); */ }