Example usage for org.springframework.security.config.annotation.web.builders HttpSecurity authorizeRequests

List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity authorizeRequests

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.config.annotation.web.builders.*
  5. HttpSecurity
  6. authorizeRequests

Introduction

In this page you can find the example usage for org.springframework.security.config.annotation.web.builders HttpSecurity authorizeRequests.

Prototype

public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
        throws Exception

Source Link

Document

Allows restricting access based upon the HttpServletRequest using <h2>Example Configurations</h2> The most basic example is to configure all URLs to require the role "ROLE_USER".

Usage

From source file:com.ericsson.eiffel.remrem.generate.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    LOGGER.debug("LDAP authentication enabled");
    http.authorizeRequests().anyRequest().authenticated().and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and().httpBasic().and().csrf().disable();

}

From source file:cn.net.withub.demo.bootsec.hello.config.WebSecurityConfig.java

/**
 * ???//from   ww w  . ja  v  a  2  s.co m
 *
 * @param http
 * @throws Exception
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/", "/home").permitAll().antMatchers("/admin/**").hasRole("ADMIN") ///admin/?URL???admin?
            .anyRequest().authenticated() //URL??
            .and().formLogin() //Java???POST???/login???username??password??
            .loginPage("/login").permitAll() //???GET?/login??
            .and().logout().permitAll() //(??)??/login??/login?error?permitAll()?formLogin()URL
            .and().exceptionHandling().accessDeniedPage("/error.html");
}

From source file:de.fau.amos4.configuration.SecurityConfiguration.java

/**
 * This is the generic security configuration. Further detailed configuration can be provided
 * using i.e. @PreAuthorize on request mappings.
 * //  w w  w  .ja va  2 s.c o m
 * @param http
 * @throws Exception
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()

            // Allow access to the front page.
            .antMatchers("/").permitAll()
            // Allow access to the register page.
            .antMatchers("/client/register").permitAll()
            // Allow access to the submit registration page.
            .antMatchers("/client/submit").permitAll()
            // Allow access to the confirm page.
            .antMatchers("/client/confirm").permitAll()
            // Allow access to the forgot password page.
            .antMatchers("/client/forgotPassword").permitAll()
            //Allow access to FrontPage
            .antMatchers("/employee/token").permitAll().antMatchers("/employee/token/submit").permitAll()
            .antMatchers("/employee/token/wrong").permitAll().antMatchers("/employee/token/preview").permitAll()
            .antMatchers("/employee/confirm").permitAll().antMatchers("/employee/edit/confirm").permitAll()
            .antMatchers("/employee/edit/submit").permitAll().antMatchers("/employee/download/text").permitAll()
            .antMatchers("/employee/download/zip").permitAll().antMatchers("/employee/edit").permitAll()
            .antMatchers("/employee/edit/submit").permitAll().anyRequest().fullyAuthenticated()

            .and()

            // Login page at /login with email as username
            .formLogin().loginPage("/").loginProcessingUrl("/").defaultSuccessUrl("/client/dashboard")
            .usernameParameter("email").failureUrl("/?m=invalid").permitAll()

            .and()

            // Logout page at /logout with redirect to home on logout and cookie removal
            .logout().logoutUrl("/client/logout").deleteCookies("remember-me").logoutSuccessUrl("/").permitAll()

            .and()

            // Enable the "remember me" functionality (using a cookie).
            .rememberMe();
}

From source file:com.opiframe.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    //http.headers().cacheControl().disable();
    //http.headers().defaultsDisabled();
    http.authorizeRequests().antMatchers("/test1", "/test2").permitAll().antMatchers("/api/**")
            .access("hasRole('ROLE_ADMIN')").antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")
            .and().formLogin().defaultSuccessUrl("/api/teachers").loginPage("/login").failureUrl("/login?error")
            .usernameParameter("username").passwordParameter("password").and().logout()
            .logoutSuccessUrl("/login?logout").and().csrf().and().exceptionHandling().accessDeniedPage("/403");
}

From source file:org.devgateway.toolkit.web.spring.WebSecurityConfig.java

@Override
protected void configure(final HttpSecurity http) throws Exception {
    http.authorizeRequests().expressionHandler(webExpressionHandler()) // inject role hierarchy
            .anyRequest().authenticated().and().formLogin().loginPage("/login").permitAll().and().requestCache()
            .and().logout().permitAll().and().sessionManagement().and().csrf().disable();
    http.addFilter(securityContextPersistenceFilter());
}

From source file:org.jblogcms.core.config.SecurityContext.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().expressionHandler(webExpressionHandler())
            .antMatchers("/auth/**", "/login", "/signup/**", "/registration/**", "/**").permitAll()

            .and().formLogin().loginPage("/login").loginProcessingUrl("/login/authenticate")
            .failureUrl("/login?error=bad_credentials")

            .and().logout().deleteCookies("JSESSIONID").logoutUrl("/logout").logoutSuccessUrl("/login")

            .and().apply(new SpringSocialConfigurer());
}

From source file:org.jasig.portlet.survey.security.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    processingFilter.setAuthenticationManager(authenticationManager());

    http.authorizeRequests().antMatchers("/v1/**").hasRole("USER").anyRequest().authenticated().and().jee()
            .j2eePreAuthenticatedProcessingFilter(processingFilter).and().sessionManagement().sessionFixation()
            .none().sessionCreationPolicy(SessionCreationPolicy.NEVER).and().csrf().disable();

}

From source file:com.bcknds.demo.oauth2.security.ResourceServer.java

@Override
public void configure(HttpSecurity http) throws Exception {

    // oauth/token enpoint should be insecure since it is the security entry point
    http.authorizeRequests().antMatchers("/oauth/token").anonymous();

    // GET requests for secure need the read scope
    http.authorizeRequests().antMatchers(HttpMethod.GET, "/secure**").access("#oauth2.hasScope('read')");

    // All requests except GET require the write scope. These are not specified since
    //   the permissions fall down and GET is above this one.
    http.authorizeRequests().antMatchers("/secure**").access("#oauth2.hasScope('write')");
}

From source file:shiver.me.timbers.spring.security.integration.AllApplyAuthenticationConfiguration.java

@Override
protected final void configure(HttpSecurity http) throws Exception {
    http.apply(jwt());/*www  .  j  a  v  a2  s . c om*/
    http.antMatcher("/all/**");
    http.csrf().disable();
    http.authorizeRequests().antMatchers("/all/one").access("hasRole('ONE')").antMatchers("/all/two")
            .access("hasRole('TWO')").anyRequest().authenticated();
    http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/all/signIn")
            .permitAll();
    http.logout().logoutUrl("/all/signOut").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler());
    http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());
}