Example usage for org.springframework.security.config.annotation.web.builders HttpSecurity csrf

List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity csrf

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.config.annotation.web.builders.*
  5. HttpSecurity
  6. csrf

Introduction

In this page you can find the example usage for org.springframework.security.config.annotation.web.builders HttpSecurity csrf.

Prototype

public CsrfConfigurer<HttpSecurity> csrf() throws Exception

Source Link

Document

Adds CSRF support.

Usage

From source file:nl.mawoo.wcmmanager.configuration.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests().antMatchers("/", "/fiddle", "/config").authenticated().and()
            .formLogin().loginPage("/login").permitAll().and().logout().permitAll();
}

From source file:org.opentestsystem.ap.ivs.config.SecurityConfig.java

@Override
public void configure(final HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests().antMatchers("/manage/info*", "/manage/health*", "/api/**")
            .permitAll().anyRequest().authenticated().and().httpBasic();

    // disable page caching
    http.headers().cacheControl();//from   w  w w.  j  ava 2 s  . co  m
}

From source file:fr.putnami.pwt.doc.server.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().and().authorizeRequests().anyRequest().permitAll();
}

From source file:spring.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.authorizeRequests().antMatchers("/test/*").permitAll().antMatchers("/test").permitAll()
            .antMatchers("/reg").permitAll().antMatchers("/create").permitAll().anyRequest().authenticated()
            .and().formLogin().loginPage("/login").loginProcessingUrl("/login").defaultSuccessUrl("/")
            .permitAll().and().logout().permitAll();

}

From source file:uk.ac.soton.itinnovation.sad.service.configuration.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable() // to help with Invalid CSRF token found for http://sad1.it-innovation.soton.ac.uk/SAD/configuration
            .authorizeRequests().antMatchers("/report/**").permitAll().anyRequest().authenticated().and()
            .httpBasic();//from   ww  w .ja  v  a 2  s . co  m
}

From source file:com.github.wnameless.spring.bulkapi.test.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.authorizeRequests().antMatchers("/home").hasRole("USER").and().httpBasic();
    http.authorizeRequests().antMatchers(bulkPath).permitAll();
}

From source file:com.pablinchapin.tiendaliz.configuration.SecurityConfiguration.java

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {

    httpSecurity.csrf().disable().authorizeRequests().antMatchers(HttpMethod.POST, "/api/**").authenticated()
            .antMatchers(HttpMethod.PUT, "/api/**").authenticated().antMatchers(HttpMethod.DELETE, "/api/**")
            .authenticated()//from w  w w.ja v a  2 s .  c  o m

            .anyRequest().permitAll().and().httpBasic().and().sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

}

From source file:capital.scalable.restdocs.example.security.WebSecurityConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
}

From source file:org.opentestsystem.ap.irs.config.SecurityConfig.java

@Override
public void configure(final HttpSecurity http) throws Exception {
    http.csrf().disable().authorizeRequests()
            // Allow access to basic actuator endpoints
            .antMatchers("/manage/info*", "/manage/health*", "/api/**").permitAll().anyRequest().authenticated()
            .and().httpBasic();//w  w  w .ja  v a2  s .  c  om

    // disable page caching
    http.headers().cacheControl();
}

From source file:blankd.acme.pet.licensing.config.security.WebSecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable() //<--- Research why this only allows GET and POST
            .authorizeRequests().antMatchers("/license/find/*").permitAll().antMatchers("/license/").permitAll()
            .antMatchers("/license/new").hasAuthority("ADMIN").antMatchers("/license/assign/*")
            .hasAnyAuthority("CLERK", "ADMIN").antMatchers("/license/assign/force/**").hasAuthority("ADMIN")
            .antMatchers("/license/delete/**").hasAuthority("ADMIN").antMatchers("/account/view/*").permitAll()
            .antMatchers("/pet/new").hasAnyAuthority("CLERK", "ADMIN").antMatchers("/pet/*/update")
            .hasAnyAuthority("CLERK", "ADMIN").antMatchers("/pet/*/delete").hasAnyAuthority("CLERK", "ADMIN")
            .antMatchers("/pet/**").permitAll().antMatchers("/account/new").permitAll()
            .antMatchers("/account/**").hasAnyAuthority("CLERK", "ADMIN").anyRequest().fullyAuthenticated()
            .and().httpBasic().realmName(REALM).authenticationEntryPoint(getMyEntryPoint()).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}