Example usage for org.springframework.security.config.annotation.web.builders HttpSecurity csrf

List of usage examples for org.springframework.security.config.annotation.web.builders HttpSecurity csrf

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.config.annotation.web.builders.*
  5. HttpSecurity
  6. csrf

Introduction

In this page you can find the example usage for org.springframework.security.config.annotation.web.builders HttpSecurity csrf.

Prototype

public CsrfConfigurer<HttpSecurity> csrf() throws Exception

Source Link

Document

Adds CSRF support.

Usage

From source file:shiver.me.timbers.spring.security.integration.AllApplyAuthenticationConfiguration.java

@Override
protected final void configure(HttpSecurity http) throws Exception {
    http.apply(jwt());/*from   www  .  ja v a2 s. c o  m*/
    http.antMatcher("/all/**");
    http.csrf().disable();
    http.authorizeRequests().antMatchers("/all/one").access("hasRole('ONE')").antMatchers("/all/two")
            .access("hasRole('TWO')").anyRequest().authenticated();
    http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/all/signIn")
            .permitAll();
    http.logout().logoutUrl("/all/signOut").logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler());
    http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());
}

From source file:net.prasenjit.auth.config.SecurityConfig.java

/**
 * {@inheritDoc}//from  w w w .j  a  v a  2  s.c o m
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    //@formatter:off
    http.csrf().csrfTokenRepository(csrfTokenRepository()).and().exceptionHandling()
            .accessDeniedHandler(ajaxAwareHandler).authenticationEntryPoint(ajaxAwareHandler).and().formLogin()
            .loginPage("/login").permitAll().loginProcessingUrl("/api/login").successHandler(ajaxAwareHandler)
            .failureHandler(ajaxAwareHandler).and().logout().logoutUrl("/api/logout")
            .logoutSuccessHandler(ajaxAwareHandler).invalidateHttpSession(true).permitAll().and()
            .authorizeRequests().antMatchers(HttpMethod.PUT, "/api/user").anonymous().anyRequest()
            .authenticated().and().addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class);
    //@formatter:on
}

From source file:com.angular2.security.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().anyRequest().fullyAuthenticated();
    http.httpBasic();// ww  w  . jav a  2  s.co m
    http.csrf().disable();
}

From source file:hr.foi.sis.conf.ConfSecurity.java

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.sessionManagement().maximumSessions(1);

    http.csrf().disable().authorizeRequests().antMatchers("/admin-page.html").access("hasRole('ROLE_ADMIN')")
            .antMatchers("/user-page.html").access("isAuthenticated()")
            .antMatchers("/index.html", "/register.html", "spring-security.css").permitAll()
            .antMatchers("/register.html").permitAll().and().formLogin().loginPage("/login.html")
            .usernameParameter("username").passwordParameter("password").failureUrl("/login-error.html")
            .defaultSuccessUrl("/user-page.html").and().logout().logoutUrl("/logout")
            .logoutSuccessUrl("/index.html").and().exceptionHandling()
            .accessDeniedPage("/acces-denied-page.html").and().headers().xssProtection();

    //CsrfTokenResponseHeaderBindingFilter csrfTokenFilter = new CsrfTokenResponseHeaderBindingFilter();    
    //http.addFilterAfter(csrfTokenFilter, CsrfFilter.class);

}

From source file:shiver.me.timbers.spring.security.integration.JwtCustomPrincipleSecurityConfigurationApply.java

@Override
protected final void configure(HttpSecurity http) throws Exception {
    http.apply(jwt());/* w  w w .  j a v a  2s .  c o  m*/
    http.antMatcher("/custom/**");
    http.csrf().disable();
    http.authorizeRequests().anyRequest().authenticated();
    http.formLogin().successHandler(new NoRedirectAuthenticationSuccessHandler()).loginPage("/custom/signIn")
            .permitAll();
    http.logout().logoutUrl("/custom/signOut")
            .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler());
    http.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());
}

From source file:io.getlime.push.configuration.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().anyRequest().anonymous();
    http.httpBasic().disable();//from   w  w w.j a va2  s  . c om
    http.csrf().disable();
}

From source file:com.avaya.subMgmt.server.SecurityConfigAdapter.java

@Override
public void configure(HttpSecurity http) throws Exception {

    // Start configuration
    http.csrf().disable();

    if ("basic".equals(authType)) {
        http.authorizeRequests().antMatchers("/**").authenticated().and().httpBasic();
    }/*from   w  w  w .  j  av a2 s.c  o  m*/

    if ("digest".equals(authType)) {
        http.exceptionHandling().authenticationEntryPoint(digestEntryPoint());
        http.authorizeRequests().antMatchers("/**").authenticated().and()
                .addFilter(digestAuthenticationFilter(digestEntryPoint()));
    }
}

From source file:org.schedoscope.metascope.config.TestSpringConfiguration.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().anyRequest().permitAll();
    http.csrf().disable();
}

From source file:aka.pirana.springsecurity.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    System.out.println("aka.pirana.springsecurity.config.SecurityConfig.configure(http)");
    http.csrf().disable().authorizeRequests().antMatchers("/login", "/login/form**", "/register", "/logout")
            .permitAll().antMatchers("/admin", "/admin/**").hasRole("ADMIN").anyRequest().authenticated().and()
            .formLogin().loginPage("/login/form").loginProcessingUrl("/login").failureUrl("/login/form?error")
            .permitAll();/*from   w w w . j  a  va2  s  .c o m*/
}

From source file:com.jiwhiz.web.config.SecurityConfig.java

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable() // disable CSRF now. TODO figure out how to config CSRF header in AngularJS
            .authorizeRequests().antMatchers("/api/admin/**").hasAuthority(UserRoleType.ROLE_ADMIN.name())
            .antMatchers("/api/author/**").hasAuthority(UserRoleType.ROLE_AUTHOR.name())
            .antMatchers("/api/user/**").authenticated().antMatchers("/api/public/**").permitAll()
            .antMatchers("/api/currentUser").permitAll().antMatchers("/signin/**").permitAll()
            .antMatchers("/connect/**").permitAll().antMatchers("/dist/**").permitAll().anyRequest()
            .authenticated().and()/*w  w w.  j  av a 2s .c  o m*/
            .addFilterBefore(socialAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class)
            .logout().deleteCookies("JSESSIONID").logoutUrl("/signout").logoutSuccessUrl("/").and().rememberMe()
            .rememberMeServices(rememberMeServices());
}