@Override protected void configure(HttpSecurity http) throws Exception { http .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterAfter(facebookLoginFilter, OAuth2ClientContextFilter.class) .authorizeRequests() .antMatchers("/", "/callback").permitAll().and() .authorizeRequests() .antMatchers("/profile/*").authenticated().and() .authorizeRequests().anyRequest().authenticated().and() .httpBasic().authenticationEntryPoint( new LoginUrlAuthenticationEntryPoint("/callback")).and() .logout().logoutSuccessUrl("/").permitAll().and() .headers().frameOptions().disable().and() .csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterAfter(openIdConnectFilter, OAuth2ClientContextFilter.class) .authorizeRequests() .antMatchers("/").permitAll().and() .authorizeRequests() .antMatchers(apiBaseUri).authenticated().and() .authorizeRequests().anyRequest().authenticated().and() .httpBasic().authenticationEntryPoint( new LoginUrlAuthenticationEntryPoint(callbackUri)).and() .logout() .logoutSuccessUrl("/") .permitAll().and() .csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterAfter(filter, OAuth2ClientContextFilter.class) .httpBasic() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/google-login")) .and() .authorizeRequests() .antMatchers("/api/v1/users**").hasAuthority("ADMIN") .antMatchers("/api/v1/notes**").hasAnyAuthority("ADMIN", "AUTHOR") .antMatchers("/").hasAuthority("ADMIN") .antMatchers("/swagger-ui.html").hasAuthority("ADMIN"); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/open/**") .permitAll() .anyRequest() .authenticated() .and() .exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")) .and() .logout() .logoutSuccessUrl("/") .permitAll() .and() .csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); // .csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); // Use Vaadin's built-in CSRF protection instead http.authorizeRequests().antMatchers("/login/**").permitAll() .antMatchers("/password/**").permitAll() .antMatchers("/vaadinServlet/UIDL/**").permitAll() .antMatchers("/vaadinServlet/HEARTBEAT/**").permitAll().anyRequest() .authenticated(); http.httpBasic().disable(); http.formLogin().disable(); http.logout().addLogoutHandler(new VaadinSessionClosingLogoutHandler()) .logoutUrl("/logout").logoutSuccessUrl("/login?logout").permitAll(); http.exceptionHandling().authenticationEntryPoint( new LoginUrlAuthenticationEntryPoint("/login")); // Spring Security must use the same RememberMeServices and // authentication strategy as Vaadin4Spring http.rememberMe().rememberMeServices(rememberMeServices()).key(REMEMBERME_KEY); http.sessionManagement().sessionAuthenticationStrategy(sessionAuthenticationStrategy()); }
@Override protected void configure(HttpSecurity http) throws Exception { logger.debug("Configuring web security"); http.headers().cacheControl().disable(); http.authorizeRequests() // TODO (move img to images) // TODO (move intl to js/intl) .antMatchers("/intl/*", "/img/*", "/fonts/*", "/webjars/**", "/cli/**").permitAll() .regexMatchers("/login\\?.*").permitAll() .anyRequest().fullyAuthenticated() .and() .formLogin() .loginPage("/login").permitAll() .successHandler(new ShowPageAuthenticationSuccessHandler()) .and() .logout().logoutSuccessUrl("/login?logout").permitAll(); http.exceptionHandling().defaultAuthenticationEntryPointFor(new Http401AuthenticationEntryPoint("API_UNAUTHORIZED"), new AntPathRequestMatcher("/api/*")); http.exceptionHandling().defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), new AntPathRequestMatcher("/*")); }
@Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.antMatcher("/**") .authorizeRequests() .antMatchers("/", "/login**", "/webjars/**").permitAll() .anyRequest().authenticated() .and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")) .and().logout().logoutSuccessUrl("/").permitAll() .and().csrf().csrfTokenRepository(csrfTokenRepository()) .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class) .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/user/**").authenticated() .anyRequest().permitAll() .and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")) .and() .formLogin().loginPage("/login").loginProcessingUrl("/login.do").defaultSuccessUrl("/user/info") .failureUrl("/login?err=1") .permitAll() .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/") .permitAll() .and().addFilterBefore(githubFilter(), BasicAuthenticationFilter.class) ; }
/** * Security Config, to allow following requests without authorization. * <ul> * <li>show index.html Landing page</li> * <li>allow loading of compiled JS and CSS</li> * <li>allow loading of files in assets folder, e.g. BootsTrap CSS and BootsTrap or jQuery JS</li> * <li>API requests</li> * </ul> * * @param http {@link HttpSecurity} * @throws Exception {@link Exception} if something goes wrong * @since 1.1.1-SNAPSHOT */ @Override protected void configure(final HttpSecurity http) throws Exception { http .antMatcher("/**") .authorizeRequests() .antMatchers( "/", // allow request to root "/login**", // allow login request "/app/get/**", // allow default "get" requests "/app/update/product/**/download", // allow updates to product, if it gets downloaded "/app/download/product/**", // allow product downloads "/index.html", "/**.js", "/**.css", "/**.woff", "/**.woff2", "/**.ttf", "/assets/**", // static resources "/api**").permitAll() .anyRequest().authenticated() .and().logout().logoutSuccessUrl("/").permitAll() .and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).ignoringAntMatchers("/nocsrf", "/console/**") .and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")) .and().headers().frameOptions().disable() /** * limit access to amazonaws domain */ // .addHeaderWriter(new StaticHeadersWriter("X-FRAME-OPTIONS", "ALLOW-FROM amazonaws.com")) .and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); // Use Vaadin's built-in CSRF protection instead http.authorizeRequests() .antMatchers("/ui/").anonymous() .antMatchers("/ui/login/**").anonymous() .antMatchers("/ui/UIDL/**").permitAll() .antMatchers("/ui/HEARTBEAT/**").permitAll() .antMatchers("/ui/").permitAll() .antMatchers("/ui").denyAll() .anyRequest().authenticated(); http.httpBasic().disable(); http.formLogin().disable(); http.logout() .logoutUrl("/ui/logout") .logoutSuccessUrl("/ui/login?logout") .permitAll(); http.exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/ui/login")); http.rememberMe().rememberMeServices(rememberMeServices()).key("myAppKey"); }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); // Use Vaadin's built-in CSRF protection instead http.authorizeRequests().antMatchers("/login/**").anonymous().antMatchers("/vaadinServlet/UIDL/**") .permitAll().antMatchers("/vaadinServlet/HEARTBEAT/**").permitAll().anyRequest().authenticated(); http.httpBasic().disable(); http.formLogin().disable(); // Remember to add the VaadinSessionClosingLogoutHandler http.logout().addLogoutHandler(new VaadinSessionClosingLogoutHandler()).logoutUrl("/logout") .logoutSuccessUrl("/login?logout").permitAll(); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")); // Instruct Spring Security to use the same RememberMeServices as Vaadin4Spring. Also remember the key. http.rememberMe().rememberMeServices(rememberMeServices()).key("myAppKey"); // Instruct Spring Security to use the same authentication strategy as Vaadin4Spring http.sessionManagement().sessionAuthenticationStrategy(sessionAuthenticationStrategy()); }
@Override protected void configure(HttpSecurity http) throws Exception { //@formatter:off http .antMatcher("/**") .authorizeRequests() .antMatchers("/", "/login**", "/webjars/**").permitAll() .anyRequest().authenticated() .and() .exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")) .and() .logout().logoutSuccessUrl("/").permitAll() .and() .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) .and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); //@formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { //Configure login URL - this is the same URL as LoginUI path LoginUrlAuthenticationEntryPoint authenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/ui/signin"); http .authorizeRequests() .antMatchers("/auth", "/ui/signin", "/ui/signup", "/ui/UIDL/**").permitAll() .antMatchers("/**").authenticated() .and() .exceptionHandling() .authenticationEntryPoint(authenticationEntryPoint) .and() .apply(new VaadinSpringSocialConfigurer().signupUrl("/ui/signup").postLoginUrl("/ui/").postFailureUrl("/ui/signin")) .and() .logout() .logoutSuccessUrl("/ui/signin") .deleteCookies("JSESSIONID") .and() .csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint(); basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm()); basicAuthenticationEntryPoint.afterPropertiesSet(); final Filter oauthFilter = oauthFilter(); final BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter( providerManager(), basicAuthenticationEntryPoint); http.addFilterAfter(oauthFilter, basicAuthenticationFilter.getClass()); http.addFilterBefore(basicAuthenticationFilter, oauthFilter.getClass()); http.addFilterBefore(oAuth2AuthenticationProcessingFilter(), basicAuthenticationFilter.getClass()); this.authorizationProperties.getAuthenticatedPaths().add(dashboard("/**")); this.authorizationProperties.getAuthenticatedPaths().add(dashboard("")); ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security = http.authorizeRequests() .antMatchers(this.authorizationProperties.getPermitAllPaths().toArray(new String[0])) .permitAll() .antMatchers(this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0])) .authenticated(); security = SecurityConfigUtils.configureSimpleSecurity(security, this.authorizationProperties); security.anyRequest().denyAll(); this.securityStateBean.setAuthorizationEnabled(true); http.httpBasic().and() .logout() .logoutSuccessUrl(dashboard("/logout-success-oauth.html")) .and().csrf().disable() .exceptionHandling() .defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/api/**")) .defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/actuator/**")) .defaultAuthenticationEntryPointFor( new LoginUrlAuthenticationEntryPoint(this.authorizationProperties.getLoginProcessingUrl()), AnyRequestMatcher.INSTANCE); this.securityStateBean.setAuthenticationEnabled(true); }
@Override protected void configure(HttpSecurity http) throws Exception { boolean usingFacebookAuthentication = facebook().getClientId() != null && !facebook().getClientId().isEmpty(); if (usingFacebookAuthentication) { // @formatter:off http.antMatcher("/**").authorizeRequests().antMatchers("/**").permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on } else { http.antMatcher("/**").authorizeRequests().anyRequest().permitAll(); } }
@Override @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.formLogin().and().antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/img/**", "/webjars/**").permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); // @formatter:on }
@Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable(); http.headers().frameOptions().sameOrigin(); http.authorizeRequests().antMatchers("/openapi/**", "/vendor/**", "/styles/**", "/scripts/**", "/views/**", "/img/**").permitAll() .antMatchers("/**").hasAnyRole(USER_ROLE); http.formLogin().loginPage("/signin").permitAll().failureUrl("/signin?#/error").and().httpBasic(); http.logout().invalidateHttpSession(true).clearAuthentication(true).logoutSuccessUrl("/signin?#/logout"); http.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/signin")); }
@Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/**").authorizeRequests() .antMatchers("/", "/login**", "/webjars/**").permitAll() .anyRequest().authenticated() .and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")) .and().logout().logoutSuccessUrl("/").permitAll() .and().csrf().csrfTokenRepository(csrfTokenRepository()) .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class) .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { http.antMatcher("/**").authorizeRequests() .antMatchers("/", "/login**", "/webjars/**", "/js/application.js") .permitAll().anyRequest() .authenticated().and().exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout() .logoutSuccessUrl("/").permitAll().and().csrf() .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and() .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/css/**", "/login", "/logout", "/kaptcha.jpg").permitAll() .anyRequest().fullyAuthenticated() .and() .logout().permitAll(); LoginAuthenticationFilter filter = new LoginAuthenticationFilter(); filter.setAuthenticationManager(authenticationManager()); http.addFilterBefore(filter, BasicAuthenticationFilter.class) .exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")); }
@Bean public ExceptionTranslationFilter exceptionTranslationFilter(){ LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/index.xhtml"); entryPoint.setForceHttps(false); AccessDeniedHandlerImpl handler = new AccessDeniedHandlerImpl(); handler.setErrorPage("/index.xhtml"); ExceptionTranslationFilter bean = new ExceptionTranslationFilter(entryPoint); bean.setAccessDeniedHandler(handler); return bean; }
public void configure(HttpSecurity http) throws Exception { OAuth2SsoProperties sso = this.beanFactory.getBean(OAuth2SsoProperties.class); // Delay the processing of the filter until we know the // SessionAuthenticationStrategy is available: http.apply(new OAuth2ClientAuthenticationConfigurer(oauth2SsoFilter(sso))); http.exceptionHandling().authenticationEntryPoint( new LoginUrlAuthenticationEntryPoint(sso.getLoginPath())); }
@Override protected void configure(final HttpSecurity http) throws Exception { // workaround regex: we need to exclude the URL /UI/HEARTBEAT here // because we bound the vaadin application to /UI and not to root, // described in vaadin-forum: // https://vaadin.com/forum#!/thread/3200565. HttpSecurity httpSec = http.regexMatcher("(?!.*HEARTBEAT)^.*\\/UI.*$") // disable as CSRF is handled by Vaadin .csrf().disable(); if (springSecurityProperties.isRequireSsl()) { httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and(); } else { LOG.info( "\"******************\\n** Requires HTTPS Security has been disabled for UI, should only be used for developing purposes **\\n******************\""); } if (!StringUtils.isEmpty(hawkbitSecurityProperties.getContentSecurityPolicy())) { httpSec.headers().contentSecurityPolicy(hawkbitSecurityProperties.getContentSecurityPolicy()); } final SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler(); simpleUrlLogoutSuccessHandler.setTargetUrlParameter("login"); httpSec // UI .authorizeRequests().antMatchers("/UI/login/**").permitAll().antMatchers("/UI/UIDL/**").permitAll() .anyRequest().authenticated().and() // UI login / logout .exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/UI/login/#/")) .and().logout().logoutUrl("/UI/logout").logoutSuccessHandler(simpleUrlLogoutSuccessHandler); }
@Override public void afterPropertiesSet() throws Exception { if(defaultAuthenticationEntryPoint==null){ LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint(securityConfig.getLoginUrl()); entryPoint.setForceHttps(forceHttps); entryPoint.setPortMapper(new PortMapperImpl(){ public Integer lookupHttpsPort(Integer httpPort) { Integer port = super.lookupHttpsPort(httpPort); return port==null?httpsPort:port; } }); PropertyAccessorFactory.forDirectFieldAccess(entryPoint).setPropertyValue("redirectStrategy.contextRelative", contextRelative); this.defaultAuthenticationEntryPoint = entryPoint; } }
@Bean @Autowired public DelegatingAuthenticationEntryPoint delegatingAuthenticationEntryPoint(BasicAuthenticationEntryPoint basic, LoginUrlAuthenticationEntryPoint login) { LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>(); entryPoints.put(new RequestHeaderRequestMatcher("Content-Type", "application/json"), basic); entryPoints.put(new NegatedRequestMatcher(new RequestContainingAcceptTextHeaderRequestMatcher()), basic); DelegatingAuthenticationEntryPoint delegate = new DelegatingAuthenticationEntryPoint(entryPoints); delegate.setDefaultEntryPoint(login); return delegate; }
@SuppressWarnings("ProhibitedExceptionDeclared") @Override protected void configure(final HttpSecurity http) throws Exception { final LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>(); entryPoints.put(new AntPathRequestMatcher("/api/**"), new Http403ForbiddenEntryPoint()); entryPoints.put(AnyRequestMatcher.INSTANCE, new LoginUrlAuthenticationEntryPoint(FindController.DEFAULT_LOGIN_PAGE)); final AuthenticationEntryPoint authenticationEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints); http .csrf() .disable() .exceptionHandling() .authenticationEntryPoint(authenticationEntryPoint) .accessDeniedPage("/authentication-error") .and() .logout() .logoutUrl("/logout") .logoutSuccessUrl(FindController.DEFAULT_LOGIN_PAGE) .and() .authorizeRequests() .antMatchers(FindController.APP_PATH + "/**").hasAnyRole(FindRole.USER.name()) .antMatchers(FindController.CONFIG_PATH).hasRole(FindRole.CONFIG.name()) .antMatchers("/api/public/**").hasRole(FindRole.USER.name()) .antMatchers("/api/bi/**").hasRole(FindRole.BI.name()) .antMatchers("/api/config/**").hasRole(FindRole.CONFIG.name()) .antMatchers("/api/admin/**").hasRole(FindRole.ADMIN.name()) .antMatchers(FindController.DEFAULT_LOGIN_PAGE).permitAll() .antMatchers(FindController.LOGIN_PATH).permitAll() .antMatchers("/").permitAll() .anyRequest().denyAll() .and() .headers() .defaultsDisabled() .frameOptions() .sameOrigin(); idolSecurityCustomizer.customize(http, authenticationManager()); }
@Override protected void configure(HttpSecurity http) throws Exception { http.exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")) .and() .authorizeRequests() .antMatchers("/**").permitAll() .and() .rememberMe() .key("vaadin4spring") .rememberMeServices(persistentTokenBasedRememberMeServices()) .and() .csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { final RequestMatcher textHtmlMatcher = new MediaTypeRequestMatcher( contentNegotiationStrategy, MediaType.TEXT_HTML); final String loginPage = dashboard("/#/login"); final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint(); basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm()); basicAuthenticationEntryPoint.afterPropertiesSet(); http .csrf() .disable() .authorizeRequests() .antMatchers("/") .authenticated() .antMatchers( dashboard("/**"), "/authenticate", "/security/info", "/features", "/assets/**").permitAll() .and() .formLogin().loginPage(loginPage) .loginProcessingUrl(dashboard("/login")) .defaultSuccessUrl(dashboard("/")).permitAll() .and() .logout().logoutUrl(dashboard("/logout")) .logoutSuccessUrl(dashboard("/logout-success.html")) .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).permitAll() .and().httpBasic() .and().exceptionHandling() .defaultAuthenticationEntryPointFor( new LoginUrlAuthenticationEntryPoint(loginPage), textHtmlMatcher) .defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, AnyRequestMatcher.INSTANCE) .and() .authorizeRequests() .anyRequest().authenticated(); final SessionRepositoryFilter<ExpiringSession> sessionRepositoryFilter = new SessionRepositoryFilter<ExpiringSession>( sessionRepository()); sessionRepositoryFilter .setHttpSessionStrategy(new HeaderHttpSessionStrategy()); http.addFilterBefore(sessionRepositoryFilter, ChannelProcessingFilter.class).csrf().disable(); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED); }
@Bean public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint(){ return new LoginUrlAuthenticationEntryPoint("/login/form"); }
public void setLoginUrlAuthenticationEntryPoint( LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint) { this.loginUrlAuthenticationEntryPoint = loginUrlAuthenticationEntryPoint; }
@Bean public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint() { return new LoginUrlAuthenticationEntryPoint("/login"); }
@Bean public LoginUrlAuthenticationEntryPoint formEntryPoint() { return new LoginUrlAuthenticationEntryPoint("/login"); }
@Bean public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint() { return new LoginUrlAuthenticationEntryPoint("/web/login"); }
@Override protected void configure(HttpSecurity http) throws Exception { CustomAccessDeniedHandler accessDeniedHandler = new CustomAccessDeniedHandler(); accessDeniedHandler.setErrorPage("/editar/acesso-negado"); HttpSecurity httpSecurityBuilder = http .httpBasic() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint(LOGIN_URL)) .and() .formLogin() .loginPage(LOGIN_URL) .successHandler(successHandler) .permitAll() .and() .logout() .logoutUrl("/editar/sair") .logoutSuccessUrl("/editar/autenticar?sair") .deleteCookies("JSESSIONID", "SESSION") .and() .authorizeRequests() .antMatchers("/editar/autenticar", "/editar/api/ping", "/editar/recuperar-senha", "/editar/acesso-cidadao").permitAll() .and(); // este laço irá adicionar todas as permissões específicas por página for (TipoPagina tipoPagina : TipoPagina.values()) { httpSecurityBuilder.authorizeRequests() .antMatchers(GET, urlParaTipoDePagina(API_NOVA_PAGINA_PATTERN, tipoPagina)) .hasAnyAuthority(CRIAR.comTipoPagina(tipoPagina), CRIAR.comTipoPaginaParaOrgaoEspecifico(tipoPagina)) .antMatchers(DELETE, urlParaTipoDePagina(API_PAGINA_PATTERN, tipoPagina)) .hasAnyAuthority(EXCLUIR.comTipoPagina(tipoPagina), EXCLUIR.comTipoPaginaParaOrgaoEspecifico(tipoPagina)) .antMatchers(PATCH, urlParaTipoDePagina(API_PAGINA_PATTERN, tipoPagina)) .hasAnyAuthority(CRIAR.comTipoPagina(tipoPagina), CRIAR.comTipoPaginaParaOrgaoEspecifico(tipoPagina)) .antMatchers(PUT, urlParaTipoDePagina(API_PAGINA_PATTERN, tipoPagina)) .hasAnyAuthority(PUBLICAR.comTipoPagina(tipoPagina), PUBLICAR.comTipoPaginaParaOrgaoEspecifico(tipoPagina)) .antMatchers(POST, urlParaTipoDePagina(API_PAGINA_PATTERN, tipoPagina)) .hasAnyAuthority(EDITAR_SALVAR.comTipoPagina(tipoPagina), EDITAR_SALVAR.comTipoPaginaParaOrgaoEspecifico(tipoPagina)) .antMatchers(POST, urlParaTipoDePagina(API_DESPUBLICAR_PATTERN, tipoPagina)) .hasAnyAuthority(DESPUBLICAR.comTipoPagina(tipoPagina), DESPUBLICAR.comTipoPaginaParaOrgaoEspecifico(tipoPagina)) .antMatchers(POST, urlParaTipoDePagina(API_DESCARTAR_PATTERN, tipoPagina)) .hasAnyAuthority(DESCARTAR.comTipoPagina(tipoPagina), DESCARTAR.comTipoPaginaParaOrgaoEspecifico(tipoPagina)) .and(); } httpSecurityBuilder.authorizeRequests() .antMatchers(GET, API_NOVO_USUARIO).hasAnyAuthority(CADASTRAR.comPapel(ADMIN), CADASTRAR.comPapel(PONTOFOCAL), CADASTRAR.comPapel(PUBLICADOR), CADASTRAR.comPapel(EDITOR)) .antMatchers(POST, API_NOVO_USUARIO).hasAnyAuthority(CADASTRAR.comPapel(ADMIN), CADASTRAR.comPapel(PONTOFOCAL), CADASTRAR.comPapel(PUBLICADOR), CADASTRAR.comPapel(EDITOR)) .anyRequest().fullyAuthenticated() .and() .exceptionHandling().accessDeniedHandler(accessDeniedHandler) .and() .sessionManagement() .invalidSessionUrl("/editar/autenticar?sessao"); }
@Bean public LoginUrlAuthenticationEntryPoint authenticationEntryPoint() { return new LoginUrlAuthenticationEntryPoint("/openid_connect_login"); }
private AuthenticationEntryPoint getAuthenticationEntryPoint() { return new LoginUrlAuthenticationEntryPoint(LoginController.CONTROLLER_PATH); }
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/VAADIN/**", "/PUSH/**", "/UIDL/**", "/login", "/login/**", "/logout").permitAll() .antMatchers("/**").authenticated() .and() .csrf().disable() .exceptionHandling() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")) .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/login") .permitAll(); /* http .formLogin() .failureUrl("/login?error") .defaultSuccessUrl("/") .loginPage("/login") .loginProcessingUrl("/authorize") .usernameParameter("username") .passwordParameter("password") .permitAll() .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/login") .permitAll(); http .csrf().disable(); http.authorizeRequests().antMatchers("/login").permitAll() .antMatchers("/authorize").permitAll() .antMatchers("/spring_security_login").permitAll() .antMatchers("/VAADIN/*").permitAll() .antMatchers("/VAADIN/**").permitAll() .antMatchers("/UIDL/*").permitAll() .antMatchers("/UIDL/**").permitAll(); */ }
@Bean public AuthenticationEntryPoint authenticationEntryPoint() { return new LoginUrlAuthenticationEntryPoint(LOGIN_URL); }