@Override public void configure(HttpSecurity builder) throws Exception { OAuth2ClientAuthenticationProcessingFilter ssoFilter = this.filter; ssoFilter.setSessionAuthenticationStrategy( builder.getSharedObject(SessionAuthenticationStrategy.class)); builder.addFilterAfter(ssoFilter, AbstractPreAuthenticatedProcessingFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { http .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterAfter(facebookLoginFilter, OAuth2ClientContextFilter.class) .authorizeRequests() .antMatchers("/", "/callback").permitAll().and() .authorizeRequests() .antMatchers("/profile/*").authenticated().and() .authorizeRequests().anyRequest().authenticated().and() .httpBasic().authenticationEntryPoint( new LoginUrlAuthenticationEntryPoint("/callback")).and() .logout().logoutSuccessUrl("/").permitAll().and() .headers().frameOptions().disable().and() .csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterAfter(openIdConnectFilter, OAuth2ClientContextFilter.class) .authorizeRequests() .antMatchers("/").permitAll().and() .authorizeRequests() .antMatchers(apiBaseUri).authenticated().and() .authorizeRequests().anyRequest().authenticated().and() .httpBasic().authenticationEntryPoint( new LoginUrlAuthenticationEntryPoint(callbackUri)).and() .logout() .logoutSuccessUrl("/") .permitAll().and() .csrf().disable(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .addFilterAfter(new OAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterAfter(filter, OAuth2ClientContextFilter.class) .httpBasic() .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/google-login")) .and() .authorizeRequests() .antMatchers("/api/v1/users**").hasAuthority("ADMIN") .antMatchers("/api/v1/notes**").hasAnyAuthority("ADMIN", "AUTHOR") .antMatchers("/").hasAuthority("ADMIN") .antMatchers("/swagger-ui.html").hasAuthority("ADMIN"); }
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new OncePerRequestFilter() { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // We don't want to allow access to a resource with no token so clear // the security context in case it is actually an OAuth2Authentication if (tokenExtractor.extract(request) == null) { SecurityContextHolder.clearContext(); } filterChain.doFilter(request, response); } }, AbstractPreAuthenticatedProcessingFilter.class); http.authorizeRequests().anyRequest().authenticated(); }
@Override protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/internal/**") .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) .and() .csrf() .requireCsrfProtectionMatcher(new CsrfProtectionMatcher()).and() .addFilterAfter(new CsrfTokenResponseHeaderBindingFilter(), CsrfFilter.class) .addFilterAfter( new ShibbolethPreAuthenticatedProcessingFilter(authenticationManagerBean(), serviceRegistry), AbstractPreAuthenticatedProcessingFilter.class ) .authorizeRequests() .antMatchers("/internal/**").hasAnyRole("PEP", "ADMIN"); if (environment.acceptsProfiles("no-csrf")) { http.csrf().disable(); } if (environment.acceptsProfiles("dev", "perf")) { //we can't use @Profile, because we need to add it before the real filter http.addFilterBefore(new MockShibbolethFilter(), ShibbolethPreAuthenticatedProcessingFilter.class); } }
@SuppressWarnings("ProhibitedExceptionDeclared") @Override protected void configure(final HttpSecurity http) throws Exception { final AuthenticationEntryPoint ssoEntryPoint = new SsoAuthenticationEntryPoint(SsoController.SSO_PAGE); final SsoAuthenticationFilter<?> ssoAuthenticationFilter = new SsoAuthenticationFilter<>(SsoController.SSO_AUTHENTICATION_URI, EntityType.CombinedSso.INSTANCE); ssoAuthenticationFilter.setAuthenticationManager(authenticationManager()); final LogoutSuccessHandler logoutSuccessHandler = new HodTokenLogoutSuccessHandler(SsoController.SSO_LOGOUT_PAGE, tokenRepository); http.regexMatcher("/public(/.*)?|/sso|/authenticate-sso|/api/authentication/.*|/logout") .csrf() .disable() .exceptionHandling() .authenticationEntryPoint(ssoEntryPoint) .accessDeniedPage(DispatcherServletConfiguration.AUTHENTICATION_ERROR_PATH) .and() .authorizeRequests() .antMatchers(FindController.APP_PATH + "/**").hasRole(FindRole.USER.name()) .and() .logout() .logoutSuccessHandler(logoutSuccessHandler) .and() .addFilterAfter(ssoAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { if (noauthdevmode && devmode) { // don't configure any security } else { http .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessHandler(logoutHandler()).and() .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and() .authorizeRequests() .antMatchers("/my/**").authenticated() .anyRequest().permitAll().and() .addFilterBefore(oasisAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class); } http .addFilterAfter(oasisExceptionTranslationFilter(authenticationEntryPoint()), ExceptionTranslationFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() // disable CSRF now. TODO figure out how to config CSRF header in AngularJS .authorizeRequests() .antMatchers("/api/admin/**").hasAuthority(UserRoleType.ROLE_ADMIN.name()) .antMatchers("/api/author/**").hasAuthority(UserRoleType.ROLE_AUTHOR.name()) .antMatchers("/api/user/**").authenticated() .antMatchers("/api/public/**").permitAll() .antMatchers("/api/currentUser").permitAll() .antMatchers("/signin/**").permitAll() .antMatchers("/connect/**").permitAll() .antMatchers("/dist/**").permitAll() .anyRequest().authenticated() .and() .addFilterBefore(socialAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class) .logout() .deleteCookies("JSESSIONID") .logoutUrl("/signout") .logoutSuccessUrl("/") .and() .rememberMe() .rememberMeServices(rememberMeServices()); }
@Override public void configure(HttpSecurity http) throws Exception { http .requestMatchers() .antMatchers("/userinfo") .and() .authorizeRequests() .antMatchers(HttpMethod.OPTIONS, "**").permitAll() .antMatchers(HttpMethod.GET, "/userinfo").access("#oauth2.hasScope('openid')") .and() .addFilterAfter(corsFilter(), AbstractPreAuthenticatedProcessingFilter.class); }
@Override protected void configure(HttpSecurity http) throws Exception { http. requestMatchers() .antMatchers("/oauth/**", "/authorize", "/login", "/logout") .and() .authorizeRequests() .antMatchers(HttpMethod.OPTIONS, "**").permitAll() .antMatchers("/login").permitAll() .anyRequest().authenticated() .and() .formLogin() .authenticationDetailsSource(new ClientAwareAuthenticationDetailsSource()) .failureHandler(authenticationFailureHandler()) .successHandler(authenticationSuccessHandler()) .permitAll() .and() .logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessHandler(new CustomLogoutSuccessHandler()) .and() .exceptionHandling() .authenticationEntryPoint(new OAuth2LoginUrlAuthenticationEntryPoint("/login")) .and() .addFilterAfter(corsFilter(), AbstractPreAuthenticatedProcessingFilter.class); }
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new OncePerRequestFilter() { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // We don't want to allow access to a resource with no token so clear // the security context in case it is actually an OAuth2Authentication if (tokenExtractor.extract(request) == null) { SecurityContextHolder.clearContext(); } filterChain.doFilter(request, response); } }, AbstractPreAuthenticatedProcessingFilter.class); http.csrf().disable(); http .authorizeRequests() .antMatchers( "/stockmanagement", "/webjars/**", "/stockmanagement/webjars/**", "/stockmanagement/docs/**" ).permitAll() .antMatchers("/**").fullyAuthenticated(); }
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new OncePerRequestFilter() { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // We don't want to allow access to a resource with no token so clear // the security context in case it is actually an OAuth2Authentication if (tokenExtractor.extract(request) == null) { SecurityContextHolder.clearContext(); } filterChain.doFilter(request, response); } }, AbstractPreAuthenticatedProcessingFilter.class); http.csrf().disable(); http .authorizeRequests() .antMatchers( "/template", "/webjars/**", "/template/webjars/**", "/template/docs/**" ).permitAll() .antMatchers("/**").fullyAuthenticated(); }
@Override protected void configure(HttpSecurity http) throws Exception { AbstractPreAuthenticatedProcessingFilter accessTokenAuthenticationFilter = accessTokenAuthenticationFilter(); http .addFilterBefore(accessTokenAuthenticationFilter, RememberMeAuthenticationFilter.class) .csrf().disable() .exceptionHandling().authenticationEntryPoint(getAuthenticationEntryPoint()) .and() .authorizeRequests() .requestMatchers(request -> request.getRequestURI().startsWith(loginPath)).anonymous() .requestMatchers(request -> request.getRequestURI().equals(userPath) && request.getMethod().equalsIgnoreCase("POST")).anonymous() .requestMatchers(request -> request.getRequestURI().startsWith(passwordRequestPath)).permitAll() .requestMatchers(request -> request.getRequestURI().startsWith(apiBasePath + getPathFromResource(PasswordRequest.class))).anonymous() .requestMatchers(request -> request.getRequestURI().startsWith(apiBasePath)).authenticated() .and() .formLogin() .loginPage(loginPath) .usernameParameter("username") .passwordParameter("password") .successHandler(loginSuccessHandler()) .failureHandler(loginFailureHandler()) .permitAll() .and() .logout() .logoutUrl(logoutPath) .logoutSuccessHandler(logoutSuccessHandler()) .permitAll(); http.rememberMe().rememberMeServices(rememberMeServices()).key("token"); }
@Override protected void configure(HttpSecurity http) throws Exception { // Set a custom successHandler on the SocialAuthenticationFilter final SpringSocialConfigurer socialConfigurer = new SpringSocialConfigurer(); socialConfigurer.addObjectPostProcessor(new ObjectPostProcessor<SocialAuthenticationFilter>() { @Override public <O extends SocialAuthenticationFilter> O postProcess(O socialAuthenticationFilter) { socialAuthenticationFilter.setAuthenticationSuccessHandler(socialAuthenticationSuccessHandler); return socialAuthenticationFilter; } }); http.exceptionHandling().and().anonymous().and().servletApi().and().headers().cacheControl().and() .authorizeRequests() //allow anonymous font and template requests .antMatchers("/").permitAll() .antMatchers("/favicon.ico").permitAll() .antMatchers("/resources/**").permitAll() //allow anonymous calls to social login .antMatchers("/auth/**").permitAll() //allow anonymous GETs to API .antMatchers(HttpMethod.GET, "/api/**").permitAll() //defined Admin only API area .antMatchers("/admin/**").hasRole("ADMIN") //all other request need to be authenticated .antMatchers(HttpMethod.GET, "/api/users/current/details").hasRole("USER") .anyRequest().hasRole("USER").and() // add custom authentication filter for complete stateless JWT based authentication .addFilterBefore(statelessAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class) // apply the configuration from the socialConfigurer (adds the SocialAuthenticationFilter) .apply(socialConfigurer.userIdSource(userIdSource)); }
@Bean public ResourceServerConfigurer resourceServerConfigurerAdapter() { return new ResourceServerConfigurerAdapter() { @Override public void configure(ResourceServerSecurityConfigurer resources) throws Exception { resources.resourceId("todo"); } @Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(new OncePerRequestFilter() { @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { // We don't want to allow access to a resource with no token so clear // the security context in case it is actually an OAuth2Authentication if (tokenExtractor.extract(request) == null) { SecurityContextHolder.clearContext(); } filterChain.doFilter(request, response); } }, AbstractPreAuthenticatedProcessingFilter.class); http.csrf().disable(); http.authorizeRequests().anyRequest().authenticated(); } }; }
@Override protected void configure(HttpSecurity http) throws Exception { http .requestMatcher(dashboardEntryPointMatcher) .authorizeRequests() .anyRequest().access(isManagingApp()) .and() .addFilterBefore(dashboardClientContextFilter.unwrap(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterBefore(dashboardSocialClientFilter.unwrap(), AbstractPreAuthenticatedProcessingFilter.class) .logout() .logoutSuccessHandler(dashboardLogoutSuccessHandler) .logoutRequestMatcher(dashboardLogoutUrlMatcher); }
@Override protected void configure(HttpSecurity http) throws Exception { http.addFilterAfter(oAuth2ClientContextFilter(), AbstractPreAuthenticatedProcessingFilter.class) .addFilterAfter(openIdConnectAuthenticationFilter(), OAuth2ClientContextFilter.class) .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()) .and().authorizeRequests() .antMatchers(GET, "/").permitAll() .antMatchers(GET, "/test").authenticated(); }
@Override @SuppressWarnings("unchecked") public void configure(HttpSecurity http) throws Exception { AuthenticationManager oauthAuthenticationManager = oauthAuthenticationManager(http); resourcesServerFilter = new OAuth2AuthenticationProcessingFilter(); resourcesServerFilter.setAuthenticationManager(oauthAuthenticationManager); resourcesServerFilter = postProcess(resourcesServerFilter); http.authorizeRequests().expressionHandler(expressionHandler).and() .addFilterBefore(resourcesServerFilter, AbstractPreAuthenticatedProcessingFilter.class) .getConfigurer(ExceptionHandlingConfigurer.class).accessDeniedHandler(accessDeniedHandler); }
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(scimAccountGroupReaderFilter, AbstractPreAuthenticatedProcessingFilter.class) .authorizeRequests() .antMatchers(API_ROOT_CONTEXT + "/v1/clusters/**").access("#oauth2.hasScope('cloudbreak.stacks') and #oauth2.hasScope('periscope.cluster')") .antMatchers(API_ROOT_CONTEXT + "/v2/clusters/**").access("#oauth2.hasScope('cloudbreak.stacks') and #oauth2.hasScope('periscope.cluster')") .antMatchers(API_ROOT_CONTEXT + "/swagger.json").permitAll() .antMatchers(API_ROOT_CONTEXT + "/api-docs/**").permitAll() .antMatchers(API_ROOT_CONTEXT + "/**").denyAll() .and() .csrf() .disable() .headers() .contentTypeOptions(); }
@Override public void configure(HttpSecurity http) throws Exception { ApplicationContext applicationContext = http.getSharedObject(ApplicationContext.class); UsersConnectionRepository usersConnectionRepository = getDependency(applicationContext, UsersConnectionRepository.class); SocialAuthenticationServiceLocator authServiceLocator = getDependency(applicationContext, SocialAuthenticationServiceLocator.class); SocialUserDetailsService socialUsersDetailsService = getDependency(applicationContext, SocialUserDetailsService.class); SocialAuthenticationFilter filter = new SocialAuthenticationFilter( http.getSharedObject(AuthenticationManager.class), userIdSource != null ? userIdSource : new AuthenticationNameUserIdSource(), usersConnectionRepository, authServiceLocator); RememberMeServices rememberMe = http.getSharedObject(RememberMeServices.class); if (rememberMe != null) { filter.setRememberMeServices(rememberMe); } if (postLoginUrl != null) { filter.setPostLoginUrl(postLoginUrl); filter.setAlwaysUsePostLoginUrl(alwaysUsePostLoginUrl); } if (postFailureUrl != null) { /* * This is throwing * java.lang.IllegalStateException: * can't set postFailureUrl on unknown failureHandler, type is org.springframework.social.security.SocialAuthenticationFailureHandler */ // filter.setPostFailureUrl(postFailureUrl); filter.setDefaultFailureUrl(postFailureUrl); } if (signupUrl != null) { filter.setSignupUrl(signupUrl); } http.authenticationProvider( new SocialAuthenticationProvider(usersConnectionRepository, socialUsersDetailsService)) .addFilterBefore(postProcess(filter), AbstractPreAuthenticatedProcessingFilter.class); }
@Override public void configure(HttpSecurity http) throws Exception { http.addFilterAfter(scimAccountGroupReaderFilter, AbstractPreAuthenticatedProcessingFilter.class) .authorizeRequests() .antMatchers(HttpMethod.GET, BLUEPRINT_URL_PATTERNS) .access("#oauth2.hasScope('cloudbreak.blueprints.read') or #oauth2.hasScope('cloudbreak.blueprints')") .antMatchers(HttpMethod.GET, STACK_TEMPLATE_URL_PATTERNS) .access("#oauth2.hasScope('cloudbreak.stacks.read') or #oauth2.hasScope('cloudbreak.stacks')") .antMatchers(HttpMethod.GET, TEMPLATE_URL_PATTERNS) .access("#oauth2.hasScope('cloudbreak.templates.read') or #oauth2.hasScope('cloudbreak.templates')") .antMatchers(HttpMethod.GET, CREDENTIAL_URL_PATTERNS) .access("#oauth2.hasScope('cloudbreak.credentials.read') or #oauth2.hasScope('cloudbreak.credentials')") .antMatchers(HttpMethod.GET, RECIPE_URL_PATTERNS) .access("#oauth2.hasScope('cloudbreak.recipes.read') or #oauth2.hasScope('cloudbreak.recipes')") .antMatchers(HttpMethod.GET, NETWORK_URL_PATTERNS) .access("#oauth2.hasScope('cloudbreak.networks.read') or #oauth2.hasScope('cloudbreak.networks')") .antMatchers(HttpMethod.GET, SECURITYGROUP_URL_PATTERNS) .access("#oauth2.hasScope('cloudbreak.securitygroups.read') or #oauth2.hasScope('cloudbreak.securitygroups')") .antMatchers(HttpMethod.GET, SECURITY_RULE_URL_PATTERNS) .access("#oauth2.hasScope('cloudbreak.securitygroups.read') or #oauth2.hasScope('cloudbreak.securitygroups')") .antMatchers(HttpMethod.GET, STACK_URL_PATTERNS) .access("#oauth2.hasScope('cloudbreak.stacks.read') or #oauth2.hasScope('cloudbreak.stacks')" + " or #oauth2.hasScope('cloudbreak.autoscale')") .antMatchers(HttpMethod.GET, IMAGE_CATALOG_PATTERN) .access("#oauth2.hasScope('cloudbreak.templates.read') or #oauth2.hasScope('cloudbreak.templates')") .antMatchers(HttpMethod.GET, ACCOUNT_PREFERENCES) .permitAll() .antMatchers(API_ROOT_CONTEXT + "/v1/users/**").access("#oauth2.hasScope('openid')") .antMatchers(BLUEPRINT_URL_PATTERNS).access("#oauth2.hasScope('cloudbreak.blueprints')") .antMatchers(TEMPLATE_URL_PATTERNS).access("#oauth2.hasScope('cloudbreak.templates')") .antMatchers(CREDENTIAL_URL_PATTERNS).access("#oauth2.hasScope('cloudbreak.credentials')") .antMatchers(RECIPE_URL_PATTERNS).access("#oauth2.hasScope('cloudbreak.recipes')") .antMatchers(NETWORK_URL_PATTERNS).access("#oauth2.hasScope('cloudbreak.networks')") .antMatchers(SECURITYGROUP_URL_PATTERNS).access("#oauth2.hasScope('cloudbreak.securitygroups')") .antMatchers(STACK_URL_PATTERNS).access("#oauth2.hasScope('cloudbreak.stacks') or #oauth2.hasScope('cloudbreak.autoscale')") .antMatchers(STACK_TEMPLATE_URL_PATTERNS).access("#oauth2.hasScope('cloudbreak.stacks')") .antMatchers(SECURITY_RULE_URL_PATTERNS).access("#oauth2.hasScope('cloudbreak.securitygroups')") .antMatchers(ACCOUNT_PREFERENCES) .access("#oauth2.hasScope('cloudbreak.templates') and #oauth2.hasScope('cloudbreak.stacks')") .antMatchers(IMAGE_CATALOG_PATTERN).access("#oauth2.hasScope('cloudbreak.templates')") .antMatchers(API_ROOT_CONTEXT + "/v1/stacks/ambari", API_ROOT_CONTEXT + "/v1/stacks/*/certificate", API_ROOT_CONTEXT + "/v1/stacks/all") .access("#oauth2.hasScope('cloudbreak.autoscale')") .antMatchers(API_ROOT_CONTEXT + "/v2/stacks/ambari", API_ROOT_CONTEXT + "/v2/stacks/*/certificate", API_ROOT_CONTEXT + "/v2/stacks/all") .access("#oauth2.hasScope('cloudbreak.autoscale')") .antMatchers(API_ROOT_CONTEXT + "/v1/events/**").access("#oauth2.hasScope('cloudbreak.events')") .antMatchers(API_ROOT_CONTEXT + "/v1/usages/account/**").access("#oauth2.hasScope('cloudbreak.usages.account')") .antMatchers(API_ROOT_CONTEXT + "/v1/usages/user/**").access("#oauth2.hasScope('cloudbreak.usages.user')") .antMatchers(API_ROOT_CONTEXT + "/v1/usages/flex/**").access("#oauth2.hasScope('cloudbreak.flex')") .antMatchers(API_ROOT_CONTEXT + "/v1/usages/**").access("#oauth2.hasScope('cloudbreak.usages.global')") .antMatchers(API_ROOT_CONTEXT + "/v1/subscriptions").access("#oauth2.hasScope('cloudbreak.subscribe')") .antMatchers(API_ROOT_CONTEXT + "/v1/constraints/**") .access("#oauth2.hasScope('cloudbreak.stacks') or #oauth2.hasScope('cloudbreak.autoscale')") .antMatchers(API_ROOT_CONTEXT + "/v1/topologies/**") .access("#oauth2.hasScope('cloudbreak.stacks') or #oauth2.hasScope('cloudbreak.autoscale')") .antMatchers(API_ROOT_CONTEXT + "/v1/settings/**") .access("#oauth2.hasScope('cloudbreak.stacks') or #oauth2.hasScope('cloudbreak.recipes')") .antMatchers(API_ROOT_CONTEXT + "/v1/ldap/**").access("#oauth2.hasScope('cloudbreak.stacks')") .antMatchers(API_ROOT_CONTEXT + "/v1/util/**").access("#oauth2.hasScope('cloudbreak.stacks')") .antMatchers(API_ROOT_CONTEXT + "/v1/rdsconfigs/**").access("#oauth2.hasScope('cloudbreak.stacks')") .antMatchers(API_ROOT_CONTEXT + "/v1/smartsensesubscriptions/**").access("#oauth2.hasScope('cloudbreak.stacks')") .antMatchers(API_ROOT_CONTEXT + "/v1/flexsubscriptions/**").access("#oauth2.hasScope('cloudbreak.stacks')") .antMatchers(API_ROOT_CONTEXT + "/v1/connectors/**").access("#oauth2.hasScope('cloudbreak.credentials')") .antMatchers(API_ROOT_CONTEXT + "/v2/connectors/**").access("#oauth2.hasScope('cloudbreak.credentials')") .antMatchers(API_ROOT_CONTEXT + "/swagger.json").permitAll() .antMatchers(API_ROOT_CONTEXT + "/api-docs/**").permitAll() .antMatchers(API_ROOT_CONTEXT + "/**").denyAll(); http.csrf().disable(); http.headers().contentTypeOptions(); }
@Override protected void configure(HttpSecurity http) throws Exception { log.info("Init Security HTTP authorizations.."); http .csrf().disable() .authorizeRequests() .antMatchers("/assets/**").permitAll() .antMatchers("/core/identity/signIn/**").permitAll() .antMatchers("/core/identity/signUp/**").permitAll() .antMatchers("/core/websockets/info/**").permitAll() .antMatchers("/core/websockets/**").authenticated() .antMatchers("/core/bridges/**").authenticated() .antMatchers("/core/bulbs/**").authenticated() .antMatchers("/core/groups/**").authenticated() .antMatchers("/core/presets/**").authenticated() .antMatchers("/core/schedules/**").authenticated() .antMatchers("/manage/**").authenticated() .antMatchers("/**").permitAll() .anyRequest().authenticated() .and() .logout() .logoutSuccessUrl("/") .logoutUrl("/logout") .permitAll() .and() .formLogin() .loginPage("/") .loginProcessingUrl("/login") .failureUrl("/") .failureHandler(new AuthenticationFailureHandler() { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { response.getWriter().append("Bad credentials!"); response.setStatus(HttpStatus.FORBIDDEN.value()); } }) .passwordParameter("password") .usernameParameter("email") .and() .rememberMe() .userDetailsService(userService) .and() .exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()) ; /* Allows authentication by API-KEY present in request header "Auth". */ PreAuthenticationProcessingFilter preAuthFilter = new PreAuthenticationProcessingFilter(); preAuthFilter.setAuthenticationManager(authenticationManagerBean()); http.addFilterBefore(preAuthFilter, AbstractPreAuthenticatedProcessingFilter.class); // http.sessionManagement(). }
@Override protected void configure(HttpSecurity http) throws Exception { log.info("Init Security HTTP authorizations.."); http .csrf().disable() .authorizeRequests() .antMatchers("/assets/**").permitAll() .antMatchers("/core/identity/signIn/**").permitAll() .antMatchers("/core/identity/signUp/**").permitAll() .antMatchers("/core/websockets/**").authenticated() .antMatchers("/core/websockets/info/**").permitAll() .antMatchers("/core/bridges/**").authenticated() .antMatchers("/core/bulbs/**").authenticated() .antMatchers("/core/groups/**").authenticated() .antMatchers("/core/presets/**").authenticated() .antMatchers("/core/schedules/**").authenticated() .antMatchers("/manage/**").authenticated() .antMatchers("/**").permitAll() .anyRequest().authenticated() .and() .logout() .logoutSuccessUrl("/") .logoutUrl("/logout") .permitAll() .and() .formLogin() .loginPage("/") .loginProcessingUrl("/login") .failureUrl("/") .failureHandler(new AuthenticationFailureHandler() { @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { response.getWriter().append("Bad credentials!"); response.setStatus(HttpStatus.FORBIDDEN.value()); } }) .passwordParameter("password") .usernameParameter("email") .and() .rememberMe() .userDetailsService(userService) .and() .exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()) .and() .requiresChannel().anyRequest().requiresSecure() ; /* Allows authentication by API-KEY present in request header "Auth". */ PreAuthenticationProcessingFilter preAuthFilter = new PreAuthenticationProcessingFilter(); preAuthFilter.setAuthenticationManager(authenticationManagerBean()); http.addFilterBefore(preAuthFilter, AbstractPreAuthenticatedProcessingFilter.class); // http.sessionManagement(). }
