Java Code Examples for org.springframework.security.web.authentication.savedrequestawareauthenticationsuccesshandler#setDefaultTargetUrl()

The following examples show how to use org.springframework.security.web.authentication.savedrequestawareauthenticationsuccesshandler#setDefaultTargetUrl() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SecuritySecureConfig.java    From spring-boot-plus with Apache License 2.0 7 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setTargetUrlParameter("redirectTo");
    successHandler.setDefaultTargetUrl(this.adminServer.path("/"));

    http.authorizeRequests(
            (authorizeRequests) -> authorizeRequests
                    .antMatchers(this.adminServer.path("/assets/**")).permitAll()
                    .antMatchers(this.adminServer.path("/static/**")).permitAll()
                    .antMatchers(this.adminServer.path("/login")).permitAll()
                    .anyRequest().authenticated()
    ).formLogin(
            (formLogin) -> formLogin.loginPage(this.adminServer.path("/login")).successHandler(successHandler).and()
    ).logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout"))).httpBasic(Customizer.withDefaults())
            .csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                    .ignoringRequestMatchers(
                            new AntPathRequestMatcher(this.adminServer.path("/instances"),
                                    HttpMethod.POST.toString()),
                            new AntPathRequestMatcher(this.adminServer.path("/instances/*"),
                                    HttpMethod.DELETE.toString()),
                            new AntPathRequestMatcher(this.adminServer.path("/actuator/**"))
                    ))
            .rememberMe((rememberMe) -> rememberMe.key(UUID.randomUUID().toString()).tokenValiditySeconds(1209600));
}
 
Example 2
Source File: SecurityConfig.java    From lion with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setTargetUrlParameter("redirectTo");
    successHandler.setDefaultTargetUrl(adminContextPath + "/");

    http.authorizeRequests()
            .antMatchers(adminContextPath + "/instances").permitAll()
            .antMatchers(adminContextPath + "/actuator/**").permitAll()
            .antMatchers(adminContextPath + "/assets/**").permitAll()
            .antMatchers(adminContextPath + "/login").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler)
            .and()
            .logout().logoutUrl(adminContextPath + "/logout")
            .and()
            .httpBasic()
            .and()
            .csrf().disable();
}
 
Example 3
Source File: SpringBootAdminWarApplication.java    From spring-boot-admin with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
	successHandler.setTargetUrlParameter("redirectTo");
	successHandler.setDefaultTargetUrl(this.adminServer.path("/"));

	http.authorizeRequests((authorizeRequests) -> authorizeRequests
			.antMatchers(this.adminServer.path("/assets/**")).permitAll()
			.antMatchers(this.adminServer.path("/login")).permitAll().anyRequest().authenticated())

			.formLogin((formLogin) -> formLogin.loginPage(this.adminServer.path("/login"))
					.successHandler(successHandler))
			.logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout")))
			.httpBasic(Customizer.withDefaults())
			.csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
					.ignoringRequestMatchers(
							new AntPathRequestMatcher(this.adminServer.path("/instances"),
									HttpMethod.POST.toString()),
							new AntPathRequestMatcher(this.adminServer.path("/instances/*"),
									HttpMethod.DELETE.toString()),
							new AntPathRequestMatcher(this.adminServer.path("/actuator/**"))));
}
 
Example 4
Source File: SpringBootAdminConsulApplication.java    From spring-boot-admin with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
	successHandler.setTargetUrlParameter("redirectTo");
	successHandler.setDefaultTargetUrl(this.adminContextPath + "/");

	http.authorizeRequests((authorizeRequests) -> authorizeRequests
			.antMatchers(this.adminContextPath + "/assets/**").permitAll()
			.antMatchers(this.adminContextPath + "/login").permitAll().anyRequest().authenticated())
			.formLogin((formLogin) -> formLogin.loginPage(this.adminContextPath + "/login")
					.successHandler(successHandler))
			.logout((logout) -> logout.logoutUrl(this.adminContextPath + "/logout"))
			.httpBasic(Customizer.withDefaults())
			.csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
					.ignoringRequestMatchers(
							new AntPathRequestMatcher(this.adminContextPath + "/instances",
									HttpMethod.POST.toString()),
							new AntPathRequestMatcher(this.adminContextPath + "/instances/*",
									HttpMethod.DELETE.toString()),
							new AntPathRequestMatcher(this.adminContextPath + "/actuator/**")));
}
 
Example 5
Source File: SpringBootAdminZookeeperApplication.java    From spring-boot-admin with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
	successHandler.setTargetUrlParameter("redirectTo");
	successHandler.setDefaultTargetUrl(this.adminServer.path("/"));

	http.authorizeRequests((authorizeRequests) -> authorizeRequests
			.antMatchers(this.adminServer.path("/assets/**")).permitAll()
			.antMatchers(this.adminServer.path("/login")).permitAll().anyRequest().authenticated())
			.formLogin((formLogin) -> formLogin.loginPage(this.adminServer.path("/login"))
					.successHandler(successHandler))
			.logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout")))
			.httpBasic(Customizer.withDefaults())
			.csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
					.ignoringRequestMatchers(
							new AntPathRequestMatcher(this.adminServer.path("/instances"),
									HttpMethod.POST.toString()),
							new AntPathRequestMatcher(this.adminServer.path("/instances/*"),
									HttpMethod.DELETE.toString()),
							new AntPathRequestMatcher(this.adminServer.path("/actuator/**"))));
}
 
Example 6
Source File: SpringBootAdminHazelcastApplication.java    From spring-boot-admin with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
	successHandler.setTargetUrlParameter("redirectTo");
	successHandler.setDefaultTargetUrl(this.adminServer.path("/"));

	http.authorizeRequests((authorizeRequests) -> authorizeRequests
			.antMatchers(this.adminServer.path("/assets/**")).permitAll()
			.antMatchers(this.adminServer.path("/login")).permitAll().anyRequest().authenticated())
			.formLogin((formLogin) -> formLogin.loginPage(this.adminServer.path("/login"))
					.successHandler(successHandler))
			.logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout")))
			.httpBasic(Customizer.withDefaults())
			.csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
					.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).ignoringRequestMatchers(
							new AntPathRequestMatcher(this.adminServer.path("/instances"),
									HttpMethod.POST.toString()),
							new AntPathRequestMatcher(this.adminServer.path("/instances/*"),
									HttpMethod.DELETE.toString()),
							new AntPathRequestMatcher(this.adminServer.path("/actuator/**"))));
}
 
Example 7
Source File: SpringBootAdminEurekaApplication.java    From spring-boot-admin with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
	successHandler.setTargetUrlParameter("redirectTo");
	successHandler.setDefaultTargetUrl(this.adminContextPath + "/");

	http.authorizeRequests((authorizeRequests) -> authorizeRequests
			.antMatchers(this.adminContextPath + "/assets/**").permitAll()
			.antMatchers(this.adminContextPath + "/login").permitAll().anyRequest().authenticated())
			.formLogin((formLogin) -> formLogin.loginPage(this.adminContextPath + "/login")
					.successHandler(successHandler))
			.logout((logout) -> logout.logoutUrl(this.adminContextPath + "/logout"))
			.httpBasic(Customizer.withDefaults())
			.csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
					.ignoringRequestMatchers(
							new AntPathRequestMatcher(this.adminContextPath + "/instances",
									HttpMethod.POST.toString()),
							new AntPathRequestMatcher(this.adminContextPath + "/instances/*",
									HttpMethod.DELETE.toString()),
							new AntPathRequestMatcher(this.adminContextPath + "/actuator/**")));
}
 
Example 8
Source File: WebSecurityConfigurer.java    From smaker with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	// @formatter:off
	SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
	successHandler.setTargetUrlParameter("redirectTo");
	successHandler.setDefaultTargetUrl(adminContextPath + "/");

	http
		.headers().frameOptions().disable()
		.and().authorizeRequests()
		.antMatchers(adminContextPath + "/assets/**"
			, adminContextPath + "/login"
			, adminContextPath + "/actuator/**"
		).permitAll()
		.anyRequest().authenticated()
		.and()
		.formLogin().loginPage(adminContextPath + "/login")
		.successHandler(successHandler).and()
		.logout().logoutUrl(adminContextPath + "/logout")
		.and()
		.httpBasic().and()
		.csrf()
		.disable();
	// @formatter:on
}
 
Example 9
Source File: SecuritySecureConfig.java    From spring-cloud-learning with MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    // @formatter:off
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setTargetUrlParameter("redirectTo");
    successHandler.setDefaultTargetUrl(adminContextPath + "/");

    http.authorizeRequests()
            .antMatchers(adminContextPath + "/assets/**").permitAll()
            .antMatchers(adminContextPath + "/login").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
            .logout().logoutUrl(adminContextPath + "/logout").and()
            .httpBasic().and()
            .csrf()
            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
            .ignoringAntMatchers(
                    adminContextPath + "/instances",
                    adminContextPath + "/actuator/**"
            );
    // @formatter:on
}
 
Example 10
Source File: SecuritySecureConfig.java    From mall-swarm with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setTargetUrlParameter("redirectTo");
    successHandler.setDefaultTargetUrl(adminContextPath + "/");

    http.authorizeRequests()
            //1.配置所有静态资源和登录页可以公开访问
            .antMatchers(adminContextPath + "/assets/**").permitAll()
            .antMatchers(adminContextPath + "/login").permitAll()
            .anyRequest().authenticated()
            .and()
            //2.配置登录和登出路径
            .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
            .logout().logoutUrl(adminContextPath + "/logout").and()
            //3.开启http basic支持,admin-client注册时需要使用
            .httpBasic().and()
            .csrf()
            //4.开启基于cookie的csrf保护
            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
            //5.忽略这些路径的csrf保护以便admin-client注册
            .ignoringAntMatchers(
                    adminContextPath + "/instances",
                    adminContextPath + "/actuator/**"
            );
}
 
Example 11
Source File: WebSecurityConfig.java    From spring-microservice-exam with MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setTargetUrlParameter("redirectTo");
    successHandler.setAlwaysUseDefaultTargetUrl(true);
    successHandler.setDefaultTargetUrl(adminContextPath + "/");

    // 解决spring boot不允许加载iframe问题
    http.headers().frameOptions().disable();

    http.authorizeRequests()
            .antMatchers("/actuator/**", "/hystrix/**", "/hystrix", "*.sender").permitAll()
            .antMatchers(adminContextPath + "/assets/**").permitAll()
            .antMatchers(adminContextPath + "/login").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
            .logout().logoutUrl(adminContextPath + "/logout").and()
            .httpBasic().and()
            .csrf()
            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
            .ignoringAntMatchers(
                    adminContextPath + "/instances",
                    adminContextPath + "/actuator/**"
            );
}
 
Example 12
Source File: SecuritySecureConfig.java    From spring-boot-admin with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
	successHandler.setTargetUrlParameter("redirectTo");
	successHandler.setDefaultTargetUrl(this.adminServer.path("/"));

	http.authorizeRequests(
			(authorizeRequests) -> authorizeRequests.antMatchers(this.adminServer.path("/assets/**")).permitAll() // <1>
					.antMatchers(this.adminServer.path("/login")).permitAll().anyRequest().authenticated() // <2>
	).formLogin(
			(formLogin) -> formLogin.loginPage(this.adminServer.path("/login")).successHandler(successHandler).and() // <3>
	).logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout"))).httpBasic(Customizer.withDefaults()) // <4>
			.csrf((csrf) -> csrf.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()) // <5>
					.ignoringRequestMatchers(
							new AntPathRequestMatcher(this.adminServer.path("/instances"),
									HttpMethod.POST.toString()), // <6>
							new AntPathRequestMatcher(this.adminServer.path("/instances/*"),
									HttpMethod.DELETE.toString()), // <6>
							new AntPathRequestMatcher(this.adminServer.path("/actuator/**")) // <7>
					))
			.rememberMe((rememberMe) -> rememberMe.key(UUID.randomUUID().toString()).tokenValiditySeconds(1209600));
}
 
Example 13
Source File: SecuritySecureConfig.java    From microservices-platform with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setTargetUrlParameter("redirectTo");
    successHandler.setDefaultTargetUrl(adminContextPath + "/");

    http.authorizeRequests()
                .antMatchers(adminContextPath + "/assets/**").permitAll()
                .antMatchers(adminContextPath + "/login").permitAll()
                .anyRequest().authenticated()
            .and()
                .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
                .logout().logoutUrl(adminContextPath + "/logout").and()
                .httpBasic()
            .and()
                .headers()
                .frameOptions()
                .disable()
            .and()
                .csrf().disable();
}
 
Example 14
Source File: WebSecurityConfig.java    From tutorials with MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setTargetUrlParameter("redirectTo");
    successHandler.setDefaultTargetUrl(this.adminServer.getContextPath() + "/");

    http.authorizeRequests()
        .antMatchers(this.adminServer.getContextPath() + "/assets/**")
        .permitAll()
        .antMatchers(this.adminServer.getContextPath() + "/login")
        .permitAll()
        .anyRequest()
        .authenticated()
        .and()
        .formLogin()
        .loginPage(this.adminServer.getContextPath() + "/login")
        .successHandler(successHandler)
        .and()
        .logout()
        .logoutUrl(this.adminServer.getContextPath() + "/logout")
        .and()
        .httpBasic()
        .and()
        .csrf()
        .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
        .ignoringRequestMatchers(new AntPathRequestMatcher(this.adminServer.getContextPath() + "/instances", HttpMethod.POST.toString()), new AntPathRequestMatcher(this.adminServer.getContextPath() + "/instances/*", HttpMethod.DELETE.toString()),
            new AntPathRequestMatcher(this.adminServer.getContextPath() + "/actuator/**"))
        .and()
        .rememberMe()
        .key(UUID.randomUUID()
            .toString())
        .tokenValiditySeconds(1209600);
}
 
Example 15
Source File: SecuritySecureConfig.java    From roncoo-education with MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	// @formatter:off
	SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
	successHandler.setTargetUrlParameter("redirectTo");
	successHandler.setDefaultTargetUrl(adminContextPath + "/");

	http.authorizeRequests().antMatchers(adminContextPath + "/assets/**").permitAll().antMatchers(adminContextPath + "/login").permitAll().anyRequest().authenticated().and().formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and().logout().logoutUrl(adminContextPath + "/logout").and().httpBasic().and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).ignoringAntMatchers(adminContextPath + "/instances", adminContextPath + "/actuator/**");
	// @formatter:on
}
 
Example 16
Source File: SpringSocialAuthenticationFilter.java    From AIDR with GNU Affero General Public License v3.0 5 votes vote down vote up
@PostConstruct
public void init(){
	if (defaultAuthenticationSuccessUrl != null && !defaultAuthenticationSuccessUrl.isEmpty()){
		SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
		savedRequestAwareAuthenticationSuccessHandler.setDefaultTargetUrl(defaultAuthenticationSuccessUrl);		
		setAuthenticationSuccessHandler(savedRequestAwareAuthenticationSuccessHandler);
	}
}
 
Example 17
Source File: SecuritySecureConfig.java    From jeecg-cloud with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    // 登录成功处理类
    SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    successHandler.setTargetUrlParameter("redirectTo");
    successHandler.setDefaultTargetUrl(adminContextPath + "/");

    http.authorizeRequests()
            //静态文件允许访问
            .antMatchers(adminContextPath + "/assets/**").permitAll()
            //登录页面允许访问
            .antMatchers(adminContextPath + "/login", "/css/**", "/js/**", "/image/*").permitAll()
            //其他所有请求需要登录
            .anyRequest().authenticated()
            .and()
            //登录页面配置,用于替换security默认页面
            .formLogin().loginPage(adminContextPath + "/login").successHandler(successHandler).and()
            //登出页面配置,用于替换security默认页面
            .logout().logoutUrl(adminContextPath + "/logout").and()
            .httpBasic().and()
            .csrf()
            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
            .ignoringAntMatchers(
                    "/instances",
                    "/actuator/**"
            );

}
 
Example 18
Source File: SSOConfigurer.java    From spring-boot-security-saml with MIT License 4 votes vote down vote up
@Override
public void configure(ServiceProviderBuilder builder) throws Exception {
    if (successHandler == null) {
        SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler = createDefaultSuccessHandler();
        successRedirectHandler.setDefaultTargetUrl(Optional.ofNullable(defaultSuccessURL).orElseGet(config::getDefaultSuccessUrl));
        successHandler = postProcess(successRedirectHandler);
    }

    defaultFailureURL = Optional.ofNullable(defaultFailureURL).orElseGet(config::getDefaultFailureUrl);
    if (failureHandler == null) {
        SimpleUrlAuthenticationFailureHandler authenticationFailureHandler = createDefaultFailureHandler();
        authenticationFailureHandler.setDefaultFailureUrl(defaultFailureURL);
        failureHandler = postProcess(authenticationFailureHandler);
    }
    endpoints.setDefaultFailureURL(defaultFailureURL);


    SAMLProcessingFilter ssoFilter = createDefaultSamlProcessingFilter();
    ssoFilter.setAuthenticationManager(authenticationManager);
    ssoFilter.setAuthenticationSuccessHandler(successHandler);
    ssoFilter.setAuthenticationFailureHandler(failureHandler);
    ssoProcessingURL = Optional.ofNullable(ssoProcessingURL).orElseGet(config::getSsoProcessingUrl);
    endpoints.setSsoProcessingURL(ssoProcessingURL);
    ssoFilter.setFilterProcessesUrl(ssoProcessingURL);
    if (sessionAuthenticationStrategy != null) {
        ssoFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
    }

    SAMLWebSSOHoKProcessingFilter ssoHoKFilter = null;
    if (Optional.ofNullable(enableSsoHoK).orElseGet(config::isEnableSsoHok)) {
        ssoHoKFilter = createDefaultSamlHoKProcessingFilter();
        ssoHoKFilter.setAuthenticationSuccessHandler(successHandler);
        ssoHoKFilter.setAuthenticationManager(authenticationManager);
        ssoHoKFilter.setAuthenticationFailureHandler(failureHandler);
        ssoHoKProcessingURL = Optional.ofNullable(ssoHoKProcessingURL).orElseGet(config::getSsoHokProcessingUrl);
        endpoints.setSsoHoKProcessingURL(ssoHoKProcessingURL);
        ssoHoKFilter.setFilterProcessesUrl(ssoHoKProcessingURL);
        if (sessionAuthenticationStrategy != null) {
            ssoHoKFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
        }
    }

    SAMLDiscovery discoveryFilter = createDefaultSamlDiscoveryFilter();
    discoveryProcessingURL = Optional.ofNullable(discoveryProcessingURL).orElseGet(config::getDiscoveryProcessingUrl);
    endpoints.setDiscoveryProcessingURL(discoveryProcessingURL);
    discoveryFilter.setFilterProcessesUrl(discoveryProcessingURL);
    idpSelectionPageURL = Optional.ofNullable(idpSelectionPageURL).orElseGet(config::getIdpSelectionPageUrl);
    endpoints.setIdpSelectionPageURL(idpSelectionPageURL);
    discoveryFilter.setIdpSelectionPath(idpSelectionPageURL);

    SAMLEntryPoint entryPoint = Optional.ofNullable(samlEntryPointBean).orElseGet(this::createDefaultSamlEntryPoint);
    entryPoint.setDefaultProfileOptions(Optional.ofNullable(profileOptions).orElseGet(this::getProfileOptions));
    ssoLoginURL = Optional.ofNullable(ssoLoginURL).orElseGet(config::getSsoLoginUrl);
    endpoints.setSsoLoginURL(ssoLoginURL);
    entryPoint.setFilterProcessesUrl(ssoLoginURL);

    builder.setSharedObject(SAMLProcessingFilter.class, ssoFilter);
    builder.setSharedObject(SAMLWebSSOHoKProcessingFilter.class, ssoHoKFilter);
    builder.setSharedObject(SAMLDiscovery.class, discoveryFilter);
    builder.setSharedObject(SAMLEntryPoint.class, entryPoint);
}
 
Example 19
Source File: SAMLConfig.java    From spring-boot-security-saml-samples with MIT License 4 votes vote down vote up
@Bean
public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
    SavedRequestAwareAuthenticationSuccessHandler handler = new SavedRequestAwareAuthenticationSuccessHandler();
    handler.setDefaultTargetUrl("/home");
    return handler;
}
 
Example 20
Source File: WallRideSecurityConfiguration.java    From wallride with Apache License 2.0 4 votes vote down vote up
@Override
		protected void configure(HttpSecurity http) throws Exception {
			RedirectStrategy redirectStrategy = new BlogLanguageRedirectStrategy();

			SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
			successHandler.setRedirectStrategy(redirectStrategy);
			successHandler.setDefaultTargetUrl("/");

			SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler("/login?failed");
			failureHandler.setRedirectStrategy(redirectStrategy);

			SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
			logoutSuccessHandler.setRedirectStrategy(redirectStrategy);
			logoutSuccessHandler.setDefaultTargetUrl("/");

			// @formatter:off
			http.antMatcher("/**")
				.authorizeRequests()
					.accessDecisionManager(accessDecisionManager)
//		            .expressionHandler(securityExpressionHandler)
					.antMatchers("/settings/**").hasRole("VIEWER")
					.antMatchers("/comments/**").hasRole("VIEWER")
					.and()
				.formLogin()
					.loginPage("/login").permitAll()
					.loginProcessingUrl("/login")
					.successHandler(successHandler)
					.failureHandler(failureHandler)
					.and()
				.logout()
					.logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET"))
					.logoutSuccessHandler(logoutSuccessHandler)
					.and()
				.rememberMe()
					.tokenRepository(persistentTokenRepository)
					.and()
				.headers()
					.frameOptions().disable()
					.cacheControl().disable()
					.httpStrictTransportSecurity().disable()
					.and()
				.csrf()
					.disable()
				.exceptionHandling()
					.accessDeniedPage("/login");
			// @formatter:on
		}