org.springframework.security.web.savedrequest.NullRequestCache Java Examples

The following examples show how to use org.springframework.security.web.savedrequest.NullRequestCache. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: WebSecurityConfiguration.java    From personal_book_library_web_project with MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	
	http.csrf().disable()
	.authorizeRequests()
		.anyRequest()
			.authenticated()
			.antMatchers("/rest/**").permitAll()
			//.antMatchers("/rest/**").hasAuthority("AUTHENTICATED")
			.antMatchers("/main.html").permitAll()
			.antMatchers("/validate/**").permitAll()
			.antMatchers("/sms_auth.html").permitAll()
			.antMatchers("/totp_auth.html").permitAll()
			.and()
	        .requestCache()
	        .requestCache(new NullRequestCache())
	    .and()
		    .formLogin()
		    	.loginPage("/login.html")
		    	.loginProcessingUrl("/login")
		    	.failureForwardUrl("/login.html")
		    	.usernameParameter("username")
		    	.passwordParameter("password")
		        .successHandler(signinSuccessHandler)
		        .failureHandler(signinFailureHandler)
	    .and()
		    .logout()
		    	.logoutUrl("/logout")
		    	.logoutSuccessUrl("/login.html")
		    	.logoutSuccessHandler(logoutSuccessHandler)
		    	.invalidateHttpSession(true)
		    	.clearAuthentication(true);
	
}
 
Example #2
Source File: WebSecurityConfig.java    From hauth-java with MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    // 关闭csrf验证
    http.csrf().disable()
            // 对请求进行认证
            .authorizeRequests()
            // 所有 / 的所有请求 都放行
            .antMatchers("/").permitAll()
            .antMatchers("/bootstrap-3.3.7-dist/**", "/bootstrap-switch-master/**").permitAll()
            .antMatchers("/bootstrap-table/**", "/Font-Awesome-3.2.1/**", "/favicon.ico").permitAll()
            .antMatchers("/images/**", "/css/**", "/js/**", "/laydate/**", "/nprogress/**").permitAll()
            .antMatchers("/swagger/**", "/theme/**", "/webuploader/**", "/jquery-i18n-properties/**").permitAll()
            // 所有 /login 的POST请求 都放行
            .antMatchers(HttpMethod.POST, "/login").permitAll()
            // 所有请求需要身份认证
            .anyRequest().authenticated()
            .and()
            // 对login进行过滤
            .addFilterBefore(new JWTLoginFilter("/login", authenticationManager()),
                    UsernamePasswordAuthenticationFilter.class)
            // 对其他的api进行过滤
            .addFilterBefore(new JWTAuthenticationFilter(),
                    UsernamePasswordAuthenticationFilter.class);

    http.requestCache().requestCache(new NullRequestCache());
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

}
 
Example #3
Source File: WebSecurityConfig.java    From batch-scheduler with MIT License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    // 关闭csrf验证
    http.csrf().disable()
            //.headers().frameOptions().disable()
            //.and()
            // 对请求进行认证
            .authorizeRequests()
            // 所有 / 的所有请求 都放行
            .antMatchers("/").permitAll()
            .antMatchers("/v1/batch/identify", "/actuator/health").permitAll()
            .antMatchers("/bootstrap-3.3.7-dist/**", "/bootstrap-switch-master/**").permitAll()
            .antMatchers("/bootstrap-table/**", "/Font-Awesome-3.2.1/**", "/favicon.ico").permitAll()
            .antMatchers("/images/**", "/css/**", "/js/**", "/laydate/**", "/nprogress/**").permitAll()
            .antMatchers("/swagger/**", "/theme/**", "/webuploader/**", "/jquery-i18n-properties/**").permitAll()
            // 所有 /login 的POST请求 都放行
            .antMatchers(HttpMethod.POST, "/login").permitAll()
            // 所有请求需要身份认证
            .anyRequest().authenticated()
            .and()
            // 对login进行过滤
            .addFilterBefore(new JWTLoginFilter("/login", authenticationManager()),
                    UsernamePasswordAuthenticationFilter.class)
            // 对其他的api进行过滤
            .addFilterBefore(new JWTAuthenticationFilter(),
                    UsernamePasswordAuthenticationFilter.class);

    http.requestCache().requestCache(new NullRequestCache());
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

}
 
Example #4
Source File: SecurityConfig.java    From spring-session with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http
		.authorizeRequests((authorize) -> authorize
			.anyRequest().authenticated()
		)
		.requestCache((requestCache) -> requestCache
			.requestCache(new NullRequestCache())
		)
		.httpBasic(Customizer.withDefaults());
}
 
Example #5
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/", "/favicon*").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signin/**").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.requestCache().requestCache(new NullRequestCache());

    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);

    // Login
    http.formLogin()
            .loginPage("/login/form")
            .loginProcessingUrl("/login")
            .failureUrl("/login/form?error")
            .usernameParameter("username")
            .passwordParameter("password")
            .defaultSuccessUrl("/default", true)
            .permitAll();

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();

    // Exception Handling
    http.exceptionHandling()
            .accessDeniedPage("/errors/403")
    ;

    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example #6
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/", "/favicon*").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signin/**").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.requestCache().requestCache(new NullRequestCache());

    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);

    // Login
    http.formLogin()
            .loginPage("/login/form")
            .loginProcessingUrl("/login")
            .failureUrl("/login/form?error")
            .usernameParameter("username")
            .passwordParameter("password")
            .defaultSuccessUrl("/default", true)
            .permitAll();

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();

    // Exception Handling
    http.exceptionHandling()
            .accessDeniedPage("/errors/403")
    ;

    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example #7
Source File: SecurityConfig.java    From Spring-Security-Third-Edition with MIT License 4 votes vote down vote up
/**
 * HTTP Security configuration
 *
 * <pre><http auto-config="true"></pre> is equivalent to:
 * <pre>
 *  <http>
 *      <form-login />
 *      <http-basic />
 *      <logout />
 *  </http>
 * </pre>
 *
 * Which is equivalent to the following JavaConfig:
 *
 * <pre>
 *     http.formLogin()
 *          .and().httpBasic()
 *          .and().logout();
 * </pre>
 *
 * @param http HttpSecurity configuration.
 * @throws Exception Authentication configuration exception
 *
 * @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
 *     Spring Security 3 to 4 migration</a>
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
    // Matching
    http.authorizeRequests()
            // FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
            .antMatchers("/admin/h2/**").permitAll()

            .antMatchers("/", "/favicon*").permitAll()
            .antMatchers("/login/*").permitAll()
            .antMatchers("/logout").permitAll()
            .antMatchers("/signin/**").permitAll()
            .antMatchers("/signup/*").permitAll()
            .antMatchers("/errors/**").permitAll()
            .antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
            .antMatchers("/events/").hasRole("ADMIN")
            .antMatchers("/**").hasRole("USER");

    http.requestCache().requestCache(new NullRequestCache());

    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);

    // Login
    http.formLogin()
            .loginPage("/login/form")
            .loginProcessingUrl("/login")
            .failureUrl("/login/form?error")
            .usernameParameter("username")
            .passwordParameter("password")
            .defaultSuccessUrl("/default", true)
            .permitAll();

    // Logout
    http.logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
            .permitAll();

    // Anonymous
    http.anonymous();

    // CSRF is enabled by default, with Java Config
    http.csrf().disable();

    // Exception Handling
    http.exceptionHandling()
            .accessDeniedPage("/errors/403")
    ;

    // Enable <frameset> in order to use H2 web console
    http.headers().frameOptions().disable();
}
 
Example #8
Source File: SecurityConfiguration.java    From mobilecloud-15 with Apache License 2.0 4 votes vote down vote up
/**
 * This method is used to inject access control policies into Spring
 * security to control what resources / paths / http methods clients have
 * access to.
 */
@Override
protected void configure(final HttpSecurity http) throws Exception {
	// By default, Spring inserts a token into web pages to prevent
	// cross-site request forgery attacks. 
	// See: http://en.wikipedia.org/wiki/Cross-site_request_forgery
	//
	// Unfortunately, there is no easy way with the default setup to communicate 
	// these CSRF tokens to a mobile client so we disable them.
	// Don't worry, the next iteration of the example will fix this
	// problem.
	http.csrf().disable();
	// We don't want to cache requests during login
	http.requestCache().requestCache(new NullRequestCache());
	
	// Allow all clients to access the login page and use
	// it to login
	http.formLogin()
		// The default login url on Spring is "j_security_check" ...
	    // which isn't very friendly. We change the login url to
	    // something more reasonable ("/login").
		.loginProcessingUrl(VideoSvcApi.LOGIN_PATH)
		// The default login system is designed to redirect you to
		// another URL after you successfully authenticate. For mobile
		// clients, we don't want to be redirected, we just want to tell
		// them that they successfully authenticated and return a session
		// cookie to them. this extra configuration option ensures that the 
		// client isn't redirected anywhere with an HTTP 302 response code.
		.successHandler(NO_REDIRECT_SUCCESS_HANDLER)
		// Allow everyone to access the login URL
		.permitAll();
	
	// Make sure that clients can logout too!!
	http.logout()
	    // Change the default logout path to /logout
		.logoutUrl(VideoSvcApi.LOGOUT_PATH)
		// Make sure that a redirect is not sent to the client
		// on logout
		.logoutSuccessHandler(JSON_LOGOUT_SUCCESS_HANDLER)
		// Allow everyone to access the logout URL
		.permitAll();
	
	// Require clients to login and have an account with the "user" role
	// in order to access /video
	// http.authorizeRequests().antMatchers("/video").hasRole("user");
	
	// Require clients to login and have an account with the "user" role
	// in order to send a POST request to /video
	// http.authorizeRequests().antMatchers(HttpMethod.POST, "/video").hasRole("user");
	
	// We force clients to authenticate before accessing ANY URLs 
	// other than the login and lougout that we have configured above.
	http.authorizeRequests().anyRequest().authenticated();
}