Java Code Examples for org.springframework.security.config.annotation.web.builders.httpsecurity#httpBasic()

The following examples show how to use org.springframework.security.config.annotation.web.builders.httpsecurity#httpBasic() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SecurityConf.java    From earth-frost with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

  // Page with login form is served as /login.html and does a POST on /login
  http.formLogin().loginPage("/login.html").loginProcessingUrl("/login").permitAll();
  // The UI does a POST on /logout on logout
  http.logout().logoutUrl("/logout").logoutSuccessUrl("/login.html");
  // The ui currently doesn't support csrf
  http.csrf().disable();

  http.headers().frameOptions().disable();
  // Requests for the login page and the static assets are allowed
  http.authorizeRequests().antMatchers("/**/ui/**", "/**/css/**", "/**/js/**", "/**/images/**")
      .permitAll();
  // ... and any other request needs to be authorized
  http.authorizeRequests().antMatchers("/**").authenticated();

  // Enable so that the clients can authenticate via HTTP basic for registering
  http.httpBasic();
}
 
Example 2
Source File: SecurityConfig.java    From promregator with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity security) throws Exception {
	if (!this.isInboundAuthSecurityEnabled()) {
		security.httpBasic().disable();
		return;
	}

	HttpSecurity sec = security;
	sec = this.determineHttpSecurityForEndpoint(sec, EndpointConstants.ENDPOINT_PATH_DISCOVERY, this.discoveryAuth);
	sec = this.determineHttpSecurityForEndpoint(sec, EndpointConstants.ENDPOINT_PATH_SINGLE_ENDPOINT_SCRAPING, this.endpointAuth);
	sec = this.determineHttpSecurityForEndpoint(sec, EndpointConstants.ENDPOINT_PATH_SINGLE_TARGET_SCRAPING+"/**", this.endpointAuth);
	sec = this.determineHttpSecurityForEndpoint(sec, EndpointConstants.ENDPOINT_PATH_PROMREGATOR_METRICS, this.promregatorMetricsAuth);
	sec = this.determineHttpSecurityForEndpoint(sec, EndpointConstants.ENDPOINT_PATH_CACHE_INVALIDATION, this.cacheInvalidateAuth);

	
	// see also https://github.com/spring-projects/spring-security/issues/4242
	security.requestCache().requestCache(this.newHttpSessionRequestCache());
	
	// see also
	// https://www.boraji.com/spring-security-4-http-basic-authentication-example
	sec.httpBasic();
}
 
Example 3
Source File: SecurityConfiguration.java    From hentai-cloudy-rental with Do What The F*ck You Want To Public License 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .antMatchers("/hystrix*").permitAll()
        .anyRequest()
        .fullyAuthenticated();
    http.httpBasic();
    http.csrf().disable();
}
 
Example 4
Source File: SecurityConfig.java    From full-teaching with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

	configureUrlAuthorization(http);

	// Disable CSRF protection (it is difficult to implement with ng2)
	http.csrf().disable();

	// Use Http Basic Authentication
	http.httpBasic();

	// Do not redirect when logout
	http.logout().logoutSuccessHandler((rq, rs, a) -> {
	});
}
 
Example 5
Source File: ServletContainerConfiguration.java    From haven-platform with Apache License 2.0 5 votes vote down vote up
@Override
        protected void configure(HttpSecurity http) throws Exception {
            final String uiPrefix = "/ui/";
            final String loginUrl = uiPrefix + "login.html";

            TokenAuthFilterConfigurer<HttpSecurity> tokenFilterConfigurer =
                    new TokenAuthFilterConfigurer<>(new RequestTokenHeaderRequestMatcher(),
                            new TokenAuthProvider(tokenValidator, userDetailsService, authProcessor));
            http.csrf().disable()
                    .authenticationProvider(provider).userDetailsService(userDetailsService)
                    .anonymous().principal(SecurityUtils.USER_ANONYMOUS).and()
                    .authorizeRequests().antMatchers(uiPrefix + "/token/login").permitAll()
                    .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()//allow CORS option calls
                    .antMatchers(uiPrefix + "**").authenticated()
                    .and().headers().cacheControl().disable()
                    .and().formLogin().loginPage(loginUrl).permitAll().defaultSuccessUrl(uiPrefix)
                    .and().logout().logoutUrl(uiPrefix + "logout").logoutSuccessUrl(loginUrl)
                    .and().apply(tokenFilterConfigurer);
//                enable after testing
//                        .and().sessionManagement()
//                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

            // X-Frame-Options
            http.headers()
              .frameOptions().sameOrigin();

            http.addFilterAfter(new AccessContextFilter(aclContextFactory), SwitchUserFilter.class);

            //we use basic in testing and scripts
            if (basicAuthEnable) {
                http.httpBasic();
            }

        }
 
Example 6
Source File: TestSecurityConfig.java    From aws-serverless-java-container with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http.httpBasic();
    http
            .authorizeRequests()
            .antMatchers("/user").hasRole("ADMIN")
            .and().exceptionHandling().accessDeniedPage("/access-denied");
}
 
Example 7
Source File: TestWebSecurityConfig.java    From apollo with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
  http.httpBasic();
  http.csrf().disable();
  http.authorizeRequests().antMatchers("/").permitAll().and()
      .authorizeRequests().antMatchers("/console/**").permitAll();

  http.headers().frameOptions().disable();
}
 
Example 8
Source File: TestWebSecurityConfig.java    From apollo with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
  http.httpBasic();
  http.csrf().disable();
  http.authorizeRequests().antMatchers("/").permitAll().and()
      .authorizeRequests().antMatchers("/console/**").permitAll();

  http.headers().frameOptions().disable();
}
 
Example 9
Source File: SecurityConfiguration.java    From joinfaces with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.httpBasic();
}
 
Example 10
Source File: SecurityConfiguration.java    From joinfaces with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.httpBasic();
}
 
Example 11
Source File: SecurityConfiguration.java    From joinfaces with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.httpBasic();
}
 
Example 12
Source File: SecurityConfiguration.java    From joinfaces with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.httpBasic();
}
 
Example 13
Source File: SecurityConfiguration.java    From joinfaces with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.httpBasic();
}
 
Example 14
Source File: SecurityConfiguration.java    From joinfaces with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.httpBasic();
}
 
Example 15
Source File: SecurityConfiguration.java    From joinfaces with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.httpBasic();
}
 
Example 16
Source File: WebSecurityConfig.java    From apollo with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
  http.httpBasic();
  http.csrf().disable();
  http.headers().frameOptions().sameOrigin();
}
 
Example 17
Source File: CustomSecurityConfiguration.java    From Spring with Apache License 2.0 4 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.httpBasic();
	http.authorizeRequests().anyRequest().authenticated();
}