Java Code Examples for org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilter()

The following examples show how to use org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilter() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: GlobalSecurityConfig.java    From airsonic-advanced with GNU General Public License v3.0 6 votes vote down vote up 
@Override
protected void configure(HttpSecurity http) throws Exception {

    http = http.addFilter(new WebAsyncManagerIntegrationFilter());
    http = http.addFilterBefore(jwtAuthFilter(), UsernamePasswordAuthenticationFilter.class);

    http
            .antMatcher("/ext/**")
            .csrf().requireCsrfProtectionMatcher(csrfSecurityRequestMatcher).and()
            .headers().frameOptions().sameOrigin().and()
            .authorizeRequests()
            .antMatchers(
                    "/ext/stream/**",
                    "/ext/coverArt*",
                    "/ext/share/**",
                    "/ext/hls/**")
            .hasAnyRole("TEMP", "USER").and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .exceptionHandling().and()
            .securityContext().and()
            .requestCache().and()
            .anonymous().and()
            .servletApi();
}
Example 2
Source File: SecurityConfig.java    From Spring with Apache License 2.0 6 votes vote down vote up 
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .regexMatchers("/chief/.*").hasRole("CHIEF")
            .regexMatchers("/agent/.*").access("hasRole('USER') and principal.name='James Bond'")
            .anyRequest().authenticated()
            .and().httpBasic()
            .and().requiresChannel().anyRequest().requiresSecure();

    http.exceptionHandling().accessDeniedPage("/accessDenied");

    http.formLogin().loginPage("/login").permitAll();

    http.logout().logoutUrl("/customlogout");

    http.addFilterBefore(securityContextPersistenceFilter(), SecurityContextPersistenceFilter.class);
    http.addFilterAt(exceptionTranslationFilter(), ExceptionTranslationFilter.class);
    http.addFilter(filterSecurityInterceptor()); // This ensures filter ordering by default
    http.addFilterAfter(new CustomFilter(), FilterSecurityInterceptor.class);
}
Example 3
Source File: GlobalSecurityConfig.java    From airsonic with GNU General Public License v3.0 6 votes vote down vote up 
@Override
protected void configure(HttpSecurity http) throws Exception {

    http = http.addFilter(new WebAsyncManagerIntegrationFilter());
    http = http.addFilterBefore(jwtAuthFilter(), UsernamePasswordAuthenticationFilter.class);

    http
            .antMatcher("/ext/**")
            .csrf().requireCsrfProtectionMatcher(csrfSecurityRequestMatcher).and()
            .headers().frameOptions().sameOrigin().and()
            .authorizeRequests()
            .antMatchers("/ext/stream/**", "/ext/coverArt*", "/ext/share/**", "/ext/hls/**")
            .hasAnyRole("TEMP", "USER").and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .exceptionHandling().and()
            .securityContext().and()
            .requestCache().and()
            .anonymous().and()
            .servletApi();
}
Example 4
Source File: WebSecurityConfiguration.java    From todolist with MIT License 5 votes vote down vote up 
protected void configure(HttpSecurity http) throws Exception {
	http.addFilter(preAuthenticationFilter());
	http.csrf().disable()
		.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
		.antMatcher("/api/**")
		.authorizeRequests()
		.antMatchers("/api/token").permitAll()
		.anyRequest().authenticated().and()
		.exceptionHandling()
		.authenticationEntryPoint(new ApiAuthenticationEntryPoint());
}
Example 5
Source File: ReverseProxyIdolSecurityCustomizer.java    From find with MIT License 5 votes vote down vote up 
@SuppressWarnings("ProhibitedExceptionDeclared")
@Override
public void customize(final HttpSecurity http, final AuthenticationManager authenticationManager) throws Exception {
    final J2eePreAuthenticatedProcessingFilter filter = new J2eePreAuthenticatedProcessingFilter() {
        @Override
        protected Object getPreAuthenticatedPrincipal(final HttpServletRequest httpRequest) {
            return StringUtils.isNotBlank(preAuthenticatedUsername) ? preAuthenticatedUsername
                : super.getPreAuthenticatedPrincipal(httpRequest);
        }
    };
    filter.setAuthenticationManager(authenticationManager);

    http.addFilter(filter);
}
Example 6
Source File: SkipperOAuthSecurityConfiguration.java    From spring-cloud-skipper with Apache License 2.0 4 votes vote down vote up 
@Override
protected void configure(HttpSecurity http) throws Exception {

	final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
	basicAuthenticationEntryPoint.setRealmName(SecurityConfigUtils.BASIC_AUTH_REALM_NAME);
	basicAuthenticationEntryPoint.afterPropertiesSet();

	if (opaqueTokenIntrospector != null) {
		BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(
				providerManager(), basicAuthenticationEntryPoint);
		http.addFilter(basicAuthenticationFilter);
	}

	this.authorizationProperties.getAuthenticatedPaths().add(dashboard("/**"));
	this.authorizationProperties.getAuthenticatedPaths().add(dashboard(""));

	ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security =
			http.authorizeRequests()
					.antMatchers(this.authorizationProperties.getPermitAllPaths().toArray(new String[0]))
					.permitAll()
	.antMatchers(this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0]))
	.authenticated();

	security = SecurityConfigUtils.configureSimpleSecurity(security, this.authorizationProperties);
	security.anyRequest().denyAll();

	http.httpBasic().and()
			.logout()
			.logoutSuccessUrl(dashboard("/logout-success-oauth.html"))
			.and().csrf().disable()
			.exceptionHandling()
			.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/api/**"))
			.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/actuator/**"));

	if (opaqueTokenIntrospector != null) {
		http.oauth2ResourceServer()
			.opaqueToken()
				.introspector(opaqueTokenIntrospector());
	} else if (oAuth2ResourceServerProperties.getJwt().getJwkSetUri() != null) {
		http.oauth2ResourceServer()
			.jwt()
				.jwtAuthenticationConverter(grantedAuthoritiesExtractor());
	}

	this.securityStateBean.setAuthenticationEnabled(true);
}