org.springframework.security.web.authentication.HttpStatusEntryPoint Java Examples

The following examples show how to use org.springframework.security.web.authentication.HttpStatusEntryPoint. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SpringSecurityConfiguration.java    From crnk-example with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	// consider moving to stateless and handle token on Angular side
	if (properties.isSecurityEnabled()) {
		// @formatter:off
		http
			.antMatcher("/**").authorizeRequests()
				.antMatchers("/", "/favicon.ico",
						"/assets/**",
						"/login**", "/styles**", "/inline**", "/polyfills**",
						"/scripts***", "/main**" ).permitAll()
				.anyRequest().authenticated()

			.and().logout().logoutSuccessUrl("/").permitAll()
			.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
			.and().exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
			// .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
			.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
		// @formatter:on
	}
	else {
		http.authorizeRequests().antMatchers("/**").permitAll();
		http.csrf().disable();
	}
}
 
Example #2
Source File: MavenExtension.java    From spring-cloud-deployer with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

	// We add basic auth for /preemptive so server returns 403 as
	// exception handling is changed to force 403.
	// normal maven behaviour is that it needs 401 to continue with a challenge.
	// This is where preemptive auth takes place as client should send auth
	// with every request.

	http
		.antMatcher("/preemptive/**")
		.authorizeRequests(authorizeRequests ->
                  authorizeRequests.anyRequest().hasRole("USER")
		)
		.httpBasic()
			.and()
		.exceptionHandling()
			.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.FORBIDDEN));
}
 
Example #3
Source File: BaseApiSecurityConfig.java    From spring-boot-doma2-sample with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {

    http.antMatcher(API_BASE_URL)
            // すべてのリクエストに認証をかける
            .authorizeRequests().anyRequest().authenticated()
            // Basic認証をかける
            .and().httpBasic().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
            // CSRFチェックをしない
            .and().csrf().disable();
}
 
Example #4
Source File: SecurityConfig.java    From eds-starter6-jpa with Apache License 2.0 5 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	// @formatter:off
	http
	  //.headers()
	    //.frameOptions().sameOrigin()
	  //  .and()
	  .authorizeRequests()
	    .antMatchers("/index.html", "/csrf", "/", "/router").permitAll()
	    .antMatchers("/info", "/health").permitAll()
	    .anyRequest().authenticated()
	    .and()
	  .rememberMe()
           .rememberMeServices(this.rememberMeServices)
           .key(this.appProperties.getRemembermeCookieKey())
	    .and()
	  .formLogin()
           .successHandler(this.authenticationSuccessHandler)
           .failureHandler(new JsonAuthFailureHandler())
	    .permitAll()
	    .and()
	  .logout()
           .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
           .deleteCookies("JSESSIONID")
	    .permitAll()
	    .and()
	  .exceptionHandling()
           .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
	// @formatter:on
}
 
Example #5
Source File: SecurityConfig.java    From securing-rest-api-spring-security with Apache License 2.0 4 votes vote down vote up
@Bean
AuthenticationEntryPoint forbiddenEntryPoint() {
  return new HttpStatusEntryPoint(FORBIDDEN);
}
 
Example #6
Source File: CustomOAuth2SsoWithAuthenticationEntryPointConfigurationTests.java    From spring-security-oauth2-boot with Apache License 2.0 4 votes vote down vote up
@Override
public void configure(HttpSecurity http) throws Exception {
	http.antMatcher("/ui/**").authorizeRequests().antMatchers("/ui/test").permitAll().anyRequest()
			.authenticated().and().exceptionHandling()
			.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
}
 
Example #7
Source File: WebSecurityConfigJWT.java    From quartz-manager with Apache License 2.0 4 votes vote down vote up
@Bean
public AuthenticationEntryPoint restAuthEntryPoint() {
  return new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED);
}