org.springframework.security.web.savedrequest.NullRequestCache Java Examples
The following examples show how to use
org.springframework.security.web.savedrequest.NullRequestCache.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: WebSecurityConfiguration.java From personal_book_library_web_project with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.anyRequest()
.authenticated()
.antMatchers("/rest/**").permitAll()
//.antMatchers("/rest/**").hasAuthority("AUTHENTICATED")
.antMatchers("/main.html").permitAll()
.antMatchers("/validate/**").permitAll()
.antMatchers("/sms_auth.html").permitAll()
.antMatchers("/totp_auth.html").permitAll()
.and()
.requestCache()
.requestCache(new NullRequestCache())
.and()
.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/login")
.failureForwardUrl("/login.html")
.usernameParameter("username")
.passwordParameter("password")
.successHandler(signinSuccessHandler)
.failureHandler(signinFailureHandler)
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login.html")
.logoutSuccessHandler(logoutSuccessHandler)
.invalidateHttpSession(true)
.clearAuthentication(true);
}
Example #2
| Source File: WebSecurityConfig.java From hauth-java with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
// 关闭csrf验证
http.csrf().disable()
// 对请求进行认证
.authorizeRequests()
// 所有 / 的所有请求 都放行
.antMatchers("/").permitAll()
.antMatchers("/bootstrap-3.3.7-dist/**", "/bootstrap-switch-master/**").permitAll()
.antMatchers("/bootstrap-table/**", "/Font-Awesome-3.2.1/**", "/favicon.ico").permitAll()
.antMatchers("/images/**", "/css/**", "/js/**", "/laydate/**", "/nprogress/**").permitAll()
.antMatchers("/swagger/**", "/theme/**", "/webuploader/**", "/jquery-i18n-properties/**").permitAll()
// 所有 /login 的POST请求 都放行
.antMatchers(HttpMethod.POST, "/login").permitAll()
// 所有请求需要身份认证
.anyRequest().authenticated()
.and()
// 对login进行过滤
.addFilterBefore(new JWTLoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// 对其他的api进行过滤
.addFilterBefore(new JWTAuthenticationFilter(),
UsernamePasswordAuthenticationFilter.class);
http.requestCache().requestCache(new NullRequestCache());
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
Example #3
| Source File: WebSecurityConfig.java From batch-scheduler with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
// 关闭csrf验证
http.csrf().disable()
//.headers().frameOptions().disable()
//.and()
// 对请求进行认证
.authorizeRequests()
// 所有 / 的所有请求 都放行
.antMatchers("/").permitAll()
.antMatchers("/v1/batch/identify", "/actuator/health").permitAll()
.antMatchers("/bootstrap-3.3.7-dist/**", "/bootstrap-switch-master/**").permitAll()
.antMatchers("/bootstrap-table/**", "/Font-Awesome-3.2.1/**", "/favicon.ico").permitAll()
.antMatchers("/images/**", "/css/**", "/js/**", "/laydate/**", "/nprogress/**").permitAll()
.antMatchers("/swagger/**", "/theme/**", "/webuploader/**", "/jquery-i18n-properties/**").permitAll()
// 所有 /login 的POST请求 都放行
.antMatchers(HttpMethod.POST, "/login").permitAll()
// 所有请求需要身份认证
.anyRequest().authenticated()
.and()
// 对login进行过滤
.addFilterBefore(new JWTLoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// 对其他的api进行过滤
.addFilterBefore(new JWTAuthenticationFilter(),
UsernamePasswordAuthenticationFilter.class);
http.requestCache().requestCache(new NullRequestCache());
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
Example #4
| Source File: SecurityConfig.java From spring-session with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests((authorize) -> authorize
.anyRequest().authenticated()
)
.requestCache((requestCache) -> requestCache
.requestCache(new NullRequestCache())
)
.httpBasic(Customizer.withDefaults());
}
Example #5
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/", "/favicon*").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signin/**").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.requestCache().requestCache(new NullRequestCache());
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example #6
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/", "/favicon*").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signin/**").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.requestCache().requestCache(new NullRequestCache());
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example #7
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/", "/favicon*").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signin/**").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.requestCache().requestCache(new NullRequestCache());
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
// Login
http.formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll();
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout").deleteCookies("JSESSIONID").invalidateHttpSession(true)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example #8
| Source File: SecurityConfiguration.java From mobilecloud-15 with Apache License 2.0 | 4 votes |
|
/**
* This method is used to inject access control policies into Spring
* security to control what resources / paths / http methods clients have
* access to.
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// By default, Spring inserts a token into web pages to prevent
// cross-site request forgery attacks.
// See: http://en.wikipedia.org/wiki/Cross-site_request_forgery
//
// Unfortunately, there is no easy way with the default setup to communicate
// these CSRF tokens to a mobile client so we disable them.
// Don't worry, the next iteration of the example will fix this
// problem.
http.csrf().disable();
// We don't want to cache requests during login
http.requestCache().requestCache(new NullRequestCache());
// Allow all clients to access the login page and use
// it to login
http.formLogin()
// The default login url on Spring is "j_security_check" ...
// which isn't very friendly. We change the login url to
// something more reasonable ("/login").
.loginProcessingUrl(VideoSvcApi.LOGIN_PATH)
// The default login system is designed to redirect you to
// another URL after you successfully authenticate. For mobile
// clients, we don't want to be redirected, we just want to tell
// them that they successfully authenticated and return a session
// cookie to them. this extra configuration option ensures that the
// client isn't redirected anywhere with an HTTP 302 response code.
.successHandler(NO_REDIRECT_SUCCESS_HANDLER)
// Allow everyone to access the login URL
.permitAll();
// Make sure that clients can logout too!!
http.logout()
// Change the default logout path to /logout
.logoutUrl(VideoSvcApi.LOGOUT_PATH)
// Make sure that a redirect is not sent to the client
// on logout
.logoutSuccessHandler(JSON_LOGOUT_SUCCESS_HANDLER)
// Allow everyone to access the logout URL
.permitAll();
// Require clients to login and have an account with the "user" role
// in order to access /video
// http.authorizeRequests().antMatchers("/video").hasRole("user");
// Require clients to login and have an account with the "user" role
// in order to send a POST request to /video
// http.authorizeRequests().antMatchers(HttpMethod.POST, "/video").hasRole("user");
// We force clients to authenticate before accessing ANY URLs
// other than the login and lougout that we have configured above.
http.authorizeRequests().anyRequest().authenticated();
}
