org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest Java Examples
The following examples show how to use
org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
.antMatchers("/login/**","/oauth/**").permitAll()
// 监控端点内部放行
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.and()
.logout().permitAll()
// /logout退出清除cookie
.addLogoutHandler(new CookieClearingLogoutHandler("token", "remember-me"))
.logoutSuccessHandler(new LogoutSuccessHandler())
.and()
// 认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable()
// 禁用httpBasic
.httpBasic().disable();
}
Example #2
| Source File: WebSecurityConfig.java From pivotal-bank-demo with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/registration","/hystrix.stream").permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.permitAll()
.and()
.logout()
.logoutSuccessHandler(logoutSuccessHandler)
.permitAll();
}
Example #3
| Source File: SecurityConfiguration.java From flowable-engine with Apache License 2.0 | 6 votes |
|
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable();
http
.requestMatcher(new ActuatorRequestMatcher())
.authorizeRequests()
.requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
.and().httpBasic();
}
Example #4
| Source File: SecurityConfiguration.java From flowable-engine with Apache License 2.0 | 6 votes |
|
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable();
http
.requestMatcher(new ActuatorRequestMatcher())
.authorizeRequests()
.requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
.and().httpBasic();
}
Example #5
| Source File: SecurityConfiguration.java From flowable-engine with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable();
http
.requestMatcher(new ActuatorRequestMatcher())
.authorizeRequests()
.requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
.and().httpBasic();
}
Example #6
| Source File: SecurityConfiguration.java From flowable-engine with Apache License 2.0 | 6 votes |
|
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf()
.disable();
http
.requestMatcher(new ActuatorRequestMatcher())
.authorizeRequests()
.requestMatchers(EndpointRequest.to(InfoEndpoint.class, HealthEndpoint.class)).authenticated()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasAnyAuthority(DefaultPrivileges.ACCESS_ADMIN)
.and().httpBasic();
}
Example #7
| Source File: SecurityConfiguration.java From skeleton-ws-spring-boot with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(final HttpSecurity http) throws Exception {
// @formatter:off
http
.csrf().disable()
.requestMatcher(EndpointRequest.toAnyEndpoint())
.authorizeRequests()
// Permit access to health check
.requestMatchers(EndpointRequest.to("health")).permitAll()
// Require authorization for everthing else
.anyRequest().hasRole("SYSADMIN")
.and()
.httpBasic().authenticationEntryPoint(actuatorAuthenticationEntryPoint())
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// @formatter:on
}
Example #8
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
.antMatchers(
"/email/**",
"/sms/**",
"/webhook/**"
).permitAll()
// 指定监控访问权限
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.anyRequest().authenticated()
.and()
//认证鉴权错误处理
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable();
}
Example #9
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
// 指定监控访问权限
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.anyRequest().authenticated()
.and()
//认证鉴权错误处理
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable();
}
Example #10
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
// 指定监控可访问权限
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.anyRequest().authenticated()
.and()
//认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable();
}
Example #11
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
.antMatchers("/login/**","/oauth/**").permitAll()
// 监控端点内部放行
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.and()
.logout().permitAll()
// /logout退出清除cookie
.addLogoutHandler(new CookieClearingLogoutHandler("token", "remember-me"))
.logoutSuccessHandler(new LogoutSuccessHandler())
.and()
// 认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable()
// 禁用httpBasic
.httpBasic().disable();
}
Example #12
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
// 监控端点内部放行
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
// fegin访问或无需身份认证
.antMatchers(
"/generate/**"
).permitAll()
.anyRequest().authenticated()
.and()
//认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable();
}
Example #13
| Source File: SecurityConfig.java From POC with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().requestMatchers(EndpointRequest.to("health", "info")).permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll().antMatchers(HttpMethod.GET, "/ping").permitAll()
.antMatchers(HttpMethod.DELETE, "/**").hasRole("ADMIN").antMatchers("/**").hasRole("USER").and()
.httpBasic();
// H2 database console runs inside a frame, So we need to disable X-Frame-Options
// in Spring Security.
http.headers().frameOptions().disable();
}
Example #14
| Source File: SecurityConfig.java From streaming-file-server with MIT License | 5 votes |
|
@Override protected void configure(final HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
/*
.requestMatchers()
.antMatchers("/actuator/health")
.permitAll()
*/
.requestMatchers(EndpointRequest.to("status", "info", "health"))
.permitAll()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations())
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.disable()
.headers()
.frameOptions()
.sameOrigin()
.and()
.csrf()
.disable()
.httpBasic()
.and()
.logout()
.logoutUrl("/disconnect")
.clearAuthentication(true)
.invalidateHttpSession(true)
.permitAll()
;
// @formatter:on
}
Example #15
| Source File: ActuatorSecurityConfig.java From gaia with Mozilla Public License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatcher(EndpointRequest.to("health", "info"))
.authorizeRequests()
.anyRequest()
.permitAll();
}
Example #16
| Source File: SecurityConfiguration.java From fortune-teller with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.csrf().disable()
.authorizeRequests()
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.antMatchers("/**").permitAll()
.and()
.httpBasic();
// @formatter:on
}
Example #17
| Source File: SecurityConfiguration.java From fortune-teller with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.csrf().disable()
.authorizeRequests()
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.antMatchers("/**").permitAll()
.and()
.httpBasic();
// @formatter:on
}
Example #18
| Source File: EmbeddedConfig.java From mirrorgate with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.cors()
.and()
.csrf()
.disable()
.authorizeRequests()
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll(); // Disabling actuation security
}
Example #19
| Source File: ActuatorSecurityConfiguration.java From spring-security-oauth2-boot with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests().anyRequest().authenticated().and()
.httpBasic();
// @formatter:on
}
Example #20
| Source File: DemoSecurity.java From ssh-shell-spring-boot with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.requestMatchers(EndpointRequest.to("info")).permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("ACTUATOR");
}
Example #21
| Source File: ActuatorEndpointsConfiguration.java From kork with Apache License 2.0 | 5 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
// The health endpoint should always be exposed without auth.
http.requestMatcher(EndpointRequest.to(HealthEndpoint.class))
.authorizeRequests()
.anyRequest()
.permitAll();
}
Example #22
| Source File: SpringSecurityConfig.java From pacbot with Apache License 2.0 | 5 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.anonymous().and().antMatcher("/user").authorizeRequests()
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll().
antMatchers(AUTH_WHITELIST).permitAll().
anyRequest().authenticated()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
Example #23
| Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 5 votes |
|
@Override
public void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
.and()
.authorizeRequests()
// 监控端点内部放行
.requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
// fegin访问或无需身份认证
.antMatchers(
"/authority/access",
"/authority/app",
"/app/*/info",
"/app/client/*/info",
"/gateway/api/**",
"/user/add/thirdParty",
"/user/info",
"/user/login",
"/developer/add/thirdParty",
"/developer/info",
"/developer/login"
).permitAll()
.anyRequest().authenticated()
.and()
//认证鉴权错误处理,为了统一异常处理。每个资源服务器都应该加上。
.exceptionHandling()
.accessDeniedHandler(new OpenAccessDeniedHandler())
.authenticationEntryPoint(new OpenAuthenticationEntryPoint())
.and()
.csrf().disable();
}
Example #24
| Source File: ActuatorSecurityConfig.java From spring-in-action-5-samples with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
// @formatter:on
}
Example #25
| Source File: ActuatorSecurityConfig.java From spring-in-action-5-samples with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
// @formatter:on
}
Example #26
| Source File: ActuatorSecurityConfig.java From spring-in-action-5-samples with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
// @formatter:on
}
Example #27
| Source File: ActuatorSecurityConfig.java From spring-in-action-5-samples with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.requestMatcher(EndpointRequest.toAnyEndpoint().excluding("health", "info"))
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
// @formatter:on
}
Example #28
| Source File: AuthorizationApplication.java From Spring with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatcher(EndpointRequest.toAnyEndpoint())
.authorizeRequests()
.requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
}
Example #29
| Source File: SpringSecurityHttpEndpointsBootstrap.java From thinking-in-spring-boot-samples with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatcher(EndpointRequest.toAnyEndpoint())
.authorizeRequests().anyRequest().hasRole("ENDPOINT_ADMIN")
.and()
.httpBasic();
}
Example #30
| Source File: SecurityConfig.java From Spring-Boot-2.0-Projects with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and()
.authorizeRequests()
.requestMatchers(EndpointRequest.to("info", "health")).permitAll()
.requestMatchers(EndpointRequest.toAnyEndpoint()).hasRole("SYSTEM")
.antMatchers("/**").hasRole("USER");
}
