org.springframework.security.web.authentication.AnonymousAuthenticationFilter Java Examples
The following examples show how to use
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: NiFiWebApiSecurityConfiguration.java From localization_nifi with Apache License 2.0 | 7 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.rememberMe().disable()
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// x509
http.addFilterBefore(x509FilterBean(), AnonymousAuthenticationFilter.class);
// jwt
http.addFilterBefore(jwtFilterBean(), AnonymousAuthenticationFilter.class);
// otp
http.addFilterBefore(otpFilterBean(), AnonymousAuthenticationFilter.class);
// anonymous
http.anonymous().authenticationFilter(anonymousFilterBean());
}
Example #2
| Source File: SecurityConfig.java From securing-rest-api-spring-security with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(STATELESS)
.and()
.exceptionHandling()
// this entry point handles when you request a protected page and you are not yet
// authenticated
.defaultAuthenticationEntryPointFor(forbiddenEntryPoint(), PROTECTED_URLS)
.and()
.authenticationProvider(provider)
.addFilterBefore(restAuthenticationFilter(), AnonymousAuthenticationFilter.class)
.authorizeRequests()
.requestMatchers(PROTECTED_URLS)
.authenticated()
.and()
.csrf().disable()
.formLogin().disable()
.httpBasic().disable()
.logout().disable();
}
Example #3
| Source File: SecurityConfiguration.java From syndesis with Apache License 2.0 | 6 votes |
|
@Override
@SuppressWarnings("PMD.SignatureDeclareThrowsException")
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilter(requestHeaderAuthenticationFilter())
.addFilter(new AnonymousAuthenticationFilter("anonymous"))
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers(COMMON_NON_SECURED_PATHS).permitAll()
.antMatchers(HttpMethod.GET, "/api/v1/credentials/callback").permitAll()
.antMatchers("/api/v1/**").hasRole("AUTHENTICATED")
.anyRequest().permitAll();
http.csrf()
.ignoringAntMatchers(COMMON_NON_SECURED_PATHS)
.ignoringAntMatchers("/api/v1/credentials/callback")
.ignoringAntMatchers("/api/v1/atlas/**")
.csrfTokenRepository(new SyndesisCsrfRepository());
}
Example #4
| Source File: NiFiRegistrySecurityConfig.java From nifi-registry with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.rememberMe().disable()
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(http401AuthenticationEntryPoint())
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// Apply security headers for registry API. Security headers for docs and UI are applied with Jetty filters in registry-core.
http.headers().xssProtection();
http.headers().contentSecurityPolicy("frame-ancestors 'self'");
http.headers().httpStrictTransportSecurity().maxAgeInSeconds(31540000);
http.headers().frameOptions().sameOrigin();
// x509
http.addFilterBefore(x509AuthenticationFilter(), AnonymousAuthenticationFilter.class);
// jwt
http.addFilterBefore(jwtAuthenticationFilter(), AnonymousAuthenticationFilter.class);
// otp
// todo, if needed one-time password auth filter goes here
// add an anonymous authentication filter that will populate the authenticated,
// anonymous user if no other user identity is detected earlier in the Spring filter chain
http.anonymous().authenticationFilter(anonymousAuthenticationFilter);
// After Spring Security filter chain is complete (so authentication is done),
// but before the Jersey application endpoints get the request,
// insert the ResourceAuthorizationFilter to do its authorization checks
http.addFilterAfter(resourceAuthorizationFilter(), FilterSecurityInterceptor.class);
}
Example #5
| Source File: Log4jMdcLoggingFilterTest.java From herd with Apache License 2.0 | 6 votes |
|
@Test
public void testLoggingAnonymousUser() throws Exception
{
invalidateApplicationUser(null);
// Apply AnonymousAuthenticationFilter
AnonymousAuthenticationFilter anonymousAuthenticationFilter = new AnonymousAuthenticationFilter("AnonymousFilterKey");
anonymousAuthenticationFilter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), new MockFilterChain());
// Apply user logging filter.
Log4jMdcLoggingFilter filterUnderTest = new Log4jMdcLoggingFilter();
filterUnderTest.init(new MockFilterConfig());
MockFilterChain mockChain = new MockFilterChain();
MockHttpServletRequest req = new MockHttpServletRequest();
MockHttpServletResponse rsp = new MockHttpServletResponse();
filterUnderTest.doFilter(req, rsp, mockChain);
filterUnderTest.destroy();
}
Example #6
| Source File: AppSecurityModelC.java From Spring-5.0-Cookbook with MIT License | 5 votes |
|
@Bean
public AnonymousAuthenticationFilter appAnonAuthFilter(){
List<GrantedAuthority> anonAuth = new ArrayList<>();
anonAuth.add(new SimpleGrantedAuthority("ROLE_ANONYMOUS"));
AppAnonAuthFilter anonFilter = new AppAnonAuthFilter("ANONYMOUS","guest",anonAuth);
return anonFilter;
}
Example #7
| Source File: AppSecurityModelC.java From Spring-5.0-Cookbook with MIT License | 5 votes |
|
@Bean
public AnonymousAuthenticationFilter appAnonAuthFilter(){
List<GrantedAuthority> anonAuth = new ArrayList<>();
anonAuth.add(new SimpleGrantedAuthority("ROLE_ANONYMOUS"));
AppAnonAuthFilter anonFilter = new AppAnonAuthFilter("ANONYMOUS","guest",anonAuth);
return anonFilter;
}
Example #8
| Source File: SecurityConfiguration.java From nifi-minifi with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.rememberMe().disable().authorizeRequests().anyRequest().fullyAuthenticated().and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(x509AuthenticationFilter, AnonymousAuthenticationFilter.class);
http.anonymous().authenticationFilter(c2AnonymousAuthenticationFilter);
}
Example #9
| Source File: FiatAuthenticationConfig.java From fiat with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.servletApi()
.and()
.exceptionHandling()
.and()
.anonymous()
.and()
.addFilterBefore(
new FiatAuthenticationFilter(fiatStatus), AnonymousAuthenticationFilter.class);
}
Example #10
| Source File: AppSpringModuleConfig.java From herd with Apache License 2.0 | 5 votes |
|
/**
* Gets a filter chain proxy.
*
* @param trustedUserAuthenticationFilter the trusted user authentication filter.
* @param httpHeaderAuthenticationFilter the HTTP header authentication filter.
*
* @return the filter chain proxy.
*/
@Bean
public FilterChainProxy filterChainProxy(final TrustedUserAuthenticationFilter trustedUserAuthenticationFilter,
final HttpHeaderAuthenticationFilter httpHeaderAuthenticationFilter)
{
return new FilterChainProxy(new SecurityFilterChain()
{
@Override
public boolean matches(HttpServletRequest request)
{
// Match all URLs.
return true;
}
@Override
public List<Filter> getFilters()
{
List<Filter> filters = new ArrayList<>();
// Required filter to store session information between HTTP requests.
filters.add(new SecurityContextPersistenceFilter());
// Trusted user filter to bypass security based on SpEL expression environment property.
filters.add(trustedUserAuthenticationFilter);
// Filter that authenticates based on http headers.
if (Boolean.valueOf(configurationHelper.getProperty(ConfigurationValue.SECURITY_HTTP_HEADER_ENABLED)))
{
filters.add(httpHeaderAuthenticationFilter);
}
// Anonymous user filter.
filters.add(new AnonymousAuthenticationFilter("AnonymousFilterKey"));
return filters;
}
});
}
Example #11
| Source File: NiFiWebApiSecurityConfiguration.java From nifi with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
.rememberMe().disable()
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// x509
http.addFilterBefore(x509FilterBean(), AnonymousAuthenticationFilter.class);
// jwt
http.addFilterBefore(jwtFilterBean(), AnonymousAuthenticationFilter.class);
// otp
http.addFilterBefore(otpFilterBean(), AnonymousAuthenticationFilter.class);
// knox
http.addFilterBefore(knoxFilterBean(), AnonymousAuthenticationFilter.class);
// anonymous
http.addFilterAfter(anonymousFilterBean(), AnonymousAuthenticationFilter.class);
// disable default anonymous handling because it doesn't handle conditional authentication well
http.anonymous().disable();
}
Example #12
| Source File: WebSecurityConfig.java From spring-custom-token-auth with MIT License | 4 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(createCustomFilter(), AnonymousAuthenticationFilter.class)
.csrf().disable();
}
Example #13
| Source File: SecurityManagedConfiguration.java From hawkbit with Eclipse Public License 1.0 | 4 votes |
|
@Override
protected void configure(final HttpSecurity http) throws Exception {
final ControllerTenantAwareAuthenticationDetailsSource authenticationDetailsSource = new ControllerTenantAwareAuthenticationDetailsSource();
final HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new HttpControllerPreAuthenticatedSecurityHeaderFilter(
ddiSecurityConfiguration.getRp().getCnHeader(),
ddiSecurityConfiguration.getRp().getSslIssuerHashHeader(), tenantConfigurationManagement,
tenantAware, systemSecurityContext);
securityHeaderFilter.setAuthenticationManager(authenticationManager());
securityHeaderFilter.setCheckForPrincipalChanges(true);
securityHeaderFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
final HttpControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new HttpControllerPreAuthenticateSecurityTokenFilter(
tenantConfigurationManagement, tenantAware, controllerManagement, systemSecurityContext);
securityTokenFilter.setAuthenticationManager(authenticationManager());
securityTokenFilter.setCheckForPrincipalChanges(true);
securityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
final HttpControllerPreAuthenticatedGatewaySecurityTokenFilter gatewaySecurityTokenFilter = new HttpControllerPreAuthenticatedGatewaySecurityTokenFilter(
tenantConfigurationManagement, tenantAware, systemSecurityContext);
gatewaySecurityTokenFilter.setAuthenticationManager(authenticationManager());
gatewaySecurityTokenFilter.setCheckForPrincipalChanges(true);
gatewaySecurityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
HttpSecurity httpSec = http.csrf().disable();
if (securityProperties.isRequireSsl()) {
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
}
if (ddiSecurityConfiguration.getAuthentication().getAnonymous().isEnabled()) {
LOG.info(
"******************\n** Anonymous controller security enabled, should only be used for developing purposes **\n******************");
final AnonymousAuthenticationFilter anonymousFilter = new AnonymousAuthenticationFilter(
"controllerAnonymousFilter", "anonymous",
Arrays.asList(new SimpleGrantedAuthority(SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS)));
anonymousFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
httpSec.requestMatchers().antMatchers(DDI_ANT_MATCHERS).and().securityContext().disable().anonymous()
.authenticationFilter(anonymousFilter);
} else {
httpSec.addFilter(securityHeaderFilter).addFilter(securityTokenFilter)
.addFilter(gatewaySecurityTokenFilter).requestMatchers().antMatchers(DDI_ANT_MATCHERS).and()
.anonymous().disable().authorizeRequests().anyRequest().authenticated().and()
.exceptionHandling()
.authenticationEntryPoint((request, response, authException) -> response
.setStatus(HttpStatus.UNAUTHORIZED.value()))
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
Example #14
| Source File: SecurityManagedConfiguration.java From hawkbit with Eclipse Public License 1.0 | 4 votes |
|
@Override
protected void configure(final HttpSecurity http) throws Exception {
final ControllerTenantAwareAuthenticationDetailsSource authenticationDetailsSource = new ControllerTenantAwareAuthenticationDetailsSource();
final HttpControllerPreAuthenticatedSecurityHeaderFilter securityHeaderFilter = new HttpControllerPreAuthenticatedSecurityHeaderFilter(
ddiSecurityConfiguration.getRp().getCnHeader(),
ddiSecurityConfiguration.getRp().getSslIssuerHashHeader(), tenantConfigurationManagement,
tenantAware, systemSecurityContext);
securityHeaderFilter.setAuthenticationManager(authenticationManager());
securityHeaderFilter.setCheckForPrincipalChanges(true);
securityHeaderFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
final HttpControllerPreAuthenticateSecurityTokenFilter securityTokenFilter = new HttpControllerPreAuthenticateSecurityTokenFilter(
tenantConfigurationManagement, tenantAware, controllerManagement, systemSecurityContext);
securityTokenFilter.setAuthenticationManager(authenticationManager());
securityTokenFilter.setCheckForPrincipalChanges(true);
securityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
final HttpControllerPreAuthenticatedGatewaySecurityTokenFilter gatewaySecurityTokenFilter = new HttpControllerPreAuthenticatedGatewaySecurityTokenFilter(
tenantConfigurationManagement, tenantAware, systemSecurityContext);
gatewaySecurityTokenFilter.setAuthenticationManager(authenticationManager());
gatewaySecurityTokenFilter.setCheckForPrincipalChanges(true);
gatewaySecurityTokenFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
final HttpControllerPreAuthenticateAnonymousDownloadFilter controllerAnonymousDownloadFilter = new HttpControllerPreAuthenticateAnonymousDownloadFilter(
tenantConfigurationManagement, tenantAware, systemSecurityContext);
controllerAnonymousDownloadFilter.setAuthenticationManager(authenticationManager());
controllerAnonymousDownloadFilter.setCheckForPrincipalChanges(true);
controllerAnonymousDownloadFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
HttpSecurity httpSec = http.csrf().disable();
if (securityProperties.isRequireSsl()) {
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
}
if (ddiSecurityConfiguration.getAuthentication().getAnonymous().isEnabled()) {
LOG.info(
"******************\n** Anonymous controller security enabled, should only be used for developing purposes **\n******************");
final AnonymousAuthenticationFilter anonymousFilter = new AnonymousAuthenticationFilter(
"controllerAnonymousFilter", "anonymous",
Arrays.asList(new SimpleGrantedAuthority(SpringEvalExpressions.CONTROLLER_ROLE_ANONYMOUS)));
anonymousFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
httpSec.requestMatchers().antMatchers(DDI_DL_ANT_MATCHER).and().securityContext().disable().anonymous()
.authenticationFilter(anonymousFilter);
} else {
httpSec.addFilter(securityHeaderFilter).addFilter(securityTokenFilter)
.addFilter(gatewaySecurityTokenFilter).addFilter(controllerAnonymousDownloadFilter)
.requestMatchers().antMatchers(DDI_DL_ANT_MATCHER).and().anonymous().disable()
.authorizeRequests().anyRequest().authenticated().and().exceptionHandling()
.authenticationEntryPoint((request, response, authException) -> response
.setStatus(HttpStatus.UNAUTHORIZED.value()))
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
