org.springframework.security.web.authentication.Http403ForbiddenEntryPoint Java Examples
The following examples show how to use
org.springframework.security.web.authentication.Http403ForbiddenEntryPoint.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: JsonWebTokenSecurityConfig.java From trivia-microservices with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// disable CSRF, http basic, form login
.csrf().disable() //
.httpBasic().disable() //
.formLogin().disable()
// ReST is stateless, no sessions
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) //
.and()
// return 403 when not authenticated
.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint());
// Let child classes set up authorization paths
setupAuthorization(http);
http.addFilterBefore(jsonWebTokenFilter, UsernamePasswordAuthenticationFilter.class);
}
Example #2
| Source File: InceptionSecurity.java From inception with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity aHttp) throws Exception
{
aHttp
.rememberMe()
.and()
.csrf().disable()
.addFilterBefore(preAuthFilter(), RequestHeaderAuthenticationFilter.class)
.authorizeRequests()
// Resources need to be publicly accessible so they don't trigger the login
// page. Otherwise it could happen that the user is redirected to a resource
// upon login instead of being forwarded to a proper application page.
.antMatchers("/favicon.ico").permitAll()
.antMatchers("/favicon.png").permitAll()
.antMatchers("/assets/**").permitAll()
.antMatchers("/images/**").permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/wicket/resource/**").permitAll()
.antMatchers("/swagger-ui.html").access("hasAnyRole('ROLE_REMOTE')")
.antMatchers("/admin/**").access("hasAnyRole('ROLE_ADMIN')")
.antMatchers("/doc/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
.antMatchers("/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
.anyRequest().denyAll()
.and()
.exceptionHandling()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint())
.and()
.headers().frameOptions().sameOrigin();
}
Example #3
| Source File: SecurityConfigurer.java From spring-cloud-gcp with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/topsecret").authenticated()
.and()
.oauth2ResourceServer()
.jwt()
.and()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint());
}
Example #4
| Source File: SecurityConfiguration.java From spring-cloud-gcp with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/css/**").permitAll()
.antMatchers("/templates/**").permitAll()
.antMatchers("/answer").authenticated()
.and()
.oauth2ResourceServer()
.jwt()
.and()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint());
}
Example #5
| Source File: IdolSecurity.java From find with MIT License | 5 votes |
|
@SuppressWarnings("ProhibitedExceptionDeclared")
@Override
protected void configure(final HttpSecurity http) throws Exception {
final LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> entryPoints = new LinkedHashMap<>();
entryPoints.put(new AntPathRequestMatcher("/api/**"), new Http403ForbiddenEntryPoint());
entryPoints.put(AnyRequestMatcher.INSTANCE, new LoginUrlAuthenticationEntryPoint(FindController.DEFAULT_LOGIN_PAGE));
final AuthenticationEntryPoint authenticationEntryPoint = new DelegatingAuthenticationEntryPoint(entryPoints);
http
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.accessDeniedPage("/authentication-error")
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl(FindController.DEFAULT_LOGIN_PAGE)
.and()
.authorizeRequests()
.antMatchers(FindController.APP_PATH + "/**").hasAnyRole(FindRole.USER.name())
.antMatchers(FindController.CONFIG_PATH).hasRole(FindRole.CONFIG.name())
.antMatchers("/api/public/**").hasRole(FindRole.USER.name())
.antMatchers("/api/bi/**").hasRole(FindRole.BI.name())
.antMatchers("/api/config/**").hasRole(FindRole.CONFIG.name())
.antMatchers("/api/admin/**").hasRole(FindRole.ADMIN.name())
.antMatchers(FindController.DEFAULT_LOGIN_PAGE).permitAll()
.antMatchers(FindController.LOGIN_PATH).permitAll()
.antMatchers("/").permitAll()
.anyRequest().denyAll()
.and()
.headers()
.defaultsDisabled()
.frameOptions()
.sameOrigin();
idolSecurityCustomizer.customize(http, authenticationManager());
}
Example #6
| Source File: WebAnnoSecurity.java From webanno with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity aHttp) throws Exception
{
aHttp
.rememberMe()
.and()
.csrf().disable()
.addFilterBefore(preAuthFilter(), RequestHeaderAuthenticationFilter.class)
.authorizeRequests()
// Resources need to be publicly accessible so they don't trigger the login
// page. Otherwise it could happen that the user is redirected to a resource
// upon login instead of being forwarded to a proper application page.
.antMatchers("/favicon.ico").permitAll()
.antMatchers("/favicon.png").permitAll()
.antMatchers("/assets/**").permitAll()
.antMatchers("/images/**").permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/wicket/resource/**").permitAll()
.antMatchers("/swagger-ui.html").access("hasAnyRole('ROLE_REMOTE')")
.antMatchers("/admin/**").access("hasAnyRole('ROLE_ADMIN')")
.antMatchers("/doc/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
.antMatchers("/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')")
.anyRequest().denyAll()
.and()
.exceptionHandling()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint())
.and()
.headers().frameOptions().sameOrigin();
}
Example #7
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
return new Http403ForbiddenEntryPoint();
}
Example #8
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
return new Http403ForbiddenEntryPoint();
}
Example #9
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
return new Http403ForbiddenEntryPoint();
}
Example #10
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
return new Http403ForbiddenEntryPoint();
}
Example #11
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
return new Http403ForbiddenEntryPoint();
}
Example #12
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
@Bean
public Http403ForbiddenEntryPoint forbiddenEntryPoint(){
return new Http403ForbiddenEntryPoint();
}
