org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter Java Examples
The following examples show how to use
org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityConfiguration.java From syndesis with Apache License 2.0 | 6 votes |
@SuppressWarnings("PMD.SignatureDeclareThrowsException") private RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter() throws Exception { RequestHeaderAuthenticationFilter f = new RequestHeaderAuthenticationFilter(); f.setPrincipalRequestHeader("X-Forwarded-User"); f.setCredentialsRequestHeader("X-Forwarded-Access-Token"); f.setAuthenticationManager(authenticationManager()); f.setAuthenticationDetailsSource( (AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails>) (request) ->new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails( request, AuthorityUtils.createAuthorityList("ROLE_AUTHENTICATED") ) ); f.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler()); f.setExceptionIfHeaderMissing(false); return f; }
Example #2
Source File: InceptionSecurity.java From inception with Apache License 2.0 | 5 votes |
@Override protected void configure(HttpSecurity aHttp) throws Exception { aHttp .rememberMe() .and() .csrf().disable() .addFilterBefore(preAuthFilter(), RequestHeaderAuthenticationFilter.class) .authorizeRequests() // Resources need to be publicly accessible so they don't trigger the login // page. Otherwise it could happen that the user is redirected to a resource // upon login instead of being forwarded to a proper application page. .antMatchers("/favicon.ico").permitAll() .antMatchers("/favicon.png").permitAll() .antMatchers("/assets/**").permitAll() .antMatchers("/images/**").permitAll() .antMatchers("/resources/**").permitAll() .antMatchers("/wicket/resource/**").permitAll() .antMatchers("/swagger-ui.html").access("hasAnyRole('ROLE_REMOTE')") .antMatchers("/admin/**").access("hasAnyRole('ROLE_ADMIN')") .antMatchers("/doc/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')") .antMatchers("/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')") .anyRequest().denyAll() .and() .exceptionHandling() .authenticationEntryPoint(new Http403ForbiddenEntryPoint()) .and() .headers().frameOptions().sameOrigin(); }
Example #3
Source File: WebAnnoSecurity.java From webanno with Apache License 2.0 | 5 votes |
@Override protected void configure(HttpSecurity aHttp) throws Exception { aHttp .rememberMe() .and() .csrf().disable() .addFilterBefore(preAuthFilter(), RequestHeaderAuthenticationFilter.class) .authorizeRequests() // Resources need to be publicly accessible so they don't trigger the login // page. Otherwise it could happen that the user is redirected to a resource // upon login instead of being forwarded to a proper application page. .antMatchers("/favicon.ico").permitAll() .antMatchers("/favicon.png").permitAll() .antMatchers("/assets/**").permitAll() .antMatchers("/images/**").permitAll() .antMatchers("/resources/**").permitAll() .antMatchers("/wicket/resource/**").permitAll() .antMatchers("/swagger-ui.html").access("hasAnyRole('ROLE_REMOTE')") .antMatchers("/admin/**").access("hasAnyRole('ROLE_ADMIN')") .antMatchers("/doc/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')") .antMatchers("/**").access("hasAnyRole('ROLE_ADMIN', 'ROLE_USER')") .anyRequest().denyAll() .and() .exceptionHandling() .authenticationEntryPoint(new Http403ForbiddenEntryPoint()) .and() .headers().frameOptions().sameOrigin(); }
Example #4
Source File: SecurityConfig.java From cloudbreak with Apache License 2.0 | 5 votes |
@Bean public RequestHeaderAuthenticationFilter headerAuthenticationFilter() throws Exception { RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter = new RequestHeaderAuthenticationFilter(); requestHeaderAuthenticationFilter.setPrincipalRequestHeader("x-cdp-actor-crn"); requestHeaderAuthenticationFilter.setAuthenticationManager(authenticationManager()); requestHeaderAuthenticationFilter.setExceptionIfHeaderMissing(false); requestHeaderAuthenticationFilter.setContinueFilterChainOnUnsuccessfulAuthentication(true); return requestHeaderAuthenticationFilter; }
Example #5
Source File: SecurityConfig.java From cloudbreak with Apache License 2.0 | 5 votes |
@Bean public RequestHeaderAuthenticationFilter headerAuthenticationFilter() throws Exception { RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter = new RequestHeaderAuthenticationFilter(); requestHeaderAuthenticationFilter.setPrincipalRequestHeader("x-cdp-actor-crn"); requestHeaderAuthenticationFilter.setAuthenticationManager(authenticationManager()); requestHeaderAuthenticationFilter.setExceptionIfHeaderMissing(false); requestHeaderAuthenticationFilter.setContinueFilterChainOnUnsuccessfulAuthentication(true); return requestHeaderAuthenticationFilter; }
Example #6
Source File: SecurityManagedConfiguration.java From hawkbit with Eclipse Public License 1.0 | 4 votes |
@Override protected void configure(final HttpSecurity http) throws Exception { HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable(); if (securityProperties.getCors().isEnabled()) { httpSec = httpSec.cors().and(); } if (securityProperties.isRequireSsl()) { httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and(); } httpSec.authorizeRequests().anyRequest().authenticated() .antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**") .hasAnyAuthority(SpPermission.SYSTEM_ADMIN); if (oidcBearerTokenAuthenticationFilter != null) { // Only get the first client registration. Testing against every // client could increase the // attack vector ClientRegistration clientRegistration = null; for (final ClientRegistration cr : clientRegistrationRepository) { clientRegistration = cr; break; } Assert.notNull(clientRegistration, "There must be a valid client registration"); httpSec.oauth2ResourceServer().jwt().jwkSetUri(clientRegistration.getProviderDetails().getJwkSetUri()); oidcBearerTokenAuthenticationFilter.setClientRegistration(clientRegistration); httpSec.addFilterAfter(oidcBearerTokenAuthenticationFilter, BearerTokenAuthenticationFilter.class); } else { final BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint(); basicAuthEntryPoint.setRealmName(securityProperties.getBasicRealm()); httpSec.addFilterBefore(new Filter() { @Override public void init(final FilterConfig filterConfig) throws ServletException { userAuthenticationFilter.init(filterConfig); } @Override public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { userAuthenticationFilter.doFilter(request, response, chain); } @Override public void destroy() { userAuthenticationFilter.destroy(); } }, RequestHeaderAuthenticationFilter.class); httpSec.httpBasic().and().exceptionHandling().authenticationEntryPoint(basicAuthEntryPoint); } httpSec.addFilterAfter( new AuthenticationSuccessTenantMetadataCreationFilter(systemManagement, systemSecurityContext), SessionManagementFilter.class); httpSec.anonymous().disable(); httpSec.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); }