org.springframework.security.web.authentication.www.BasicAuthenticationFilter Java Examples
The following examples show how to use
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: TokenAuthFilterConfigurer.java From haven-platform with Apache License 2.0 | 6 votes |
|
@Override
public void configure(H http) throws Exception {
AuthenticationTokenFilter af = getAuthenticationFilter();
if(authenticationDetailsSource != null) {
af.setAuthenticationDetailsSource(authenticationDetailsSource);
}
af.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
af.setAuthenticationSuccessHandler(new AuthenticationStubSuccessHandler());
SessionAuthenticationStrategy sessionAuthenticationStrategy = http.getSharedObject(SessionAuthenticationStrategy.class);
if(sessionAuthenticationStrategy != null) {
af.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
}
AuthenticationTokenFilter filter = postProcess(af);
filter.setContinueChainAfterSuccessfulAuthentication(true);
http.addFilterBefore(filter, BasicAuthenticationFilter.class);
}
Example #2
| Source File: WebSecurityConfig.java From devicehive-java-server with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/css/**", "/server/**", "/scripts/**", "/webjars/**", "/templates/**").permitAll()
.antMatchers("/*/swagger.json", "/*/swagger.yaml").permitAll()
.and()
.anonymous().disable()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedEntryPoint());
http
.addFilterBefore(new SimpleCORSFilter(), BasicAuthenticationFilter.class)
.addFilterAfter(new HttpAuthenticationFilter(authenticationManager()), SimpleCORSFilter.class);
}
Example #3
| Source File: WebSecurityConfig.java From devicehive-java-server with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/css/**", "/server/**", "/scripts/**", "/webjars/**", "/templates/**").permitAll()
.antMatchers("/*/swagger.json", "/*/swagger.yaml").permitAll()
.and()
.anonymous().disable()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedEntryPoint());
http
.addFilterBefore(new SimpleCORSFilter(), BasicAuthenticationFilter.class)
.addFilterAfter(new HttpAuthenticationFilter(authenticationManager()), SimpleCORSFilter.class);
}
Example #4
| Source File: WebSecurityConfig.java From devicehive-java-server with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/css/**", "/server/**", "/scripts/**", "/webjars/**", "/templates/**").permitAll()
.antMatchers("/*/swagger.json", "/*/swagger.yaml").permitAll()
.and()
.anonymous().disable()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedEntryPoint());
http
.addFilterBefore(new SimpleCORSFilter(), BasicAuthenticationFilter.class)
.addFilterAfter(new HttpAuthenticationFilter(authenticationManager()), SimpleCORSFilter.class);
}
Example #5
| Source File: SecurityConfig.java From spring-boot-security-example with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
csrf().disable().
sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).
and().
authorizeRequests().
antMatchers(actuatorEndpoints()).hasRole(backendAdminRole).
anyRequest().authenticated().
and().
anonymous().disable().
exceptionHandling().authenticationEntryPoint(unauthorizedEntryPoint());
http.addFilterBefore(new AuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class).
addFilterBefore(new ManagementEndpointAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class);
}
Example #6
| Source File: WebSecurityConfig.java From spring-boot-security-saml-sample with Apache License 2.0 | 6 votes |
|
/**
* Defines the web based security configuration.
*
* @param http It allows configuring web based security for specific http requests.
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.authenticationEntryPoint(samlEntryPoint());
http
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(samlFilter(), CsrfFilter.class);
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/saml/**").permitAll()
.antMatchers("/css/**").permitAll()
.antMatchers("/img/**").permitAll()
.antMatchers("/js/**").permitAll()
.anyRequest().authenticated();
http
.logout()
.disable(); // The logout procedure is already handled by SAML filters.
}
Example #7
| Source File: SecurityFilterConfig.java From cosmo with Apache License 2.0 | 6 votes |
|
@Bean
public FilterRegistrationBean<?> securityFilterChain() {
FilterSecurityInterceptor securityFilter = new FilterSecurityInterceptor();
securityFilter.setAuthenticationManager(this.authManager);
securityFilter.setAccessDecisionManager(this.davDecisionManager);
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> metadata = new LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>>();
metadata.put(AnyRequestMatcher.INSTANCE, SecurityConfig.createList(ROLES));
securityFilter.setSecurityMetadataSource(new DefaultFilterInvocationSecurityMetadataSource(metadata));
/*
* Note that the order in which filters are defined is highly important.
*/
SecurityFilterChain filterChain = new DefaultSecurityFilterChain(AnyRequestMatcher.INSTANCE,
this.cosmoExceptionFilter, this.extraTicketFilter, this.ticketFilter,
new BasicAuthenticationFilter(authManager, this.authEntryPoint), securityFilter);
FilterChainProxy proxy = new FilterChainProxy(filterChain);
proxy.setFirewall(this.httpFirewall);
FilterRegistrationBean<?> filterBean = new FilterRegistrationBean<>(proxy);
filterBean.addUrlPatterns(PATH_DAV);
return filterBean;
}
Example #8
| Source File: WebSecurityConfig.java From springboot-jwt-starter with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS ).and()
.exceptionHandling().authenticationEntryPoint( restAuthenticationEntryPoint ).and()
.authorizeRequests()
.antMatchers(
HttpMethod.GET,
"/",
"/auth/**",
"/webjars/**",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
.antMatchers("/auth/**").permitAll()
.anyRequest().authenticated().and()
.addFilterBefore(new TokenAuthenticationFilter(tokenHelper, jwtUserDetailsService), BasicAuthenticationFilter.class);
http.csrf().disable();
}
Example #9
| Source File: SecurityConfig.java From WeBASE-Node-Manager with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().accessDeniedHandler(jsonAccessDeniedHandler); // 无权访问 JSON 格式的数据
http.formLogin().loginPage("/login") // login page
.loginProcessingUrl("/account/login") // login request uri
.usernameParameter("account").passwordParameter("accountPwd").permitAll()
.successHandler(loginSuccessHandler) // if login success
.failureHandler(loginfailHandler) // if login fail
.and().authorizeRequests()
.antMatchers("/account/login", "/account/pictureCheckCode",
"/login","/user/privateKey/**", "/encrypt")
.permitAll()
.anyRequest().authenticated().and().csrf()
.disable() // close csrf
.addFilterBefore(new TokenAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter.class)
.httpBasic().authenticationEntryPoint(jsonAuthenticationEntryPoint).and().logout()
.logoutUrl("/account/logout")
.logoutSuccessHandler(jsonLogoutSuccessHandler)
.permitAll();
}
Example #10
| Source File: InsightsSecurityConfigurationAdapterKerberos.java From Insights with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
LOG.debug("message Inside InsightsSecurityConfigurationAdapterKerberos,HttpSecurity **** {} ",
ApplicationConfigProvider.getInstance().getAutheticationProtocol());
if (AUTH_TYPE.equalsIgnoreCase(ApplicationConfigProvider.getInstance().getAutheticationProtocol())) {
LOG.debug("message Inside SAMLAuthConfig, check http security **** ");
http.cors();
http.csrf().ignoringAntMatchers(AuthenticationUtils.CSRF_IGNORE)
.csrfTokenRepository(authenticationUtils.csrfTokenRepository())
.and().addFilterAfter(new InsightsCustomCsrfFilter(), CsrfFilter.class);
http.exceptionHandling().authenticationEntryPoint(spnegoEntryPoint());
http.addFilterAfter(kerberosFilter(),
BasicAuthenticationFilter.class);
http.anonymous().disable().authorizeRequests().antMatchers("/error").permitAll().antMatchers("/admin/**")
.access("hasAuthority('Admin')").antMatchers("/saml/**").permitAll()
//.antMatchers("/user/insightsso/**").permitAll() ///logout
.anyRequest().authenticated();
http.logout().logoutSuccessUrl("/");
}
}
Example #11
| Source File: InsightsSecurityConfigurationAdapterSAML.java From Insights with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
LOG.debug("message Inside InsightsSecurityConfigurationAdapterSAML,HttpSecurity **** {} ",
ApplicationConfigProvider.getInstance().getAutheticationProtocol());
if (AUTH_TYPE.equalsIgnoreCase(ApplicationConfigProvider.getInstance().getAutheticationProtocol())) {
LOG.debug("message Inside SAMLAuthConfig, check http security **** ");
http.cors();
http.csrf().ignoringAntMatchers(AuthenticationUtils.CSRF_IGNORE)
.csrfTokenRepository(authenticationUtils.csrfTokenRepository())
.and().addFilterAfter(new InsightsCustomCsrfFilter(), CsrfFilter.class);
http.exceptionHandling().authenticationEntryPoint(samlEntryPoint());
http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(),
BasicAuthenticationFilter.class);
http.anonymous().disable().authorizeRequests().antMatchers("/error").permitAll().antMatchers("/admin/**")
.access("hasAuthority('Admin')").antMatchers("/saml/**").permitAll()
// .antMatchers("/user/insightsso/**").permitAll() ///logout
.anyRequest().authenticated();
http.logout().logoutSuccessUrl("/");
}
}
Example #12
| Source File: InsightsSecurityConfigurationAdapter.java From Insights with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
LOG.debug("message Inside InsightsSecurityConfigurationAdapter ,HttpSecurity **** {} ",
ApplicationConfigProvider.getInstance().getAutheticationProtocol());
if (AUTH_TYPE.equalsIgnoreCase(ApplicationConfigProvider.getInstance().getAutheticationProtocol())) {
LOG.debug("message Inside InsightsSecurityConfigurationAdapter,HttpSecurity check **** ");
http.cors().and().authorizeRequests().antMatchers("/datasources/**").permitAll().antMatchers("/admin/**")
.access("hasAuthority('Admin')").antMatchers("/traceability/**").access("hasAuthority('Admin')")
.antMatchers("/configure/loadConfigFromResources").permitAll().antMatchers("/**").authenticated() // .permitAll()
.and().exceptionHandling().accessDeniedHandler(springAccessDeniedHandler).and().httpBasic()
.disable()
.csrf().ignoringAntMatchers(AuthenticationUtils.CSRF_IGNORE)
.csrfTokenRepository(authenticationUtils.csrfTokenRepository()).and()
.addFilterBefore(insightsFilter(), BasicAuthenticationFilter.class)
.headers().frameOptions().sameOrigin().and().sessionManagement().maximumSessions(1).and()
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
}
}
Example #13
| Source File: SecurityConfig.java From movie-db-java-on-azure with MIT License | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
boolean usingFacebookAuthentication = facebook().getClientId() != null && !facebook().getClientId().isEmpty();
if (usingFacebookAuthentication) {
// @formatter:off
http.antMatcher("/**").authorizeRequests().antMatchers("/**").permitAll().anyRequest()
.authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).and().logout()
.logoutSuccessUrl("/").permitAll().and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
} else {
http.antMatcher("/**").authorizeRequests().anyRequest().permitAll();
}
}
Example #14
| Source File: TppWebSecurityConfig.java From XS2A-Sandbox with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests().antMatchers(INDEX_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(APP_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(ACTUATOR_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(SWAGGER_WHITELIST).permitAll()
.and()
.cors()
.and()
.authorizeRequests().anyRequest().authenticated();
http.headers().frameOptions().disable();
http.httpBasic().disable();
http.addFilterBefore(new DisableEndpointFilter(environment), BasicAuthenticationFilter.class);
http.addFilterBefore(new LoginAuthenticationFilter(userMgmtStaffRestClient), BasicAuthenticationFilter.class);
http.addFilterBefore(new TokenAuthenticationFilter(ledgersUserMgmt, authInterceptor), BasicAuthenticationFilter.class);
}
Example #15
| Source File: WebSecurityConfig.java From XS2A-Sandbox with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/v1/**")
.authorizeRequests()
.antMatchers(APP_WHITELIST).permitAll()
.and()
.authorizeRequests().anyRequest()
.authenticated()
.and()
.httpBasic()
.disable();
http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.headers().frameOptions().disable();
http.addFilterBefore(new LoginAuthenticationFilter(userMgmtRestClient), BasicAuthenticationFilter.class);
http.addFilterBefore(new TokenAuthenticationFilter(userMgmtRestClient, authInterceptor), BasicAuthenticationFilter.class);
}
Example #16
| Source File: SpringSecurityConfiguration.java From crnk-example with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
// consider moving to stateless and handle token on Angular side
if (properties.isSecurityEnabled()) {
// @formatter:off
http
.antMatcher("/**").authorizeRequests()
.antMatchers("/", "/favicon.ico",
"/assets/**",
"/login**", "/styles**", "/inline**", "/polyfills**",
"/scripts***", "/main**" ).permitAll()
.anyRequest().authenticated()
.and().logout().logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and().exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
// .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
}
else {
http.authorizeRequests().antMatchers("/**").permitAll();
http.csrf().disable();
}
}
Example #17
| Source File: WebSecurityConfig.java From XS2A-Sandbox with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers(APP_INDEX_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(APP_SCA_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(APP_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(SWAGGER_WHITELIST).permitAll()
.and()
.authorizeRequests().antMatchers(ACTUATOR_WHITELIST).permitAll()
.and()
.cors()
.and()
.authorizeRequests().anyRequest().authenticated();
http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.headers().frameOptions().disable();
http.addFilterBefore(new JWTAuthenticationFilter(tokenAuthenticationService), BasicAuthenticationFilter.class);
}
Example #18
| Source File: SecurityConfig.java From springboot-security-wechat with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.mvcMatchers("/**").permitAll()
//任何访问都必须授权
.anyRequest().fullyAuthenticated()
//配置那些路径可以不用权限访问
.mvcMatchers("/login", "/login/wechat").permitAll()
.and()
.formLogin()
//登陆成功后的处理,因为是API的形式所以不用跳转页面
.successHandler(new MyAuthenticationSuccessHandler())
//登陆失败后的处理
.failureHandler(new MySimpleUrlAuthenticationFailureHandler())
.and()
//登出后的处理
.logout().logoutSuccessHandler(new RestLogoutSuccessHandler())
.and()
//认证不通过后的处理
.exceptionHandling()
.authenticationEntryPoint(new RestAuthenticationEntryPoint());
http.addFilterAt(myFilterSecurityInterceptor, FilterSecurityInterceptor.class);
http.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
//http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http.csrf().disable();
}
Example #19
| Source File: CustomWebSecurityConfigurer.java From tutorials with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) {
http.addFilterBefore(
authenticationFilter(),
BasicAuthenticationFilter.class
);
}
Example #20
| Source File: CustomWebSecurityConfigurerAdapter.java From tutorials with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/securityNone")
.permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint);
http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
}
Example #21
| Source File: CustomWebSecurityConfigurerAdapter.java From tutorials with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/securityNone")
.permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint);
http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
}
Example #22
| Source File: WebSecurityConfig.java From tutorials with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling()
.authenticationEntryPoint(spnegoEntryPoint())
.and()
.authorizeRequests().antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.and()
.logout().permitAll()
.and()
.addFilterBefore(spnegoAuthenticationProcessingFilter(authenticationManagerBean()),
BasicAuthenticationFilter.class);
}
Example #23
| Source File: WebSecurityConfig.java From tutorials with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.addFilterBefore(spnegoAuthenticationProcessingFilter(authenticationManagerBean()), BasicAuthenticationFilter.class);
}
Example #24
| Source File: WebSecurityConfig.java From youkefu with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterAfter(tokenInfoTokenFilterSecurityInterceptor() , BasicAuthenticationFilter.class)
.antMatcher("*/*").authorizeRequests()
.anyRequest().permitAll()
.and().addFilterAfter(csrfHeaderFilter(), BasicAuthenticationFilter.class)
.addFilterAfter(apiTokenFilterSecurityInterceptor(), BasicAuthenticationFilter.class);
}
Example #25
| Source File: WebSecurityConfig.java From Hacktoberfest2019 with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling()
.authenticationEntryPoint(spnegoEntryPoint())
.and()
.authorizeRequests().antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll()
.and()
.logout().permitAll()
.and()
.addFilterBefore(spnegoAuthenticationProcessingFilter(authenticationManagerBean()),
BasicAuthenticationFilter.class);
}
Example #26
| Source File: WebSecurityContext.java From syncope with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(final HttpSecurity http) throws Exception {
SyncopeBasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new SyncopeBasicAuthenticationEntryPoint();
basicAuthenticationEntryPoint.setRealmName("Apache Syncope authentication");
SyncopeAuthenticationDetailsSource authenticationDetailsSource = new SyncopeAuthenticationDetailsSource();
JWTAuthenticationFilter jwtAuthenticationFilter = new JWTAuthenticationFilter(
authenticationManager(),
basicAuthenticationEntryPoint,
authenticationDetailsSource,
ctx.getBean(AuthDataAccessor.class),
ctx.getBean(DefaultCredentialChecker.class));
http.authorizeRequests().
antMatchers("/**").permitAll().and().
sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().
securityContext().securityContextRepository(new NullSecurityContextRepository()).and().
anonymous().principal(anonymousUser).and().
httpBasic().authenticationEntryPoint(basicAuthenticationEntryPoint).
authenticationDetailsSource(authenticationDetailsSource).and().
exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and().
addFilterBefore(jwtAuthenticationFilter, BasicAuthenticationFilter.class).
addFilterBefore(new MustChangePasswordFilter(), FilterSecurityInterceptor.class).
headers().disable().
csrf().disable();
}
Example #27
| Source File: WebSecurityConfig.java From training with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.authenticationProvider(preAuthenticatedProvider())
.addFilterBefore(jwtFilter(), BasicAuthenticationFilter.class)
.logout().permitAll();
}
Example #28
| Source File: BasicSecurityConfigurerAdapter.java From gravitee-management-rest-api with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
final String jwtSecret = environment.getProperty("jwt.secret");
if (jwtSecret == null || jwtSecret.isEmpty()) {
throw new IllegalStateException("JWT secret is mandatory");
}
//Warning if the secret is still the default one
if ("myJWT4Gr4v1t33_S3cr3t".equals(jwtSecret)) {
LOGGER.warn("");
LOGGER.warn("##############################################################");
LOGGER.warn("# SECURITY WARNING #");
LOGGER.warn("##############################################################");
LOGGER.warn("");
LOGGER.warn("You still use the default jwt secret.");
LOGGER.warn("This known secret can be used to impersonate anyone.");
LOGGER.warn("Please change this value, or ask your administrator to do it !");
LOGGER.warn("");
LOGGER.warn("##############################################################");
LOGGER.warn("");
}
authentication(http);
session(http);
authorizations(http);
hsts(http);
csrf(http);
cors(http);
http.addFilterBefore(new TokenAuthenticationFilter(jwtSecret, cookieGenerator, null, null), BasicAuthenticationFilter.class);
http.addFilterBefore(new RecaptchaFilter(reCaptchaService, objectMapper), TokenAuthenticationFilter.class);
}
Example #29
| Source File: BasicSecurityConfigurerAdapter.java From gravitee-management-rest-api with Apache License 2.0 | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
final String jwtSecret = environment.getProperty("jwt.secret");
if (jwtSecret == null || jwtSecret.isEmpty()) {
throw new IllegalStateException("JWT secret is mandatory");
}
//Warning if the secret is still the default one
if ("myJWT4Gr4v1t33_S3cr3t".equals(jwtSecret)) {
LOGGER.warn("");
LOGGER.warn("##############################################################");
LOGGER.warn("# SECURITY WARNING #");
LOGGER.warn("##############################################################");
LOGGER.warn("");
LOGGER.warn("You still use the default jwt secret.");
LOGGER.warn("This known secret can be used to impersonate anyone.");
LOGGER.warn("Please change this value, or ask your administrator to do it !");
LOGGER.warn("");
LOGGER.warn("##############################################################");
LOGGER.warn("");
}
authentication(http);
session(http);
authorizations(http);
hsts(http);
csrf(http);
cors(http);
http.addFilterBefore(new TokenAuthenticationFilter(jwtSecret, cookieGenerator, userService, tokenService), BasicAuthenticationFilter.class);
http.addFilterBefore(new RecaptchaFilter(reCaptchaService, objectMapper), TokenAuthenticationFilter.class);
}
Example #30
| Source File: WebSecurityConfig.java From spring-boot-security-saml-samples with MIT License | 5 votes |
|
/**
* Defines the web based security configuration.
*
* @param http It allows configuring web based security for specific http requests.
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
HttpSessionSecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();
securityContextRepository.setSpringSecurityContextKey("SPRING_SECURITY_CONTEXT_SAML");
http
.securityContext()
.securityContextRepository(securityContextRepository);
http
.httpBasic()
.disable();
http
.csrf()
.disable();
http
.addFilterAfter(metadataGeneratorFilter, BasicAuthenticationFilter.class)
.addFilterAfter(metadataDisplayFilter, MetadataGeneratorFilter.class)
.addFilterAfter(samlEntryPoint, MetadataDisplayFilter.class)
.addFilterAfter(samlWebSSOProcessingFilter, SAMLEntryPoint.class)
.addFilterAfter(samlWebSSOHoKProcessingFilter, SAMLProcessingFilter.class)
.addFilterAfter(samlLogoutProcessingFilter, SAMLWebSSOHoKProcessingFilter.class)
.addFilterAfter(samlIDPDiscovery, SAMLLogoutProcessingFilter.class)
.addFilterAfter(samlLogoutFilter, LogoutFilter.class);
http
.authorizeRequests()
.antMatchers("/", "/error", "/saml/**", "/idpselection").permitAll()
.anyRequest().authenticated();
http
.exceptionHandling()
.authenticationEntryPoint(samlEntryPoint);
http
.logout()
.disable();
}
