org.springframework.security.web.authentication.logout.LogoutFilter Java Examples
The following examples show how to use
org.springframework.security.web.authentication.logout.LogoutFilter.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SpringWebConfig.java From we-cmdb with Apache License 2.0 | 6 votes |
|
protected void configureCasAuthentication(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) throws Exception {
registry.and()
.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint())
.and()
.addFilter(casAuthenticationFilter())
.addFilterBefore(logoutFilter(), LogoutFilter.class)
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.logout()
.permitAll()
.and()
.csrf()
.disable();
//.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
Example #2
| Source File: KeycloakWebSecurityConfigurerAdapter.java From keycloak with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().requireCsrfProtectionMatcher(keycloakCsrfRequestMatcher())
.and()
.sessionManagement()
.sessionAuthenticationStrategy(sessionAuthenticationStrategy())
.and()
.addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
.addFilterBefore(keycloakAuthenticationProcessingFilter(), LogoutFilter.class)
.addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(keycloakAuthenticatedActionsRequestFilter(), KeycloakSecurityContextRequestFilter.class)
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
.and()
.logout()
.addLogoutHandler(keycloakLogoutHandler())
.logoutUrl("/sso/logout").permitAll()
.logoutSuccessUrl("/");
}
Example #3
| Source File: SecurityConfiguration.java From demo-spring-security-cas with Apache License 2.0 | 6 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint()).and().addFilter(casAuthenticationFilter())
.addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class)
.addFilterBefore(requestCasGlobalLogoutFilter(), LogoutFilter.class);
http.headers().frameOptions().disable().authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/login", "/logout", "/secure").authenticated().antMatchers("/filtered")
.hasAuthority(AuthoritiesConstants.ADMIN).anyRequest().authenticated();
/**
* <logout invalidate-session="true" delete-cookies="JSESSIONID" />
*/
http.logout().logoutUrl("/logout").logoutSuccessUrl("/").invalidateHttpSession(true)
.deleteCookies("JSESSIONID");
// http.csrf();
}
Example #4
| Source File: CasConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
/**
* Request single point exit filter
*/
@Bean
public LogoutFilter casLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(
casServerLogout,
new SecurityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl("/logout");
return logoutFilter;
}
Example #5
| Source File: BaseWebSecurityConfig.java From jump-the-queue with Apache License 2.0 | 5 votes |
|
/**
* Create a simple filter that allows logout on a REST Url /services/rest/logout and returns a simple HTTP status 200
* ok.
*
* @return the filter.
*/
protected Filter getSimpleRestLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(new LogoutSuccessHandlerReturningOkHttpStatusCode(),
new SecurityContextLogoutHandler());
// configure logout for rest logouts
logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/services/rest/logout"));
return logoutFilter;
}
Example #6
| Source File: CasConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
/**
* Request single point exit filter
*/
@Bean
public LogoutFilter casLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(
casServerLogout,
new SecurityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl("/logout");
return logoutFilter;
}
Example #7
| Source File: WebSecurityConfig.java From spring-boot-security-saml-samples with MIT License | 5 votes |
|
/**
* Defines the web based security configuration.
*
* @param http It allows configuring web based security for specific http requests.
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
HttpSessionSecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();
securityContextRepository.setSpringSecurityContextKey("SPRING_SECURITY_CONTEXT_SAML");
http
.securityContext()
.securityContextRepository(securityContextRepository);
http
.httpBasic()
.disable();
http
.csrf()
.disable();
http
.addFilterAfter(metadataGeneratorFilter, BasicAuthenticationFilter.class)
.addFilterAfter(metadataDisplayFilter, MetadataGeneratorFilter.class)
.addFilterAfter(samlEntryPoint, MetadataDisplayFilter.class)
.addFilterAfter(samlWebSSOProcessingFilter, SAMLEntryPoint.class)
.addFilterAfter(samlWebSSOHoKProcessingFilter, SAMLProcessingFilter.class)
.addFilterAfter(samlLogoutProcessingFilter, SAMLWebSSOHoKProcessingFilter.class)
.addFilterAfter(samlIDPDiscovery, SAMLLogoutProcessingFilter.class)
.addFilterAfter(samlLogoutFilter, LogoutFilter.class);
http
.authorizeRequests()
.antMatchers("/", "/error", "/saml/**", "/idpselection").permitAll()
.anyRequest().authenticated();
http
.exceptionHandling()
.authenticationEntryPoint(samlEntryPoint);
http
.logout()
.disable();
}
Example #8
| Source File: CasConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
/**
* Request single point exit filter
*/
@Bean
public LogoutFilter casLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(
casServerLogout,
new SecurityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl("/logout");
return logoutFilter;
}
Example #9
| Source File: SecurityConfiguration.java From demo-spring-security-cas with Apache License 2.0 | 5 votes |
|
@Bean
public LogoutFilter requestCasGlobalLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(env.getRequiredProperty(CAS_URL_LOGOUT) + "?service="
+ env.getRequiredProperty(APP_SERVICE_HOME), new SecurityContextLogoutHandler());
// logoutFilter.setFilterProcessesUrl("/logout");
// logoutFilter.setFilterProcessesUrl("/j_spring_cas_security_logout");
logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/logout", "POST"));
return logoutFilter;
}
Example #10
| Source File: CasConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
/**
* Request single point exit filter
*/
@Bean
public LogoutFilter casLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(
casServerLogout,
new SecurityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl("/logout");
return logoutFilter;
}
Example #11
| Source File: CasConfig.java From Spring-Security-Third-Edition with MIT License | 5 votes |
|
/**
* Request single point exit filter
*/
@Bean
public LogoutFilter casLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(
casServerLogout,
new SecurityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl("/logout");
return logoutFilter;
}
Example #12
| Source File: WebSecurityConfig.java From tutorials with MIT License | 5 votes |
|
@Autowired
public WebSecurityConfig(SingleSignOutFilter singleSignOutFilter, LogoutFilter logoutFilter,
CasAuthenticationProvider casAuthenticationProvider,
ServiceProperties serviceProperties) {
this.logoutFilter = logoutFilter;
this.singleSignOutFilter = singleSignOutFilter;
this.serviceProperties = serviceProperties;
this.casAuthenticationProvider = casAuthenticationProvider;
}
Example #13
| Source File: WebSecurityConfig.java From tutorials with MIT License | 5 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers( "/secured", "/login").authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint())
.and()
.addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class)
.addFilterBefore(logoutFilter, LogoutFilter.class)
.csrf().ignoringAntMatchers("/exit/cas");
}
Example #14
| Source File: CustomSpringSecurityFilterChain.java From Spring with Apache License 2.0 | 5 votes |
|
private static List<SecurityFilterChain> filterChains() {
final List<SecurityFilterChain> filterChain = new ArrayList<>();
final LogoutFilter customLogoutFilter =
new LogoutFilter(new CustomLogoutSuccessHandler(), new SecurityContextLogoutHandler());
customLogoutFilter.setFilterProcessesUrl("/customlogout");
filterChain.add(new DefaultSecurityFilterChain(
new AntPathRequestMatcher("/customlogout**"), customLogoutFilter));
return filterChain;
}
Example #15
| Source File: SecurityConfiguration.java From cymbal with Apache License 2.0 | 5 votes |
|
@Bean
public FilterRegistrationBean logoutFilterRegistrationBean(final LogoutFilter logoutFilter) {
FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
filterRegistrationBean.setFilter(logoutFilter);
filterRegistrationBean.addUrlPatterns("/*");
filterRegistrationBean.setOrder(2);
return filterRegistrationBean;
}
Example #16
| Source File: WebSecurityConfig.java From dubbo-postman with MIT License | 5 votes |
|
/**
* Spring Security 基本配置
* @param httpSecurity
* @throws Exception
*/
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.exceptionHandling()
.authenticationEntryPoint(getCasAuthenticationEntryPoint())
.and().addFilter(casAuthenticationFilter())
.addFilterBefore(logoutFilter(), LogoutFilter.class)
.authorizeRequests()
.antMatchers("/js/**", "/css/**", "/imgs/**","/api/**").permitAll()
.antMatchers("/external/datasource/**").permitAll()
.anyRequest().authenticated()
.and().logout().invalidateHttpSession(true).deleteCookies("SESSION").permitAll()
.and().csrf().disable();
}
Example #17
| Source File: UserLoginConfigurer.java From ChengFeng1.5 with MIT License | 5 votes |
|
@Override
public void configure(B http) throws Exception {
authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
authFilter.setAuthenticationFailureHandler(new UserLoginFailureHandler());
authFilter.setSessionAuthenticationStrategy(new NullAuthenticatedSessionStrategy());
UserInfoAuthenticationFilter filter = postProcess(authFilter);
http.addFilterAfter(filter, LogoutFilter.class);
}
Example #18
| Source File: TokenLoginConfigurer.java From ChengFeng1.5 with MIT License | 5 votes |
|
@Override
public void configure(B http) throws Exception {
authFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
authFilter.setAuthenticationFailureHandler(new TokenRefreshFailureHandler());
TokenAuthenticationFilter filter = postProcess(authFilter);
http.addFilterBefore(filter, LogoutFilter.class);
}
Example #19
| Source File: SpringWebConfig.java From we-cmdb with Apache License 2.0 | 4 votes |
|
public LogoutFilter logoutFilter() {
return new LogoutFilter(securityProperties.getCasServerUrl() + "/logout?service=" + getServerUrl(), new SecurityContextLogoutHandler());
}
Example #20
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.addFilterAt(casFilter, CasAuthenticationFilter.class);
http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl(casServerLogout)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example #21
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.addFilterAt(casFilter, CasAuthenticationFilter.class);
http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl(casServerLogout)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example #22
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.addFilterAt(casFilter, CasAuthenticationFilter.class);
http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl(casServerLogout)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example #23
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.addFilterAt(casFilter, CasAuthenticationFilter.class);
http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl(casServerLogout)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example #24
| Source File: SecurityConfig.java From Spring-Security-Third-Edition with MIT License | 4 votes |
|
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
// Matching
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").access("hasRole('ADMIN') and isFullyAuthenticated()")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER");
http.addFilterAt(casFilter, CasAuthenticationFilter.class);
http.addFilterBefore(singleSignOutFilter, LogoutFilter.class);
// Logout
http.logout()
.logoutUrl("/logout")
.logoutSuccessUrl(casServerLogout)
.permitAll();
// Anonymous
http.anonymous();
// CSRF is enabled by default, with Java Config
http.csrf().disable();
// Exception Handling
http.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint)
.accessDeniedPage("/errors/403")
;
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
Example #25
| Source File: AtlasSecurityConfig.java From atlas with Apache License 2.0 | 4 votes |
|
protected void configure(HttpSecurity httpSecurity) throws Exception {
//@formatter:off
httpSecurity
.authorizeRequests().anyRequest().authenticated()
.and()
.headers()
.addHeaderWriter(new StaticHeadersWriter(HeadersUtil.CONTENT_SEC_POLICY_KEY, HeadersUtil.headerMap.get(HeadersUtil.CONTENT_SEC_POLICY_KEY)))
.addHeaderWriter(new StaticHeadersWriter(SERVER_KEY, HeadersUtil.headerMap.get(SERVER_KEY)))
.and()
.servletApi()
.and()
.csrf().disable()
.sessionManagement()
.enableSessionUrlRewriting(false)
.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
.sessionFixation()
.newSession()
.and()
.httpBasic()
.authenticationEntryPoint(getDelegatingAuthenticationEntryPoint())
.and()
.formLogin()
.loginPage("/login.jsp")
.loginProcessingUrl("/j_spring_security_check")
.successHandler(successHandler)
.failureHandler(failureHandler)
.usernameParameter("j_username")
.passwordParameter("j_password")
.and()
.logout()
.logoutSuccessUrl("/login.jsp")
.deleteCookies("ATLASSESSIONID")
.logoutUrl("/logout.html");
//@formatter:on
boolean configMigrationEnabled = !StringUtils.isEmpty(configuration.getString(ATLAS_MIGRATION_MODE_FILENAME));
if (configuration.getBoolean("atlas.server.ha.enabled", false) ||
configMigrationEnabled) {
if(configMigrationEnabled) {
LOG.info("Atlas is in Migration Mode, enabling ActiveServerFilter");
} else {
LOG.info("Atlas is in HA Mode, enabling ActiveServerFilter");
}
httpSecurity.addFilterAfter(activeServerFilter, BasicAuthenticationFilter.class);
}
httpSecurity
.addFilterAfter(staleTransactionCleanupFilter, BasicAuthenticationFilter.class)
.addFilterBefore(ssoAuthenticationFilter, BasicAuthenticationFilter.class)
.addFilterAfter(atlasAuthenticationFilter, SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(csrfPreventionFilter, AtlasAuthenticationFilter.class);
if (keycloakEnabled) {
httpSecurity
.logout().addLogoutHandler(keycloakLogoutHandler()).and()
.addFilterBefore(keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(keycloakPreAuthActionsFilter(), LogoutFilter.class)
.addFilterAfter(keycloakSecurityContextRequestFilter(), SecurityContextHolderAwareRequestFilter.class)
.addFilterAfter(keycloakAuthenticatedActionsRequestFilter(), KeycloakSecurityContextRequestFilter.class);
}
}
Example #26
| Source File: WebSecurityConfig.java From dubbo-postman with MIT License | 4 votes |
|
public LogoutFilter logoutFilter() {
LogoutFilter filter = new LogoutFilter(SSO_URL + "/logout"+"?service="+SERVICE_HOME, new SecurityContextLogoutHandler());
return filter;
}
Example #27
| Source File: SecurityConfig.java From spring-rest-server with GNU Lesser General Public License v3.0 | 3 votes |
|
@Override
protected void configure(HttpSecurity http) throws Exception {
CustomAuthenticationSuccessHandler successHandler = new CustomAuthenticationSuccessHandler();
successHandler.headerUtil(headerUtil);
http.
addFilterBefore(authenticationFilter(), LogoutFilter.class).
csrf().disable().
formLogin().successHandler(successHandler).
loginProcessingUrl("/login").
and().
logout().
logoutSuccessUrl("/logout").
and().
sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).
and().
exceptionHandling().
accessDeniedHandler(new CustomAccessDeniedHandler()).
authenticationEntryPoint(new CustomAuthenticationEntryPoint()).
and().
authorizeRequests().
antMatchers(HttpMethod.POST, "/login").permitAll().
antMatchers(HttpMethod.POST, "/logout").authenticated().
antMatchers(HttpMethod.GET, "/**").hasRole("USER").
antMatchers(HttpMethod.POST, "/**").hasRole("ADMIN").
antMatchers(HttpMethod.DELETE, "/**").hasRole("ADMIN").
anyRequest().authenticated();
}
