本文整理汇总了Java中org.springframework.security.config.annotation.web.builders.HttpSecurity类的典型用法代码示例。如果您正苦于以下问题:Java HttpSecurity类的具体用法?Java HttpSecurity怎么用?Java HttpSecurity使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
HttpSecurity类属于org.springframework.security.config.annotation.web.builders包,在下文中一共展示了HttpSecurity类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception{
http.addFilterBefore(characterEncodingFilter(), CsrfFilter.class);
http.authorizeRequests()
.antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
.antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("ssoId")
.passwordParameter("password")
.failureHandler(new CustomAuthenticationFailureHandler())
.defaultSuccessUrl("/")
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.and()
.rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
.and()
.csrf()
.and()
.exceptionHandling().accessDeniedPage("/error");
http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}
示例2: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
/**
* This is the equivalent to:
* <pre>
* <http pattern="/resources/**" security="none"/>
* <http pattern="/css/**" security="none"/>
* <http pattern="/webjars/**" security="none"/>
* </pre>
*
* @param web
* @throws Exception
*/
@Override
public void configure(final WebSecurity web) throws Exception {
// Ignore static resources and webjars from Spring Security
web.ignoring()
.antMatchers("/resources/**")
.antMatchers("/css/**")
.antMatchers("/webjars/**")
;
// Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
// and not the default Filter from AutoConfiguration.
final HttpSecurity http = getHttp();
web.postBuildAction(() -> {
web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
});
}
示例3: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/assets/**/*", "/js/*", "/images/**/*", "/feedback", "/webhook", "/fbwebhook", "/slackwebhook", "/embed").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.defaultSuccessUrl("/admin")
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
http.headers().frameOptions().disable();
}
示例4: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(new HeaderSecurityFilter(), SecurityContextHolderAwareRequestFilter.class)
.cors()
.and()
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/health").permitAll()
.antMatchers("/websocket").permitAll()
.antMatchers(HttpMethod.OPTIONS,"**").permitAll()
.antMatchers(HttpMethod.POST, "/api/**").hasAuthority(SecurityAuthoritiesEnum.COLLECTOR.toString())
.antMatchers(HttpMethod.DELETE, "/api/**").hasAuthority(SecurityAuthoritiesEnum.COLLECTOR.toString())
.antMatchers(HttpMethod.POST, "/reviews/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.GET, "/dashboards/**").hasAnyAuthority(SecurityAuthoritiesEnum.REGULAR.toString(), SecurityAuthoritiesEnum.SCREEN.toString())
.antMatchers(HttpMethod.GET, "/emitter/**").hasAnyAuthority(SecurityAuthoritiesEnum.REGULAR.toString(), SecurityAuthoritiesEnum.SCREEN.toString())
.antMatchers(HttpMethod.POST, "/dashboards/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.DELETE, "/dashboards/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.PUT, "/dashboards/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString());
}
示例5: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
/**
* This is the equivalent to:
* <pre>
* <http pattern="/resources/**" security="none"/>
* <http pattern="/css/**" security="none"/>
* <http pattern="/webjars/**" security="none"/>
* </pre>
*
* @param web WebSecurity
* @throws Exception
*/
@Override
public void configure(final WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/resources/**")
.antMatchers("/css/**")
.antMatchers("/webjars/**")
;
// Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
// and not the default Filter from AutoConfiguration.
final HttpSecurity http = getHttp();
web.postBuildAction(() -> {
web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
});
}
示例6: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
//任何访问都必须授权
.anyRequest().fullyAuthenticated()
//配置那些路径可以不用权限访问
.mvcMatchers("/login", "/login/wechat").permitAll()
.and()
.formLogin()
//登陆成功后的处理,因为是API的形式所以不用跳转页面
.successHandler(new MyAuthenticationSuccessHandler())
//登陆失败后的处理
.failureHandler(new MySimpleUrlAuthenticationFailureHandler())
.and()
//登出后的处理
.logout().logoutSuccessHandler(new RestLogoutSuccessHandler())
.and()
//认证不通过后的处理
.exceptionHandling()
.authenticationEntryPoint(new RestAuthenticationEntryPoint());
http.addFilterAt(myFilterSecurityInterceptor, FilterSecurityInterceptor.class);
http.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
//http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http.csrf().disable();
}
示例7: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login**", "/after**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.defaultSuccessUrl("/deptform.html")
.failureUrl("/login.html?error=true")
.successHandler(customSuccessHandler)
.and()
.logout().logoutUrl("/logout.html")
.logoutSuccessHandler(customLogoutHandler);
http.csrf().disable();
}
示例8: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
/**
* This is the equivalent to:
* <pre>
* <http pattern="/resources/**" security="none"/>
* <http pattern="/css/**" security="none"/>
* <http pattern="/webjars/**" security="none"/>
* </pre>
*
* @param web
* @throws Exception
*/
@Override
public void configure(final WebSecurity web) throws Exception {
// Ignore static resources and webjars from Spring Security
web.ignoring()
.antMatchers("/resources/**")
.antMatchers("/css/**")
.antMatchers("/webjars/**")
;
// Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
// and not the default Filter from AutoConfiguration.
final HttpSecurity http = getHttp();
web.postBuildAction(() -> {
// web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
FilterSecurityInterceptor fsi = http.getSharedObject(FilterSecurityInterceptor.class);
fsi.setSecurityMetadataSource(metadataSource);
web.securityInterceptor(fsi);
});
}
示例9: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
public void configure(final HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/doctor/**", "/rx/**", "/account/**")
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET,"/doctor/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST,"/doctor/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('write')")
.antMatchers(HttpMethod.GET,"/rx/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST,"/rx/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('write')")
.antMatchers("/account/**").permitAll()
.and()
.exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler())
.and()
.csrf().disable();
}
开发者ID:PacktPublishing,项目名称:Building-Web-Apps-with-Spring-5-and-Angular,代码行数:18,代码来源:ResourceServerOAuth2Config.java
示例10: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/auth", "/api/users/me", "/api/greetings/public").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
示例11: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/swagger-resources/configuration/ui").permitAll()
.and()
.apply(securityConfigurerAdapter());
}
示例12: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/","/public/**", "/resources/**",
"/resources/public/**", "/css/**", "/js/**", "/webjars/**").permitAll()
.antMatchers("/", "/home", "/about").permitAll()
// .antMatchers("admin/**", "api/**", "project/**").hasRole("ADMIN")
// .antMatchers("/user/**", "project/**", "api/projects/**").hasRole("USER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/", true)
.failureUrl("/login?error")
.failureHandler(customAuthenticationHandler)
.permitAll()
.and()
.logout()
.permitAll()
.and()
.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
}
示例13: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.headers()
.frameOptions()
.disable();
if (properties.isSecurityEnabled()) {
http
.authorizeRequests()
.anyRequest()
.fullyAuthenticated()
.and()
.httpBasic();
}
}
示例14: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginProcessingUrl("/api/authentication/form") //认证URL
.loginPage("/api/authentication/require") //登录页
.successHandler(tzAuthenticationSuccessHandler) //登录成功处理器
.failureHandler(tzAuthenticationFailureHandler)
.and()
.authorizeRequests()
.antMatchers(
"/api/authentication/form",
"/api/authentication/require",
"/api/imgs/**",
"/templates/**",
"/api/resources/menus"
)
.permitAll()
.anyRequest()
.access("@rbacService.havePermission(request,authentication)");
}
示例15: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
http
.requestMatcher(new OAuthRequestedMatcher())
.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
// when restricting access to 'Roles' you must remove the "ROLE_" part role
// for "ROLE_USER" use only "USER"
.antMatchers("/api/hello").access("hasAnyRole('USER')")
.antMatchers("/api/me").hasAnyRole("USER", "ADMIN")
.antMatchers("/api/admin").hasRole("ADMIN")
// use the full name when specifying authority access
.antMatchers("/api/registerUser").hasAuthority("ROLE_REGISTER")
// restricting all access to /api/** to authenticated users
.antMatchers("/api/**").authenticated();
}