本文整理汇总了Java中org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter类的典型用法代码示例。如果您正苦于以下问题:Java UsernamePasswordAuthenticationFilter类的具体用法?Java UsernamePasswordAuthenticationFilter怎么用?Java UsernamePasswordAuthenticationFilter使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
UsernamePasswordAuthenticationFilter类属于org.springframework.security.web.authentication包,在下文中一共展示了UsernamePasswordAuthenticationFilter类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.anonymous().authorities("ROLE_ANONYMOUS")
.and()
.authorizeRequests()
.antMatchers("/login**", "/after**").permitAll()
.antMatchers("/deptanon.html").anonymous()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.defaultSuccessUrl("/deptform.html")
.failureHandler(customFailureHandler)
.successHandler(customSuccessHandler)
.and()
.addFilterBefore(appAnonAuthFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilter(appAuthenticationFilter(authenticationManager()))
.logout().logoutUrl("/logout.html")
.logoutSuccessHandler(customLogoutHandler)
.and().exceptionHandling().authenticationEntryPoint(setAuthPoint());
http.csrf().disable();
}
示例2: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/auth", "/api/users/me", "/api/greetings/public").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
示例3: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http = http.addFilter(new WebAsyncManagerIntegrationFilter());
http = http.addFilterBefore(jwtAuthFilter(), UsernamePasswordAuthenticationFilter.class);
http
.antMatcher("/ext/**")
.csrf().requireCsrfProtectionMatcher(csrfSecurityRequestMatcher).and()
.headers().frameOptions().sameOrigin().and()
.authorizeRequests()
.antMatchers("/ext/stream/**", "/ext/coverArt*", "/ext/share/**", "/ext/hls/**")
.hasAnyRole("TEMP", "USER").and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.exceptionHandling().and()
.securityContext().and()
.requestCache().and()
.anonymous().and()
.servletApi();
}
示例4: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.authorizeRequests()
// All urls must be authenticated (filter for token always fires (/**)
.antMatchers(HttpMethod.OPTIONS, "/login").permitAll()
.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
.anyRequest().authenticated()
.and()
// Call our errorHandler if authentication/authorisation fails
.exceptionHandling()
.authenticationEntryPoint((httpServletRequest, httpServletResponse, e) -> httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"))
.and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
// 添加一个过滤器 所有访问 /login 的请求交给 JWTLoginFilter 来处理 这个类处理所有的JWT相关内容
.and().addFilterBefore(new JwtAuthenticationTokenFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// 添加一个过滤器验证其他请求的Token是否合法
.addFilterBefore(new JWTAuthenticationFilter(),
UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity.headers().cacheControl();
}
示例5: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(this.unauthorizedHandler)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers("/auth/**").permitAll()
.antMatchers("/anonymous/**").permitAll()
.anyRequest().authenticated();
// Custom JWT based authentication
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
示例6: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST,"/**").authenticated()
.antMatchers(HttpMethod.POST, "/login").permitAll()
.and()
.formLogin()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.logout()
.and()
.addFilterBefore(new JwtLoginFilter(urlLogin, authenticationManager(), tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new JwtAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class)
.headers().cacheControl();
}
示例7: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors()
.and()
// we don't need CSRF because our token is invulnerable
.csrf().disable()
// All urls must be authenticated (filter for token always fires (/**)
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/auth/**").authenticated()
.and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); //.and()
// Custom JWT based security filter
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
// disable page caching
// httpSecurity.headers().cacheControl();
}
示例8: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and()
// no need to create session as JWT auth is stateless and per request
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers("/auth").permitAll() // allow anyone to try and authenticate
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll() // allow CORS pre-flighting
.anyRequest().authenticated(); // lock down everything else
// Add our custom JWT security filter before Spring Security's Username/Password filter
httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
// Disable page caching in the browser
httpSecurity.headers().cacheControl().disable();
}
示例9: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable() // We don't need CSRF for JWT based authentication
.exceptionHandling()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll()
.antMatchers(API_DOCS_ENTRY_POINT).permitAll()
.antMatchers(HttpMethod.GET, TOKEN_BASED_AUTH_ENTRY_POINT).permitAll()
.antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated()
.anyRequest().permitAll()
.and()
.addFilterBefore(buildDeviceLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
}
示例10: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, formBasedAuthEntry).permitAll()
.antMatchers(HttpMethod.GET, apiAuthEntry).permitAll()
.antMatchers(apiAuthEntry).authenticated()
.antMatchers(dbStatusAuthEntry).access("hasIpAddress('127.0.0.1')")
.anyRequest().permitAll()
.and()
.addFilterBefore(corsFilter(), SessionManagementFilter.class)
.addFilterBefore(buildDeviceLoginProcessingFilter(),
UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(),
UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilterDbStatus(),
UsernamePasswordAuthenticationFilter.class);
}
示例11: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
// allow loading our single page application by everyone. not required if the page is hosted somewhere else.
http.authorizeRequests().antMatchers("/").permitAll();
// allow logout
http.logout().logoutSuccessUrl("/").permitAll();
// all other services are protected.
http.authorizeRequests().anyRequest().authenticated();
// we are using token based authentication. csrf is not required.
http.csrf().disable();
// need a filter to validate the Jwt token from AzureAD and assign roles.
// without this, the token will not be validated and the role is always ROLE_USER.
http.addFilterBefore(azureAdJwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
}
示例12: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
//解决Refused to display 'http://......' in a frame because it set 'X-Frame-Options' to 'DENY'. "错误
http.headers().frameOptions().disable();
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/**/session/**").authenticated()//登录即可获取session信息
// 其他地址的访问均需验证权限(需要登录,且有指定的权限)
.anyRequest().access("@permissionService.hasPermission(request,authentication)").and()
.addFilterBefore(corsFilter,UsernamePasswordAuthenticationFilter.class)
.addFilterAt(codeUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).exceptionHandling()
.authenticationEntryPoint((request, response, authException) -> {
String result = JSON.toJSONString(JsonUtil.getResultJson(ResultCodeEnum.NOLOGIN));
HttpHelper.setResponseJsonData(response,result);
}).and()
.addFilterBefore(corsFilter,LogoutFilter.class)
.formLogin().loginProcessingUrl("/login").permitAll().and()
.logout().logoutSuccessHandler(logoutSuccessHandler()).permitAll();
http.csrf().disable();
}
示例13: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable() // We don't need CSRF for JWT based authentication
.exceptionHandling()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(ADMIN_LOGIN_ENTRY_POINT).permitAll()
.antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login end-point
.antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token refresh end-point
.and()
.authorizeRequests()
.antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected API End-points
.and()
.addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
}
示例14: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http// disable CSRF, http basic, form login
.csrf().disable() //
.httpBasic().disable() //
.formLogin().disable()
// ReST is stateless, no sessions
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) //
.and()
// return 403 when not authenticated
.exceptionHandling().authenticationEntryPoint(new NoAuthenticationEntryPoint());
// Let child classes set up authorization paths
setupAuthorization(http);
http.addFilterBefore(jsonWebTokenFilter, UsernamePasswordAuthenticationFilter.class);
}
示例15: configure
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
// allow auth url
.antMatchers("/auth").permitAll()
.anyRequest().authenticated();
// custom JWT based security filter
httpSecurity.addFilterBefore(authenticationFilterBean(), UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity.headers().cacheControl();
}