本文整理汇总了Java中org.springframework.security.web.csrf.CookieCsrfTokenRepository类的典型用法代码示例。如果您正苦于以下问题:Java CookieCsrfTokenRepository类的具体用法?Java CookieCsrfTokenRepository怎么用?Java CookieCsrfTokenRepository使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
CookieCsrfTokenRepository类属于org.springframework.security.web.csrf包,在下文中一共展示了CookieCsrfTokenRepository类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/open/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
.and()
.logout()
.logoutSuccessUrl("/")
.permitAll()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
// .csrf().disable();
}
示例2: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login*", "/after**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.defaultSuccessUrl("/deptform.html")
.failureUrl("/login.html?error=true")
.and().logout().logoutUrl("/logout.html")
.logoutSuccessUrl("/after_logout.html");
http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http.sessionManagement().sessionFixation().newSession();
}
示例3: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/index.html").permitAll()
.anyRequest().fullyAuthenticated()//
.and()
.logout()
.logoutSuccessUrl("/")
.permitAll()
.and()
.addFilterAt(filter(), BasicAuthenticationFilter.class)
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http.authorizeRequests().antMatchers("/CSS/**","/JS/**","/images/**").permitAll().anyRequest().permitAll();
}
示例4: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.formLogin()
.loginProcessingUrl("/api/authentication")
.successHandler((request, response, authentication) -> response.setStatus(HttpServletResponse.SC_OK))
.failureHandler((request, response, exception) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
"Wrong username or password"))
.permitAll()
.and()
.logout()
.logoutUrl("/api/logout")
.logoutSuccessHandler((request, response, authentication) -> response.setStatus(HttpServletResponse.SC_OK))
.permitAll()
.and()
.authorizeRequests()
.antMatchers("/api/account/registration").permitAll()
.antMatchers(HttpMethod.GET, "/api/lots/**").permitAll()
.antMatchers("/api/users").hasAuthority(ADMIN_ROLE)
.antMatchers("/api/**").authenticated();
}
示例5: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
/**
* Security Config, to allow following requests without authorization.
* <ul>
* <li>show index.html Landing page</li>
* <li>allow loading of compiled JS and CSS</li>
* <li>allow loading of files in assets folder, e.g. BootsTrap CSS and BootsTrap or jQuery JS</li>
* <li>API requests</li>
* </ul>
*
* @param http {@link HttpSecurity}
* @throws Exception {@link Exception} if something goes wrong
* @since 1.1.1-SNAPSHOT
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
http
.antMatcher("/**")
.authorizeRequests()
.antMatchers(
"/", // allow request to root
"/login**", // allow login request
"/app/get/**", // allow default "get" requests
"/app/update/product/**/download", // allow updates to product, if it gets downloaded
"/app/download/product/**", // allow product downloads
"/index.html", "/**.js", "/**.css", "/**.woff", "/**.woff2", "/**.ttf", "/assets/**", // static resources
"/api**").permitAll()
.anyRequest().authenticated()
.and().logout().logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).ignoringAntMatchers("/nocsrf", "/console/**")
.and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
.and().headers().frameOptions().disable()
/**
* limit access to amazonaws domain
*/
// .addHeaderWriter(new StaticHeadersWriter("X-FRAME-OPTIONS", "ALLOW-FROM amazonaws.com"))
.and().addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
示例6: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home", "/login").permitAll()
.antMatchers("/app/**").permitAll()
.antMatchers("/vendor/**").permitAll()
.antMatchers("/fonts/**").permitAll()
.antMatchers("/assets/images/**").permitAll()
.antMatchers("/*.js").permitAll()
.antMatchers("/*.ttf").permitAll()
.antMatchers("/*.woff2").permitAll()
.anyRequest().authenticated()
.and().httpBasic()
.and()
.logout()
.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID");
if (Arrays.asList(environment.getActiveProfiles()).contains(MetronRestConstants.CSRF_ENABLE_PROFILE)) {
http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
} else {
http.csrf().disable();
}
}
示例7: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**", "/webjars/**").permitAll()
.anyRequest().authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
.and()
.logout().logoutSuccessUrl("/").permitAll()
.and()
.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
//@formatter:on
}
示例8: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
boolean usingFacebookAuthentication = facebook().getClientId() != null && !facebook().getClientId().isEmpty();
if (usingFacebookAuthentication) {
// @formatter:off
http.antMatcher("/**").authorizeRequests().antMatchers("/**").permitAll().anyRequest()
.authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")).and().logout()
.logoutSuccessUrl("/").permitAll().and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
} else {
http.antMatcher("/**").authorizeRequests().anyRequest().permitAll();
}
}
示例9: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.logout().and().authorizeRequests().antMatchers("/**/*.html", "/login").permitAll().anyRequest()
.authenticated().and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
// @formatter:on
}
示例10: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**").authorizeRequests()
.antMatchers("/", "/index.html", "/assets/**", "/login", "/api/catalog/**").permitAll().anyRequest().authenticated()
.and().logout().logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); // What Angular would like is for the server to send it a cookie called "XSRF-TOKEN" and if it sees that, it will send the value back as a header named "X-XSRF-TOKEN". 需要注意withHttpOnlyFalse后容易受到XSS攻击
//.and().csrf().disable(); // 这样虽然可以工作,但不安全
}
示例11: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity security) throws Exception {
security
.authorizeRequests() // authorize all requests using the access rules defined earlier
.antMatchers("/", "/list/**",
"/articles/**", "/search/**",
"/popular", "/popular/**", "hottest/**",
"/about", "/profile", "/fs/**").permitAll()
.antMatchers("/api/session/list")
.hasAuthority("VIEW_USER_SESSIONS")
.anyRequest().authenticated()
.and().formLogin()
.loginPage("/login").failureUrl("/login?loginFailed")
.defaultSuccessUrl("/admin")
.usernameParameter("username")
.passwordParameter("password")
.permitAll()
.and().logout()
.logoutUrl("/logout").logoutSuccessUrl("/login?loggedOut")
.invalidateHttpSession(true).deleteCookies("JSESSIONID")
.permitAll()
.and().sessionManagement()
.sessionFixation().changeSessionId()
.maximumSessions(1).maxSessionsPreventsLogin(false)
.sessionRegistry(this.sessionRegistry())
.and().and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.requireCsrfProtectionMatcher(request -> {
String m = request.getMethod();
return !request.getServletPath().startsWith("/api/") &&
("POST".equals(m)) || "PUT".equals(m) ||
"DELETE".equals(m) || "PATCH".equals(m); // rest services 不用考虑跨站请求伪造
});
}
示例12: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().ignoringAntMatchers("/api/login", "/api/signup")
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint).and()
.addFilterBefore(jwtAuthenticationTokenFilter(), BasicAuthenticationFilter.class)
.authorizeRequests().anyRequest().authenticated().and().formLogin().loginPage("/api/login")
.successHandler(authenticationSuccessHandler).failureHandler(authenticationFailureHandler)
.and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/api/logout"))
.logoutSuccessHandler(logoutSuccess).deleteCookies(TOKEN_COOKIE);
}
示例13: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/login", "/login/**", "**/public/**").permitAll()//
.anyRequest().authenticated()//
.and().exceptionHandling()//
.and().logout().logoutSuccessUrl("/").permitAll()//
.and().csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
示例14: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.formLogin().and().antMatcher("/**").authorizeRequests().antMatchers("/", "/login**", "/img/**", "/webjars/**").permitAll().anyRequest()
.authenticated().and().exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/")).and().logout()
.logoutSuccessUrl("/").permitAll().and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()).and()
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
}
示例15: configure
import org.springframework.security.web.csrf.CookieCsrfTokenRepository; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/auth/logout")
.clearAuthentication(true).invalidateHttpSession(true)
.and()
.antMatcher("/**").authorizeRequests()
.antMatchers("/", "/login").permitAll()
.anyRequest().authenticated().and().csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
// @formatter:on
}