当前位置: 首页>>代码示例>>Java>>正文


Java CsrfFilter类代码示例

本文整理汇总了Java中org.springframework.security.web.csrf.CsrfFilter的典型用法代码示例。如果您正苦于以下问题:Java CsrfFilter类的具体用法?Java CsrfFilter怎么用?Java CsrfFilter使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


CsrfFilter类属于org.springframework.security.web.csrf包,在下文中一共展示了CsrfFilter类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception{
    http.addFilterBefore(characterEncodingFilter(), CsrfFilter.class);
    http.authorizeRequests()
            .antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
            .antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
            .and()
            .formLogin()
            .loginPage("/login")
            .usernameParameter("ssoId")
            .passwordParameter("password")
            .failureHandler(new CustomAuthenticationFailureHandler())
            .defaultSuccessUrl("/")
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .and()
            .rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
            .and()
            .csrf()
            .and()
            .exceptionHandling().accessDeniedPage("/error");

    http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}
 
开发者ID:Exercon,项目名称:AntiSocial-Platform,代码行数:27,代码来源:SecurityConfiguration.java

示例2: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.antMatcher("/**")
            .authorizeRequests()
            .antMatchers(
                    "/",
                    "/public/**",
                    "/social/**",
                    "/login**",
                    "/webjars/**",
                    "/img/**",
                    "/css/**",
                    "/robots.txt").permitAll()
            .anyRequest().authenticated()
            .and().logout().logoutSuccessUrl("/").permitAll()
            .and().formLogin().loginPage("/")
            .and().csrf().csrfTokenRepository(csrfTokenRepository())
            .and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
            .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);

}
 
开发者ID:scionaltera,项目名称:emergentmud,代码行数:23,代码来源:SecurityConfiguration.java

示例3: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
	http// .csrf().disable()

	.headers().cacheControl().disable().and().exceptionHandling()
			.authenticationEntryPoint(new RestAuthenticationEntryPoint("/")).and()

	/* old: "/bootstrap/**", "/libraries/**", "/scripts/**", "/styles/**" */
	.authorizeRequests().antMatchers("/", "/login", "/wro/**", "/images/**", "/views/**").permitAll().and()

	.authorizeRequests().anyRequest().authenticated().and()

	.formLogin().loginProcessingUrl("/login").successHandler(authenticationSuccessHandler())
			.failureHandler(authenticationFailureHandler()).and()

	.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler())
			.deleteCookies("JSESSIONID", "XSRF-TOKEN").invalidateHttpSession(true).and()

	.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
 
开发者ID:adessoAG,项目名称:JenkinsHue,代码行数:21,代码来源:SecurityConfiguration.java

示例4: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
	public void configure(HttpSecurity http) throws Exception {
		http
				.csrf()
				.csrfTokenRepository(csrfTokenRepository())
				.and()
				.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
//				.csrf().disable()
				.exceptionHandling()
				.authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
				.and()
				.authorizeRequests().antMatchers("/", "/home", "/oauth/authorize", "/oauth/token").permitAll()
				.anyRequest().authenticated()
				.and()
				.formLogin()
//				.loginPage("/login")
//				.failureForwardUrl("/login?error")
				.permitAll()
				.and()
				.logout()
//				.logoutUrl("/logout")
//				.logoutSuccessUrl("/login?logout")
				.permitAll()
				.and()
				.httpBasic();
	}
 
开发者ID:JerryNiu,项目名称:cloud,代码行数:27,代码来源:ResourceServerConfig.java

示例5: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
	http
	.authorizeRequests()
	.antMatchers("/h2-console", "/rest/isAdmin").hasRole("ADMIN")// not working for h2 console // role should not start with 'ROLE_' since it is automatically inserted
	.anyRequest().authenticated()
	.and()
	.formLogin().loginPage("/login").failureUrl("/login?error").permitAll()
	.and()
	.logout().logoutSuccessUrl("/login?logout").permitAll()
	.and()
	.httpBasic()
	.and()
	.csrf().csrfTokenRepository(csrfTokenRepository())
	.and()
	.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
 
开发者ID:gjk0090,项目名称:complete-transaction-management,代码行数:18,代码来源:MainApplication.java

示例6: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/hojeehdiaderua/**")
            .permitAll()
            .antMatchers("/admin/**")
            .access("hasRole('ROLE_ADMIN')")
            .and()
            .httpBasic()
            .and()
            .formLogin()
            .and()
            .logout()
            .logoutUrl("/admin/logout")
            .deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .logoutSuccessUrl("/index.jsp")
            .and()
            .csrf()
            .csrfTokenRepository(csrfTokenRepository())
            .and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
 
开发者ID:ortolanph,项目名称:hojeehdiaderua,代码行数:25,代码来源:SecurityConfig.java

示例7: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
	//@formatter:off
	http
		.logout()
		.and()
		.antMatcher("/**").authorizeRequests()
		.antMatchers(	
				"/index.html",
				"/home.html", 
				"/", 
				"/login", 
				"/**/*.html", 
				"/**/*.less", 
				"/**/*.css", 
				"/**/*.js").permitAll()
			.anyRequest().authenticated()
			.and()
			.csrf().csrfTokenRepository(csrfTokenRepository())
			.and()
			.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
	//@formatter:on
}
 
开发者ID:ksambhav,项目名称:trueyes,代码行数:24,代码来源:WebfrontUIApplication.java

示例8: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http)
  throws Exception
{
  // @formatter:off
  http.antMatcher("/**")
    .authorizeRequests()
    .antMatchers("/", "/login**", "/webjars/**").permitAll()
    .anyRequest().authenticated()
    .and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
    .and().logout().logoutSuccessUrl("/").permitAll()
    .and().csrf().csrfTokenRepository(csrfTokenRepository())
    .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
    .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
  // @formatter:on
}
 
开发者ID:fetox74,项目名称:eve-oauth2-example,代码行数:17,代码来源:EveOAuth2Example.java

示例9: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {	
	http.authorizeRequests()
	 .antMatchers("/restricted/**").authenticated()	
	 .antMatchers("/web/**").authenticated()
	 .and()
	    .formLogin()
	    	.usernameParameter("j_username") // default is username
              .passwordParameter("j_password") // default is password
	    	.loginPage("/views/login.html").successHandler(new CustomSuccessHandler()).failureUrl("/views/login.html?failure")		   		
	 .and()
	    .logout().logoutSuccessUrl("/")
	    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))		 
	 .and()
	    .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
		.csrf().csrfTokenRepository(csrfTokenRepository());
}
 
开发者ID:AuScope,项目名称:igsn30,代码行数:18,代码来源:MultiHttpSecurityConfig.java

示例10: samlizedConfig

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
/**
 * Fluent API that pre-configures HttpSecurity with SAML specific configuration.
 *
 * @param http HttpSecurity instance
 * @return Same HttpSecurity instance
 * @throws Exception Exception
 */
// CSRF must be disabled when processing /saml/** to prevent "Expected CSRF token not found" exception.
// See: http://stackoverflow.com/questions/26508835/spring-saml-extension-and-spring-security-csrf-protection-conflict/26560447
protected final HttpSecurity samlizedConfig(final HttpSecurity http) throws Exception {
    http.httpBasic().authenticationEntryPoint(samlEntryPoint())
            .and()
            .csrf().ignoringAntMatchers("/saml/**")
            .and()
            .authorizeRequests().antMatchers("/saml/**").permitAll()
            .and()
            .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
            .addFilterAfter(filterChainProxy(), BasicAuthenticationFilter.class);

    // store CSRF token in cookie
    if (samlConfigBean().getStoreCsrfTokenInCookie()) {
        http.csrf()
                .csrfTokenRepository(csrfTokenRepository())
                .and()
                .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
    }

    return http;
}
 
开发者ID:choonchernlim,项目名称:spring-security-adfs-saml2,代码行数:30,代码来源:SAMLWebSecurityConfigurerAdapter.java

示例11: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {

    for (String p : mccySecuritySettings.getAllowAnonymous().getGet()) {
        http
            .authorizeRequests()
            .antMatchers(HttpMethod.GET, p).permitAll();
    }

    http
            .authorizeRequests()
                .antMatchers("/**").hasRole("USER")
            .and().formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/")
                .permitAll()
            .and().logout().logoutSuccessUrl("/")
            .and().addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
            .csrf().csrfTokenRepository(csrfTokenRepository());

    if (env.acceptsProfiles(MccyConstants.PROFILE_BASIC_AUTH, MccyConstants.PROFILE_DEV)) {
        http
                .httpBasic()
                .and().csrf().ignoringAntMatchers("/**");
    }
}
 
开发者ID:moorkop,项目名称:mccy-engine,代码行数:27,代码来源:SecurityConfig.java

示例12: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
    http.requestMatchers().anyRequest().and()
            .authorizeRequests().anyRequest()
            .authenticated().and().csrf()
            .csrfTokenRepository(csrfTokenRepository()).and()
            .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);

    OAuth2SsoProperties sso = this.beanFactory.getBean(OAuth2SsoProperties.class);
    // Delay the processing of the filter until we know the
    // SessionAuthenticationStrategy is available:
    http.apply(
            (SecurityConfigurerAdapter) new OAuth2ClientAuthenticationConfigurer(oauth2SsoFilter(sso))
    );
    addAuthenticationEntryPoint(http, sso);
}
 
开发者ID:dick-the-deployer,项目名称:dick,代码行数:17,代码来源:SsoSecurityAutoConfiguration.java

示例13: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
	// @formatter:off
	http
		.authorizeRequests()
			.antMatchers("/index.html", "/home.html", "/")
				.permitAll()
				.anyRequest()
					.authenticated()
		.and()
			.csrf()
			.csrfTokenRepository(csrfTokenRepository())
		.and()
			.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
	// @formatter:on
}
 
开发者ID:livelessons-spring,项目名称:building-microservices,代码行数:17,代码来源:SsoUiApplication.java

示例14: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(final HttpSecurity http) throws Exception {
	http.csrf().ignoringAntMatchers("/websocket/**").and().addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling()
			.authenticationEntryPoint(authenticationEntryPoint).and().rememberMe().rememberMeServices(rememberMeServices).rememberMeParameter("remember-me")
			.key(env.getProperty("jhipster.security.rememberme.key")).and().formLogin().loginProcessingUrl("/api/authentication")
			.successHandler(ajaxAuthenticationSuccessHandler).failureHandler(ajaxAuthenticationFailureHandler).usernameParameter("j_username").passwordParameter("j_password")
			.permitAll().and().logout().logoutUrl("/api/logout").logoutSuccessHandler(ajaxLogoutSuccessHandler).deleteCookies("JSESSIONID").permitAll().and().headers()
			.frameOptions().disable().and().authorizeRequests().antMatchers("/api/register").permitAll().antMatchers("/api/activate").permitAll()
			.antMatchers("/api/authenticate").permitAll().antMatchers("/api/account/reset_password/init").permitAll().antMatchers("/api/account/reset_password/finish")
			.permitAll().antMatchers("/api/logs/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/api/audits/**").hasAuthority(AuthoritiesConstants.ADMIN)
			.antMatchers("/api/**").authenticated().antMatchers("/websocket/tracker").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/websocket/**").permitAll()
			.antMatchers("/metrics/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/health/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/trace/**")
			.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/dump/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/shutdown/**")
			.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/beans/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/configprops/**")
			.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/info/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/autoconfig/**")
			.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/env/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/trace/**")
			.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/mappings/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/v2/api-docs/**").permitAll()
			.antMatchers("/configuration/security").permitAll().antMatchers("/configuration/ui").permitAll().antMatchers("/swagger-ui/index.html")
			.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/protected/**").authenticated();

}
 
开发者ID:ServiceCutter,项目名称:ServiceCutter,代码行数:22,代码来源:SecurityConfiguration.java

示例15: configure

import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {

  // // http://stackoverflow.com/questions/31724994/spring-data-rest-and-cors

  http
      .addFilterBefore(newCorsFilter(), ChannelProcessingFilter.class)
      .httpBasic()
      .and()
      .authorizeRequests()
      // .antMatchers("/index.html", "/home.html", "/login.html", "/", "turbine/**", "/user").permitAll()
      /* 
       * when running a local spring simple stomp broker, this is needed because
       * the credentials do not work when given to AngularStompDK in atacama
       * so we are forced to unsecure the simple stomp broker for now...
       */
      .antMatchers("/ticks/**").permitAll() 
      .anyRequest()
      .hasAnyRole("USER")
      // .authenticated()
      .and()
      .csrf().csrfTokenRepository(newCsrfTokenRepository())
      .and()
      .addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);

}
 
开发者ID:the-james-burton,项目名称:the-turbine,代码行数:27,代码来源:SecuritySetup.java


注:本文中的org.springframework.security.web.csrf.CsrfFilter类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。