本文整理汇总了Java中org.springframework.security.web.csrf.CsrfFilter类的典型用法代码示例。如果您正苦于以下问题:Java CsrfFilter类的具体用法?Java CsrfFilter怎么用?Java CsrfFilter使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
CsrfFilter类属于org.springframework.security.web.csrf包,在下文中一共展示了CsrfFilter类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception{
http.addFilterBefore(characterEncodingFilter(), CsrfFilter.class);
http.authorizeRequests()
.antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
.antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("ssoId")
.passwordParameter("password")
.failureHandler(new CustomAuthenticationFailureHandler())
.defaultSuccessUrl("/")
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.and()
.rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
.and()
.csrf()
.and()
.exceptionHandling().accessDeniedPage("/error");
http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}
示例2: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests()
.antMatchers(
"/",
"/public/**",
"/social/**",
"/login**",
"/webjars/**",
"/img/**",
"/css/**",
"/robots.txt").permitAll()
.anyRequest().authenticated()
.and().logout().logoutSuccessUrl("/").permitAll()
.and().formLogin().loginPage("/")
.and().csrf().csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
示例3: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http// .csrf().disable()
.headers().cacheControl().disable().and().exceptionHandling()
.authenticationEntryPoint(new RestAuthenticationEntryPoint("/")).and()
/* old: "/bootstrap/**", "/libraries/**", "/scripts/**", "/styles/**" */
.authorizeRequests().antMatchers("/", "/login", "/wro/**", "/images/**", "/views/**").permitAll().and()
.authorizeRequests().anyRequest().authenticated().and()
.formLogin().loginProcessingUrl("/login").successHandler(authenticationSuccessHandler())
.failureHandler(authenticationFailureHandler()).and()
.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler())
.deleteCookies("JSESSIONID", "XSRF-TOKEN").invalidateHttpSession(true).and()
.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
示例4: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf()
.csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
// .csrf().disable()
.exceptionHandling()
.authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
.and()
.authorizeRequests().antMatchers("/", "/home", "/oauth/authorize", "/oauth/token").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
// .loginPage("/login")
// .failureForwardUrl("/login?error")
.permitAll()
.and()
.logout()
// .logoutUrl("/logout")
// .logoutSuccessUrl("/login?logout")
.permitAll()
.and()
.httpBasic();
}
示例5: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/h2-console", "/rest/isAdmin").hasRole("ADMIN")// not working for h2 console // role should not start with 'ROLE_' since it is automatically inserted
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").failureUrl("/login?error").permitAll()
.and()
.logout().logoutSuccessUrl("/login?logout").permitAll()
.and()
.httpBasic()
.and()
.csrf().csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
示例6: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/hojeehdiaderua/**")
.permitAll()
.antMatchers("/admin/**")
.access("hasRole('ROLE_ADMIN')")
.and()
.httpBasic()
.and()
.formLogin()
.and()
.logout()
.logoutUrl("/admin/logout")
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.logoutSuccessUrl("/index.jsp")
.and()
.csrf()
.csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
}
示例7: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
.logout()
.and()
.antMatcher("/**").authorizeRequests()
.antMatchers(
"/index.html",
"/home.html",
"/",
"/login",
"/**/*.html",
"/**/*.less",
"/**/*.css",
"/**/*.js").permitAll()
.anyRequest().authenticated()
.and()
.csrf().csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
//@formatter:on
}
示例8: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http)
throws Exception
{
// @formatter:off
http.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**", "/webjars/**").permitAll()
.anyRequest().authenticated()
.and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
.and().logout().logoutSuccessUrl("/").permitAll()
.and().csrf().csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
// @formatter:on
}
示例9: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/restricted/**").authenticated()
.antMatchers("/web/**").authenticated()
.and()
.formLogin()
.usernameParameter("j_username") // default is username
.passwordParameter("j_password") // default is password
.loginPage("/views/login.html").successHandler(new CustomSuccessHandler()).failureUrl("/views/login.html?failure")
.and()
.logout().logoutSuccessUrl("/")
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.and()
.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
.csrf().csrfTokenRepository(csrfTokenRepository());
}
示例10: samlizedConfig
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
/**
* Fluent API that pre-configures HttpSecurity with SAML specific configuration.
*
* @param http HttpSecurity instance
* @return Same HttpSecurity instance
* @throws Exception Exception
*/
// CSRF must be disabled when processing /saml/** to prevent "Expected CSRF token not found" exception.
// See: http://stackoverflow.com/questions/26508835/spring-saml-extension-and-spring-security-csrf-protection-conflict/26560447
protected final HttpSecurity samlizedConfig(final HttpSecurity http) throws Exception {
http.httpBasic().authenticationEntryPoint(samlEntryPoint())
.and()
.csrf().ignoringAntMatchers("/saml/**")
.and()
.authorizeRequests().antMatchers("/saml/**").permitAll()
.and()
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
.addFilterAfter(filterChainProxy(), BasicAuthenticationFilter.class);
// store CSRF token in cookie
if (samlConfigBean().getStoreCsrfTokenInCookie()) {
http.csrf()
.csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
}
return http;
}
开发者ID:choonchernlim,项目名称:spring-security-adfs-saml2,代码行数:30,代码来源:SAMLWebSecurityConfigurerAdapter.java
示例11: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
for (String p : mccySecuritySettings.getAllowAnonymous().getGet()) {
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, p).permitAll();
}
http
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.and().formLogin()
.loginPage("/login")
.defaultSuccessUrl("/")
.permitAll()
.and().logout().logoutSuccessUrl("/")
.and().addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
.csrf().csrfTokenRepository(csrfTokenRepository());
if (env.acceptsProfiles(MccyConstants.PROFILE_BASIC_AUTH, MccyConstants.PROFILE_DEV)) {
http
.httpBasic()
.and().csrf().ignoringAntMatchers("/**");
}
}
示例12: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
http.requestMatchers().anyRequest().and()
.authorizeRequests().anyRequest()
.authenticated().and().csrf()
.csrfTokenRepository(csrfTokenRepository()).and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
OAuth2SsoProperties sso = this.beanFactory.getBean(OAuth2SsoProperties.class);
// Delay the processing of the filter until we know the
// SessionAuthenticationStrategy is available:
http.apply(
(SecurityConfigurerAdapter) new OAuth2ClientAuthenticationConfigurer(oauth2SsoFilter(sso))
);
addAuthenticationEntryPoint(http, sso);
}
示例13: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/index.html", "/home.html", "/")
.permitAll()
.anyRequest()
.authenticated()
.and()
.csrf()
.csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
// @formatter:on
}
示例14: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().ignoringAntMatchers("/websocket/**").and().addFilterAfter(new CsrfCookieGeneratorFilter(), CsrfFilter.class).exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint).and().rememberMe().rememberMeServices(rememberMeServices).rememberMeParameter("remember-me")
.key(env.getProperty("jhipster.security.rememberme.key")).and().formLogin().loginProcessingUrl("/api/authentication")
.successHandler(ajaxAuthenticationSuccessHandler).failureHandler(ajaxAuthenticationFailureHandler).usernameParameter("j_username").passwordParameter("j_password")
.permitAll().and().logout().logoutUrl("/api/logout").logoutSuccessHandler(ajaxLogoutSuccessHandler).deleteCookies("JSESSIONID").permitAll().and().headers()
.frameOptions().disable().and().authorizeRequests().antMatchers("/api/register").permitAll().antMatchers("/api/activate").permitAll()
.antMatchers("/api/authenticate").permitAll().antMatchers("/api/account/reset_password/init").permitAll().antMatchers("/api/account/reset_password/finish")
.permitAll().antMatchers("/api/logs/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/api/audits/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/api/**").authenticated().antMatchers("/websocket/tracker").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/websocket/**").permitAll()
.antMatchers("/metrics/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/health/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/trace/**")
.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/dump/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/shutdown/**")
.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/beans/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/configprops/**")
.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/info/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/autoconfig/**")
.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/env/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/trace/**")
.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/mappings/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/v2/api-docs/**").permitAll()
.antMatchers("/configuration/security").permitAll().antMatchers("/configuration/ui").permitAll().antMatchers("/swagger-ui/index.html")
.hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/protected/**").authenticated();
}
示例15: configure
import org.springframework.security.web.csrf.CsrfFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
// // http://stackoverflow.com/questions/31724994/spring-data-rest-and-cors
http
.addFilterBefore(newCorsFilter(), ChannelProcessingFilter.class)
.httpBasic()
.and()
.authorizeRequests()
// .antMatchers("/index.html", "/home.html", "/login.html", "/", "turbine/**", "/user").permitAll()
/*
* when running a local spring simple stomp broker, this is needed because
* the credentials do not work when given to AngularStompDK in atacama
* so we are forced to unsecure the simple stomp broker for now...
*/
.antMatchers("/ticks/**").permitAll()
.anyRequest()
.hasAnyRole("USER")
// .authenticated()
.and()
.csrf().csrfTokenRepository(newCsrfTokenRepository())
.and()
.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
}