本文整理汇总了Java中org.springframework.security.web.session.SessionManagementFilter类的典型用法代码示例。如果您正苦于以下问题:Java SessionManagementFilter类的具体用法?Java SessionManagementFilter怎么用?Java SessionManagementFilter使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
SessionManagementFilter类属于org.springframework.security.web.session包,在下文中一共展示了SessionManagementFilter类的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: configure
import org.springframework.security.web.session.SessionManagementFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, formBasedAuthEntry).permitAll()
.antMatchers(HttpMethod.GET, apiAuthEntry).permitAll()
.antMatchers(apiAuthEntry).authenticated()
.antMatchers(dbStatusAuthEntry).access("hasIpAddress('127.0.0.1')")
.anyRequest().permitAll()
.and()
.addFilterBefore(corsFilter(), SessionManagementFilter.class)
.addFilterBefore(buildDeviceLoginProcessingFilter(),
UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(),
UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilterDbStatus(),
UsernamePasswordAuthenticationFilter.class);
}
示例2: configure
import org.springframework.security.web.session.SessionManagementFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.httpBasic()
.and()
.logout()
.and()
.authorizeRequests()
.antMatchers("/index.html", "/login", "/", "/hystrix.stream", "/turbine.stream", "/epicfail",
"/admin/json/healthchecks.json")
.permitAll()
.anyRequest().authenticated()
.and()
.csrf().csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(csrfHeaderFilter(), SessionManagementFilter.class);
// @formatter:on
}
示例3: configure
import org.springframework.security.web.session.SessionManagementFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/turbine.stream").permitAll()
.antMatchers("/test").permitAll()
.antMatchers("/service/**").permitAll()
.antMatchers("/api/user").permitAll()
.antMatchers("/api/user-activation/activate/*/").permitAll()
.anyRequest().authenticated()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logout")
.and()
.addFilterAfter(new CsrfHeaderFilter(), SessionManagementFilter.class)
.csrf()
.csrfTokenRepository(csrfTokenRepository());
}
示例4: configure
import org.springframework.security.web.session.SessionManagementFilter; //导入依赖的package包/类
@Override
protected void configure(final HttpSecurity http) throws Exception {
final BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint();
basicAuthEntryPoint.setRealmName(springSecurityProperties.getBasic().getRealm());
HttpSecurity httpSec = http.regexMatcher("\\/rest.*|\\/system/admin.*").csrf().disable();
if (springSecurityProperties.isRequireSsl()) {
httpSec = httpSec.requiresChannel().anyRequest().requiresSecure().and();
}
httpSec.addFilterBefore(new Filter() {
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
userAuthenticationFilter.init(filterConfig);
}
@Override
public void doFilter(final ServletRequest request, final ServletResponse response,
final FilterChain chain) throws IOException, ServletException {
userAuthenticationFilter.doFilter(request, response, chain);
}
@Override
public void destroy() {
userAuthenticationFilter.destroy();
}
}, RequestHeaderAuthenticationFilter.class)
.addFilterAfter(new AuthenticationSuccessTenantMetadataCreationFilter(systemManagement,
systemSecurityContext), SessionManagementFilter.class)
.authorizeRequests().anyRequest().authenticated()
.antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
.hasAnyAuthority(SpPermission.SYSTEM_ADMIN);
httpSec.httpBasic().and().exceptionHandling().authenticationEntryPoint(basicAuthEntryPoint);
httpSec.anonymous().disable();
httpSec.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
示例5: configure
import org.springframework.security.web.session.SessionManagementFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable()
.csrf()
.csrfTokenRepository(csrfTokenRepository())
.and()
.sessionManagement()
.enableSessionUrlRewriting(true)
.and()
.formLogin()
.usernameParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_USERNAME_KEY)
.passwordParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY)
.loginProcessingUrl("/j_spring_security_check")
.loginPage(LOG_IN_URL_PAGE)
.defaultSuccessUrl(DEFAULT_TARGET_URL_PAGE)
.failureUrl(AUTHENTICATION_FAILURE_URL_PAGE)
.and()
.logout()
.logoutUrl(LOG_OUT_URL_PAGE)
.logoutSuccessUrl(LOG_OUT_SUCCESS_URL)
.invalidateHttpSession(true)
.and()
.authorizeRequests()
.antMatchers(LOG_IN_URL_PAGE,
LOG_OUT_URL_PAGE,
"/css/**",
"/js/**",
"/img/**",
"/**/favicon.ico",
"/webjars/**",
"/signup").permitAll()
.antMatchers("/**").fullyAuthenticated()
.anyRequest().authenticated()
.and()
.addFilterAfter(csrfHeaderFilter(), SessionManagementFilter.class);
}
示例6: configure
import org.springframework.security.web.session.SessionManagementFilter; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.authenticationEntryPoint(new NoWWWAuthenticate401ResponseEntryPoint("lap"))
.and()
.authorizeRequests()
.antMatchers("/features/**", "/", "/login", "/user").permitAll()
.antMatchers("/admin/**","/history/**","/pipelines/**").authenticated()
.and()
.logout()
.invalidateHttpSession(true)
.deleteCookies("X-LAP-TENANT")
.and().csrf().csrfTokenRepository(csrfTokenRepository())
/**
*
* TODO revisit after updating to Spring Security 4.1
* Currently the SessionManagementFilter is added here instead of the CsrfFilter
* Two session tokens are generated, one token is created before login and one token is created after.
* The Csrf doesn't update with the second token. Logout does not work as a side effect.
* Replacing the CsrfFilter with the SessionManagmenentFilter is the current fix.
* @link https://github.com/dsyer/spring-security-angular/issues/15
*
* .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
* */
.and().addFilterAfter(csrfHeaderFilter(), SessionManagementFilter.class);
}
开发者ID:Apereo-Learning-Analytics-Initiative,项目名称:LearningAnalyticsProcessor,代码行数:28,代码来源:SecurityConfig.java
示例7: sessionManagementFilter
import org.springframework.security.web.session.SessionManagementFilter; //导入依赖的package包/类
@Bean
public SessionManagementFilter sessionManagementFilter(SecurityContextRepository securityContextRepository,
SessionAuthenticationStrategy sessionAuthenticationStrategy){
return new SessionManagementFilter(securityContextRepository, sessionAuthenticationStrategy);
}
示例8: configure
import org.springframework.security.web.session.SessionManagementFilter; //导入依赖的package包/类
/**
* Method configure is main config class for http security
* @param http is HttpSecurity for configuring http security
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.authenticationEntryPoint(new RedirectAuthenticationEntryPoint())
.and().rememberMe()
.userDetailsService(userDetailsService)
.key("steam")
.useSecureCookie(true)
.tokenValiditySeconds(25000)
.and().authorizeRequests()
.antMatchers("/index.html", "/", "/login", "/javascript/**", "/fonts/**",
"/stylesheets/**", "/images/**", "/api/currency-rate", "/favicon.ico")
.permitAll()
.antMatchers(HttpMethod.GET, "/attention").hasAnyAuthority("ROLE_ADMIN", "ROLE_ENGINEER", "ROLE_BOSS")
.antMatchers(HttpMethod.GET, "/delay").hasAnyAuthority("ROLE_ADMIN", "ROLE_ENGINEER", "ROLE_BOSS")
.antMatchers(HttpMethod.POST, "/api/cheques/{\\d+}/diagnostics").hasAnyAuthority("ROLE_ADMIN", "ROLE_ENGINEER", "ROLE_BOSS")
.antMatchers(HttpMethod.DELETE, "/api/cheques/{\\d+}/diagnostics/{\\d+}").hasAuthority("ROLE_ADMIN")
.antMatchers(HttpMethod.DELETE, "/api/cheques/{\\d+}/notes/{\\d+}").hasAuthority("ROLE_ADMIN")
.antMatchers(HttpMethod.DELETE, "/api/cheques/{\\d+}").hasAuthority("ROLE_ADMIN")
.antMatchers(HttpMethod.DELETE, "/api/photo/{\\d+}/{\\d+}").hasAuthority("ROLE_ADMIN")
.antMatchers(HttpMethod.GET, "/api/currency-rate-list").hasAuthority("ROLE_ADMIN")
.antMatchers(HttpMethod.POST, "/api/currency-rate").hasAuthority("ROLE_ADMIN")
.antMatchers(HttpMethod.POST, "/api/user").hasAuthority("ROLE_ADMIN")
.antMatchers(HttpMethod.DELETE, "/api/user/{\\d+}").hasAuthority("ROLE_ADMIN")
.anyRequest().authenticated()
.and().logout()
.logoutSuccessUrl("/")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.and().csrf()
.csrfTokenRepository(csrfTokenRepository())
.and()
.addFilterAfter(csrfHeaderFilter(), SessionManagementFilter.class)
.addFilterBefore(new ReCaptchaAuthFilter(reCaptchaProperties), BasicAuthenticationFilter.class)
.headers().contentSecurityPolicy("default-src https: 'self'; " +
"object-src 'none'; " +
"script-src 'self' https://www.google.com https://www.gstatic.com; " +
"style-src 'self' 'unsafe-inline'; " +
"img-src 'self' data:; " +
"connect-src 'self' ws://127.0.0.1:35729")
.and().addHeaderWriter(new StaticHeadersWriter("Referrer-Policy", "no-referrer-when-downgrade"));
}
示例9: addSessionManagementFilter
import org.springframework.security.web.session.SessionManagementFilter; //导入依赖的package包/类
private void addSessionManagementFilter(List<Filter> filters, SecurityContextRepository contextRepository) {
SessionManagementFilter sessionManagementFilter = new SessionManagementFilter(contextRepository);
filters.add(sessionManagementFilter);
}
示例10: csrf
import org.springframework.security.web.session.SessionManagementFilter; //导入依赖的package包/类
private void csrf(HttpSecurity http) throws Exception {
http.csrf()
.ignoringAntMatchers("/users/current")
.and()
.addFilterAfter(csrfTokenFilter(), SessionManagementFilter.class);
}