本文整理汇总了Java中org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterBefore方法的典型用法代码示例。如果您正苦于以下问题:Java HttpSecurity.addFilterBefore方法的具体用法?Java HttpSecurity.addFilterBefore怎么用?Java HttpSecurity.addFilterBefore使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.springframework.security.config.annotation.web.builders.HttpSecurity的用法示例。
在下文中一共展示了HttpSecurity.addFilterBefore方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception{
http.addFilterBefore(characterEncodingFilter(), CsrfFilter.class);
http.authorizeRequests()
.antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
.antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("ssoId")
.passwordParameter("password")
.failureHandler(new CustomAuthenticationFailureHandler())
.defaultSuccessUrl("/")
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.and()
.rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
.and()
.csrf()
.and()
.exceptionHandling().accessDeniedPage("/error");
http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}
示例2: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors()
.and()
// we don't need CSRF because our token is invulnerable
.csrf().disable()
// All urls must be authenticated (filter for token always fires (/**)
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/auth/**").authenticated()
.and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); //.and()
// Custom JWT based security filter
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
// disable page caching
// httpSecurity.headers().cacheControl();
}
示例3: init
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
public void init(HttpSecurity http) throws Exception {
// autowire this bean
ApplicationContext context = http.getSharedObject(ApplicationContext.class);
context.getAutowireCapableBeanFactory().autowireBean(this);
boolean springSecurityEnabled = forwardedHeaderConfig.getJwt() instanceof SpringSecurityJwtConfig;
if (springSecurityEnabled) {
String headerName = forwardedHeaderConfig.getName();
HeaderAuthenticationFilter filter = new HeaderAuthenticationFilter(headerName, authenticationManager);
http.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);
} //else juiser.security.enabled is false or spring security is disabled via a property
}
示例4: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
// allow auth url
.antMatchers("/auth").permitAll()
.anyRequest().authenticated();
// custom JWT based security filter
httpSecurity.addFilterBefore(authenticationFilterBean(), UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity.headers().cacheControl();
}
示例5: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.exceptionHandling().and()
.anonymous().and()
.servletApi().and()
.headers().cacheControl();
http.authorizeRequests()
.antMatchers(HttpMethod.GET, "/api/users/**").hasRole("USER");
http.addFilterBefore(
new StatelessLoginFilter(
"/api/login",
tokenAuthenticationService,
userService,
authenticationManager()),
UsernamePasswordAuthenticationFilter.class);
http.addFilterBefore(
new StatelessAuthenticationFilter(tokenAuthenticationService),
UsernamePasswordAuthenticationFilter.class);
}
示例6: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
//.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// allow anonymous resource requests
.antMatchers(
HttpMethod.GET,
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
.antMatchers("/auth/**").permitAll()
.anyRequest().authenticated();
// Custom JWT based security filter
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity.headers().cacheControl();
}
示例7: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm());
basicAuthenticationEntryPoint.afterPropertiesSet();
final Filter oauthFilter = oauthFilter();
final BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(
providerManager(), basicAuthenticationEntryPoint);
http.addFilterAfter(oauthFilter, basicAuthenticationFilter.getClass());
http.addFilterBefore(basicAuthenticationFilter, oauthFilter.getClass());
http.addFilterBefore(oAuth2AuthenticationProcessingFilter(), basicAuthenticationFilter.getClass());
this.authorizationProperties.getAuthenticatedPaths().add(dashboard("/**"));
this.authorizationProperties.getAuthenticatedPaths().add(dashboard(""));
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security =
http.authorizeRequests()
.antMatchers(this.authorizationProperties.getPermitAllPaths().toArray(new String[0]))
.permitAll()
.antMatchers(this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0]))
.authenticated();
security = SecurityConfigUtils.configureSimpleSecurity(security, this.authorizationProperties);
security.anyRequest().denyAll();
this.securityStateBean.setAuthorizationEnabled(true);
http.httpBasic().and()
.logout()
.logoutSuccessUrl(dashboard("/logout-success-oauth.html"))
.and().csrf().disable()
.exceptionHandling()
.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/api/**"))
.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/actuator/**"))
.defaultAuthenticationEntryPointFor(
new LoginUrlAuthenticationEntryPoint(this.authorizationProperties.getLoginProcessingUrl()),
AnyRequestMatcher.INSTANCE);
this.securityStateBean.setAuthenticationEnabled(true);
}
示例8: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
//.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// allow anonymous resource requests
.antMatchers(
HttpMethod.GET,
"/",
"/v2/api-docs", // swagger
"/webjars/**", // swagger-ui webjars
"/swagger-resources/**", // swagger-ui resources
"/configuration/**", // swagger configuration
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
.antMatchers("/api/auth/**").permitAll()
.anyRequest().authenticated();
// Custom JWT based security filter
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity.headers().cacheControl();
}
示例9: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/products/**").permitAll()
.antMatchers(HttpMethod.POST, "/products/**").hasRole(Permission.USER_SELLER)
.antMatchers(HttpMethod.PUT, "/products/**").hasRole(Permission.USER_SELLER)
//authenticated requests
.anyRequest().authenticated();
// Custom JWT based security filter
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity.headers().cacheControl();
}
示例10: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// we don't need CSRF because our token is invulnerable
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// don't create session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
//.expressionHandler(webExpressionHandler())
.antMatchers(HttpMethod.OPTIONS, requestMatchersProperties.getOptiones()).permitAll()
.antMatchers(HttpMethod.HEAD, requestMatchersProperties.getHeads()).permitAll()
.antMatchers(HttpMethod.POST, requestMatchersProperties.getPosts()).permitAll()
.antMatchers(HttpMethod.GET, requestMatchersProperties.getGets()).permitAll()
// allow anonymous resource requests
.antMatchers("/auth/**").permitAll()
.anyRequest().authenticated();
// Custom JWT based security filter
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
// disable page caching
httpSecurity.headers().cacheControl();
}
示例11: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// 由于使用的是JWT,我们这里不需要csrf
.csrf().disable()
// 基于token,所以不需要session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// 允许对于网站静态资源的无授权访问
.antMatchers(
HttpMethod.GET,
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
// 对于获取token的rest api要允许匿名访问
.antMatchers("/auth/**").permitAll()
// 除上面外的所有请求全部需要鉴权认证
.anyRequest().authenticated();
// 禁用缓存
httpSecurity.headers().cacheControl();
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
示例12: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// 由于使用的是JWT,我们这里不需要csrf
.csrf().disable()
// 基于token,所以不需要session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
// 所有 / 的所有请求 都放行
.antMatchers("/").permitAll()
.antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**")
.permitAll()
.antMatchers(HttpMethod.POST,"/user/register").permitAll()
.antMatchers("/manage/**").hasRole("ADMIN") // 需要相应的角色才能访问
// 允许对于网站静态资源的无授权访问
// .antMatchers(
// HttpMethod.GET,
// "/",
// "/*.html",
// "/favicon.ico",
// "/**/*.html",
// "/**/*.css",
// "/**/*.js"
// ).permitAll()
// 对于获取token的rest api要允许匿名访问
.antMatchers("/auth/**").permitAll()
// 除上面外的所有请求全部需要鉴权认证
.anyRequest().authenticated();
// 禁用缓存
http.headers().cacheControl();
// 添加一个过滤器 所有访问 /login 的请求交给 JWTLoginFilter 来处理
http.addFilterBefore(jwtLoginFilterBean(),
UsernamePasswordAuthenticationFilter.class);
// 添加JWT filter
http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
示例13: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
JWTFilter customFilter = new JWTFilter(tokenProvider);
http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}
示例14: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
JwtTokenFilter customFilter = new JwtTokenFilter(jwtTokenProvider);
http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}
示例15: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入方法依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
RESTRequestParameterProcessingFilter restAuthenticationFilter = new RESTRequestParameterProcessingFilter();
restAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
restAuthenticationFilter.setSecurityService(securityService);
restAuthenticationFilter.setEventPublisher(eventPublisher);
http = http.addFilterBefore(restAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
http
.csrf()
.requireCsrfProtectionMatcher(csrfSecurityRequestMatcher)
.and().headers()
.frameOptions()
.sameOrigin()
.and().authorizeRequests()
.antMatchers("/recover*", "/accessDenied*",
"/style/**", "/icons/**", "/flash/**", "/script/**",
"/sonos/**", "/crossdomain.xml", "/login", "/error")
.permitAll()
.antMatchers("/personalSettings*", "/passwordSettings*",
"/playerSettings*", "/shareSettings*", "/passwordSettings*")
.hasRole("SETTINGS")
.antMatchers("/generalSettings*", "/advancedSettings*", "/userSettings*",
"/musicFolderSettings*", "/databaseSettings*", "/rest/startScan*")
.hasRole("ADMIN")
.antMatchers("/deletePlaylist*", "/savePlaylist*", "/db*")
.hasRole("PLAYLIST")
.antMatchers("/download*")
.hasRole("DOWNLOAD")
.antMatchers("/upload*")
.hasRole("UPLOAD")
.antMatchers("/createShare*")
.hasRole("SHARE")
.antMatchers("/changeCoverArt*", "/editTags*")
.hasRole("COVERART")
.antMatchers("/setMusicFileInfo*")
.hasRole("COMMENT")
.antMatchers("/podcastReceiverAdmin*")
.hasRole("PODCAST")
.antMatchers("/**")
.hasRole("USER")
.anyRequest().authenticated()
.and().formLogin()
.loginPage("/login")
.permitAll()
.defaultSuccessUrl("/index", true)
.failureUrl(FAILURE_URL)
.usernameParameter("j_username")
.passwordParameter("j_password")
// see http://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/#csrf-logout
.and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")).logoutSuccessUrl(
"/login?logout")
.and().rememberMe().key("airsonic");
}