本文整理匯總了Java中org.springframework.security.config.annotation.web.builders.HttpSecurity類的典型用法代碼示例。如果您正苦於以下問題:Java HttpSecurity類的具體用法?Java HttpSecurity怎麽用?Java HttpSecurity使用的例子?那麽, 這裏精選的類代碼示例或許可以為您提供幫助。
HttpSecurity類屬於org.springframework.security.config.annotation.web.builders包,在下文中一共展示了HttpSecurity類的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。
示例1: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception{
http.addFilterBefore(characterEncodingFilter(), CsrfFilter.class);
http.authorizeRequests()
.antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
.antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("ssoId")
.passwordParameter("password")
.failureHandler(new CustomAuthenticationFailureHandler())
.defaultSuccessUrl("/")
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.and()
.rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
.and()
.csrf()
.and()
.exceptionHandling().accessDeniedPage("/error");
http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}
示例2: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
/**
* This is the equivalent to:
* <pre>
* <http pattern="/resources/**" security="none"/>
* <http pattern="/css/**" security="none"/>
* <http pattern="/webjars/**" security="none"/>
* </pre>
*
* @param web
* @throws Exception
*/
@Override
public void configure(final WebSecurity web) throws Exception {
// Ignore static resources and webjars from Spring Security
web.ignoring()
.antMatchers("/resources/**")
.antMatchers("/css/**")
.antMatchers("/webjars/**")
;
// Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
// and not the default Filter from AutoConfiguration.
final HttpSecurity http = getHttp();
web.postBuildAction(() -> {
web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
});
}
示例3: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/assets/**/*", "/js/*", "/images/**/*", "/feedback", "/webhook", "/fbwebhook", "/slackwebhook", "/embed").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.defaultSuccessUrl("/admin")
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
http.headers().frameOptions().disable();
}
示例4: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(new HeaderSecurityFilter(), SecurityContextHolderAwareRequestFilter.class)
.cors()
.and()
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/health").permitAll()
.antMatchers("/websocket").permitAll()
.antMatchers(HttpMethod.OPTIONS,"**").permitAll()
.antMatchers(HttpMethod.POST, "/api/**").hasAuthority(SecurityAuthoritiesEnum.COLLECTOR.toString())
.antMatchers(HttpMethod.DELETE, "/api/**").hasAuthority(SecurityAuthoritiesEnum.COLLECTOR.toString())
.antMatchers(HttpMethod.POST, "/reviews/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.GET, "/dashboards/**").hasAnyAuthority(SecurityAuthoritiesEnum.REGULAR.toString(), SecurityAuthoritiesEnum.SCREEN.toString())
.antMatchers(HttpMethod.GET, "/emitter/**").hasAnyAuthority(SecurityAuthoritiesEnum.REGULAR.toString(), SecurityAuthoritiesEnum.SCREEN.toString())
.antMatchers(HttpMethod.POST, "/dashboards/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.DELETE, "/dashboards/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.PUT, "/dashboards/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString());
}
示例5: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
/**
* This is the equivalent to:
* <pre>
* <http pattern="/resources/**" security="none"/>
* <http pattern="/css/**" security="none"/>
* <http pattern="/webjars/**" security="none"/>
* </pre>
*
* @param web WebSecurity
* @throws Exception
*/
@Override
public void configure(final WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/resources/**")
.antMatchers("/css/**")
.antMatchers("/webjars/**")
;
// Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
// and not the default Filter from AutoConfiguration.
final HttpSecurity http = getHttp();
web.postBuildAction(() -> {
web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
});
}
示例6: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
//任何訪問都必須授權
.anyRequest().fullyAuthenticated()
//配置那些路徑可以不用權限訪問
.mvcMatchers("/login", "/login/wechat").permitAll()
.and()
.formLogin()
//登陸成功後的處理,因為是API的形式所以不用跳轉頁麵
.successHandler(new MyAuthenticationSuccessHandler())
//登陸失敗後的處理
.failureHandler(new MySimpleUrlAuthenticationFailureHandler())
.and()
//登出後的處理
.logout().logoutSuccessHandler(new RestLogoutSuccessHandler())
.and()
//認證不通過後的處理
.exceptionHandling()
.authenticationEntryPoint(new RestAuthenticationEntryPoint());
http.addFilterAt(myFilterSecurityInterceptor, FilterSecurityInterceptor.class);
http.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
//http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http.csrf().disable();
}
示例7: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login**", "/after**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.defaultSuccessUrl("/deptform.html")
.failureUrl("/login.html?error=true")
.successHandler(customSuccessHandler)
.and()
.logout().logoutUrl("/logout.html")
.logoutSuccessHandler(customLogoutHandler);
http.csrf().disable();
}
示例8: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
/**
* This is the equivalent to:
* <pre>
* <http pattern="/resources/**" security="none"/>
* <http pattern="/css/**" security="none"/>
* <http pattern="/webjars/**" security="none"/>
* </pre>
*
* @param web
* @throws Exception
*/
@Override
public void configure(final WebSecurity web) throws Exception {
// Ignore static resources and webjars from Spring Security
web.ignoring()
.antMatchers("/resources/**")
.antMatchers("/css/**")
.antMatchers("/webjars/**")
;
// Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
// and not the default Filter from AutoConfiguration.
final HttpSecurity http = getHttp();
web.postBuildAction(() -> {
// web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
FilterSecurityInterceptor fsi = http.getSharedObject(FilterSecurityInterceptor.class);
fsi.setSecurityMetadataSource(metadataSource);
web.securityInterceptor(fsi);
});
}
示例9: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
public void configure(final HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/doctor/**", "/rx/**", "/account/**")
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET,"/doctor/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST,"/doctor/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('write')")
.antMatchers(HttpMethod.GET,"/rx/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST,"/rx/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('write')")
.antMatchers("/account/**").permitAll()
.and()
.exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler())
.and()
.csrf().disable();
}
開發者ID:PacktPublishing,項目名稱:Building-Web-Apps-with-Spring-5-and-Angular,代碼行數:18,代碼來源:ResourceServerOAuth2Config.java
示例10: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/auth", "/api/users/me", "/api/greetings/public").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
示例11: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/swagger-resources/configuration/ui").permitAll()
.and()
.apply(securityConfigurerAdapter());
}
示例12: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/","/public/**", "/resources/**",
"/resources/public/**", "/css/**", "/js/**", "/webjars/**").permitAll()
.antMatchers("/", "/home", "/about").permitAll()
// .antMatchers("admin/**", "api/**", "project/**").hasRole("ADMIN")
// .antMatchers("/user/**", "project/**", "api/projects/**").hasRole("USER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/", true)
.failureUrl("/login?error")
.failureHandler(customAuthenticationHandler)
.permitAll()
.and()
.logout()
.permitAll()
.and()
.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
}
示例13: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.headers()
.frameOptions()
.disable();
if (properties.isSecurityEnabled()) {
http
.authorizeRequests()
.anyRequest()
.fullyAuthenticated()
.and()
.httpBasic();
}
}
示例14: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
public void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginProcessingUrl("/api/authentication/form") //認證URL
.loginPage("/api/authentication/require") //登錄頁
.successHandler(tzAuthenticationSuccessHandler) //登錄成功處理器
.failureHandler(tzAuthenticationFailureHandler)
.and()
.authorizeRequests()
.antMatchers(
"/api/authentication/form",
"/api/authentication/require",
"/api/imgs/**",
"/templates/**",
"/api/resources/menus"
)
.permitAll()
.anyRequest()
.access("@rbacService.havePermission(request,authentication)");
}
示例15: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入依賴的package包/類
@Override
public void configure(HttpSecurity http) throws Exception {
http
.requestMatcher(new OAuthRequestedMatcher())
.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
// when restricting access to 'Roles' you must remove the "ROLE_" part role
// for "ROLE_USER" use only "USER"
.antMatchers("/api/hello").access("hasAnyRole('USER')")
.antMatchers("/api/me").hasAnyRole("USER", "ADMIN")
.antMatchers("/api/admin").hasRole("ADMIN")
// use the full name when specifying authority access
.antMatchers("/api/registerUser").hasAuthority("ROLE_REGISTER")
// restricting all access to /api/** to authenticated users
.antMatchers("/api/**").authenticated();
}