當前位置: 首頁>>代碼示例>>Java>>正文


Java HttpSecurity.addFilterBefore方法代碼示例

本文整理匯總了Java中org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterBefore方法的典型用法代碼示例。如果您正苦於以下問題:Java HttpSecurity.addFilterBefore方法的具體用法?Java HttpSecurity.addFilterBefore怎麽用?Java HttpSecurity.addFilterBefore使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在org.springframework.security.config.annotation.web.builders.HttpSecurity的用法示例。


在下文中一共展示了HttpSecurity.addFilterBefore方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。

示例1: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception{
    http.addFilterBefore(characterEncodingFilter(), CsrfFilter.class);
    http.authorizeRequests()
            .antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
            .antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
            .and()
            .formLogin()
            .loginPage("/login")
            .usernameParameter("ssoId")
            .passwordParameter("password")
            .failureHandler(new CustomAuthenticationFailureHandler())
            .defaultSuccessUrl("/")
            .and()
            .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
            .invalidateHttpSession(true)
            .and()
            .rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
            .and()
            .csrf()
            .and()
            .exceptionHandling().accessDeniedPage("/error");

    http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}
 
開發者ID:Exercon,項目名稱:AntiSocial-Platform,代碼行數:27,代碼來源:SecurityConfiguration.java

示例2: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
    		.cors()
    		.and()
            // we don't need CSRF because our token is invulnerable
            .csrf().disable()
            // All urls must be authenticated (filter for token always fires (/**)
            .authorizeRequests()
            	.antMatchers(HttpMethod.OPTIONS).permitAll()
            	.antMatchers("/auth/**").authenticated()
            .and()
            // don't create session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); //.and()
    // Custom JWT based security filter
    httpSecurity
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
            

    // disable page caching
    // httpSecurity.headers().cacheControl();
}
 
開發者ID:awaters1,項目名稱:spring-security-firebase,代碼行數:23,代碼來源:WebSecurityConfig.java

示例3: init

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
public void init(HttpSecurity http) throws Exception {

    // autowire this bean
    ApplicationContext context = http.getSharedObject(ApplicationContext.class);
    context.getAutowireCapableBeanFactory().autowireBean(this);

    boolean springSecurityEnabled = forwardedHeaderConfig.getJwt() instanceof SpringSecurityJwtConfig;

    if (springSecurityEnabled) {
        String headerName = forwardedHeaderConfig.getName();
        HeaderAuthenticationFilter filter = new HeaderAuthenticationFilter(headerName, authenticationManager);
        http.addFilterBefore(filter, UsernamePasswordAuthenticationFilter.class);
    } //else juiser.security.enabled is false or spring security is disabled via a property
}
 
開發者ID:juiser,項目名稱:juiser,代碼行數:16,代碼來源:JuiserAuthenticationFilterRegistrar.java

示例4: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
	httpSecurity
		// we don't need CSRF because our token is invulnerable
		.csrf().disable()
		
		.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
		
		// don't create session
		.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
		
		.authorizeRequests()
		
		// allow auth url
		.antMatchers("/auth").permitAll()
		
		.anyRequest().authenticated();
	
	// custom JWT based security filter
	httpSecurity.addFilterBefore(authenticationFilterBean(), UsernamePasswordAuthenticationFilter.class);

	// disable page caching
	httpSecurity.headers().cacheControl();
}
 
開發者ID:ard333,項目名稱:spring-boot-jjwt,代碼行數:25,代碼來源:WebSecurityConfig.java

示例5: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.csrf().disable();
	http.exceptionHandling().and()
			.anonymous().and()
			.servletApi().and()
			.headers().cacheControl();

	http.authorizeRequests()
			.antMatchers(HttpMethod.GET, "/api/users/**").hasRole("USER");

	http.addFilterBefore(
			new StatelessLoginFilter(
					"/api/login",
					tokenAuthenticationService,
					userService,
					authenticationManager()),
			UsernamePasswordAuthenticationFilter.class);

	http.addFilterBefore(
			new StatelessAuthenticationFilter(tokenAuthenticationService),
			UsernamePasswordAuthenticationFilter.class);
	}
 
開發者ID:HoodyMac,項目名稱:SA-starter-kit,代碼行數:24,代碼來源:SecurityConfiguration.java

示例6: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            // we don't need CSRF because our token is invulnerable
            .csrf().disable()

            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()

            // don't create session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()

            .authorizeRequests()
            //.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()

            // allow anonymous resource requests
            .antMatchers(
                    HttpMethod.GET,
                    "/",
                    "/*.html",
                    "/favicon.ico",
                    "/**/*.html",
                    "/**/*.css",
                    "/**/*.js"
            ).permitAll()
            .antMatchers("/auth/**").permitAll()
            .anyRequest().authenticated();

    // Custom JWT based security filter
    httpSecurity
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

    // disable page caching
    httpSecurity.headers().cacheControl();
}
 
開發者ID:jlmonteagudo,項目名稱:generator-spring-rest-jwt,代碼行數:35,代碼來源:_WebSecurityConfig.java

示例7: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception {

	final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
	basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm());
	basicAuthenticationEntryPoint.afterPropertiesSet();
	final Filter oauthFilter = oauthFilter();
	final BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(
			providerManager(), basicAuthenticationEntryPoint);
	http.addFilterAfter(oauthFilter, basicAuthenticationFilter.getClass());
	http.addFilterBefore(basicAuthenticationFilter, oauthFilter.getClass());
	http.addFilterBefore(oAuth2AuthenticationProcessingFilter(), basicAuthenticationFilter.getClass());
	this.authorizationProperties.getAuthenticatedPaths().add(dashboard("/**"));
	this.authorizationProperties.getAuthenticatedPaths().add(dashboard(""));

	ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry security =
		http.authorizeRequests()
				.antMatchers(this.authorizationProperties.getPermitAllPaths().toArray(new String[0]))
				.permitAll()
				.antMatchers(this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0]))
				.authenticated();

	security = SecurityConfigUtils.configureSimpleSecurity(security, this.authorizationProperties);
	security.anyRequest().denyAll();
	this.securityStateBean.setAuthorizationEnabled(true);

	http.httpBasic().and()
			.logout()
			.logoutSuccessUrl(dashboard("/logout-success-oauth.html"))
			.and().csrf().disable()
			.exceptionHandling()
			.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/api/**"))
			.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, new AntPathRequestMatcher("/actuator/**"))
			.defaultAuthenticationEntryPointFor(
					new LoginUrlAuthenticationEntryPoint(this.authorizationProperties.getLoginProcessingUrl()),
					AnyRequestMatcher.INSTANCE);
	this.securityStateBean.setAuthenticationEnabled(true);
}
 
開發者ID:spring-cloud,項目名稱:spring-cloud-skipper,代碼行數:39,代碼來源:SkipperOAuthSecurityConfiguration.java

示例8: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            // we don't need CSRF because our token is invulnerable
            .csrf().disable()

            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()

            // don't create session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()

            .authorizeRequests()
            //.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()

            // allow anonymous resource requests
            .antMatchers(
                    HttpMethod.GET,
                    "/",
                    "/v2/api-docs",           // swagger
                    "/webjars/**",            // swagger-ui webjars
                    "/swagger-resources/**",  // swagger-ui resources
                    "/configuration/**",      // swagger configuration
                    "/*.html",
                    "/favicon.ico",
                    "/**/*.html",
                    "/**/*.css",
                    "/**/*.js"
            ).permitAll()
            .antMatchers("/api/auth/**").permitAll()
            .anyRequest().authenticated();

    // Custom JWT based security filter
    httpSecurity
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

    // disable page caching
    httpSecurity.headers().cacheControl();
}
 
開發者ID:adriano-fonseca,項目名稱:rest-api-jwt-spring-security,代碼行數:39,代碼來源:WebSecurityConfig.java

示例9: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            // we don't need CSRF because our token is invulnerable
            .csrf().disable()

            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()

            // don't create session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()

            .authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
            
            .antMatchers(HttpMethod.GET, "/products/**").permitAll()
            .antMatchers(HttpMethod.POST, "/products/**").hasRole(Permission.USER_SELLER)
.antMatchers(HttpMethod.PUT, "/products/**").hasRole(Permission.USER_SELLER)
            
            //authenticated requests
            .anyRequest().authenticated();

    // Custom JWT based security filter
    httpSecurity
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

    // disable page caching
    httpSecurity.headers().cacheControl();
}
 
開發者ID:quebic-source,項目名稱:microservices-sample-project,代碼行數:29,代碼來源:WebSecurityConfig.java

示例10: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        // we don't need CSRF because our token is invulnerable
        .csrf().disable()

        .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()

        // don't create session
        .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()

        .authorizeRequests()
        //.expressionHandler(webExpressionHandler())
        .antMatchers(HttpMethod.OPTIONS, requestMatchersProperties.getOptiones()).permitAll()
        .antMatchers(HttpMethod.HEAD, requestMatchersProperties.getHeads()).permitAll()
        .antMatchers(HttpMethod.POST, requestMatchersProperties.getPosts()).permitAll()
        .antMatchers(HttpMethod.GET, requestMatchersProperties.getGets()).permitAll()
        // allow anonymous resource requests
        .antMatchers("/auth/**").permitAll()
        .anyRequest().authenticated();

    // Custom JWT based security filter
    httpSecurity
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

    // disable page caching
    httpSecurity.headers().cacheControl();
}
 
開發者ID:zzqfsy,項目名稱:spring-jwt-starter,代碼行數:29,代碼來源:WebSecurityConfig.java

示例11: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            // 由於使用的是JWT,我們這裏不需要csrf
            .csrf().disable()

            // 基於token,所以不需要session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()

            .authorizeRequests()
            .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()

            // 允許對於網站靜態資源的無授權訪問
            .antMatchers(
                    HttpMethod.GET,
                    "/",
                    "/*.html",
                    "/favicon.ico",
                    "/**/*.html",
                    "/**/*.css",
                    "/**/*.js"
            ).permitAll()
            // 對於獲取token的rest api要允許匿名訪問
            .antMatchers("/auth/**").permitAll()
            // 除上麵外的所有請求全部需要鑒權認證
            .anyRequest().authenticated();

    // 禁用緩存
    httpSecurity.headers().cacheControl();

    httpSecurity
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
 
開發者ID:CFshuming,項目名稱:bf-editor,代碼行數:34,代碼來源:WebSecurityConfig.java

示例12: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                // 由於使用的是JWT,我們這裏不需要csrf
                .csrf().disable()
                // 基於token,所以不需要session
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests()
                // 所有 / 的所有請求 都放行
                .antMatchers("/").permitAll()
                .antMatchers("/v2/api-docs", "/configuration/ui", "/swagger-resources/**", "/configuration/**", "/swagger-ui.html", "/webjars/**")
                .permitAll()
                .antMatchers(HttpMethod.POST,"/user/register").permitAll()
                .antMatchers("/manage/**").hasRole("ADMIN") // 需要相應的角色才能訪問
                // 允許對於網站靜態資源的無授權訪問
//                .antMatchers(
//                        HttpMethod.GET,
//                        "/",
//                        "/*.html",
//                        "/favicon.ico",
//                        "/**/*.html",
//                        "/**/*.css",
//                        "/**/*.js"
//                ).permitAll()

                // 對於獲取token的rest api要允許匿名訪問
                .antMatchers("/auth/**").permitAll()
                // 除上麵外的所有請求全部需要鑒權認證
                .anyRequest().authenticated();

        // 禁用緩存
        http.headers().cacheControl();
        // 添加一個過濾器 所有訪問 /login 的請求交給 JWTLoginFilter 來處理
        http.addFilterBefore(jwtLoginFilterBean(),
                UsernamePasswordAuthenticationFilter.class);
        // 添加JWT filter
        http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
    }
 
開發者ID:BENULL,項目名稱:LushX,代碼行數:39,代碼來源:WebSecurityConfig.java

示例13: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
public void configure(HttpSecurity http) throws Exception {
    JWTFilter customFilter = new JWTFilter(tokenProvider);
    http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}
 
開發者ID:mraible,項目名稱:devoxxus-jhipster-microservices-demo,代碼行數:6,代碼來源:JWTConfigurer.java

示例14: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
public void configure(HttpSecurity http) throws Exception {
  JwtTokenFilter customFilter = new JwtTokenFilter(jwtTokenProvider);
  http.addFilterBefore(customFilter, UsernamePasswordAuthenticationFilter.class);
}
 
開發者ID:murraco,項目名稱:spring-boot-jwt,代碼行數:6,代碼來源:JwtTokenFilterConfigurer.java

示例15: configure

import org.springframework.security.config.annotation.web.builders.HttpSecurity; //導入方法依賴的package包/類
@Override
protected void configure(HttpSecurity http) throws Exception {

    RESTRequestParameterProcessingFilter restAuthenticationFilter = new RESTRequestParameterProcessingFilter();
    restAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
    restAuthenticationFilter.setSecurityService(securityService);
    restAuthenticationFilter.setEventPublisher(eventPublisher);
    http = http.addFilterBefore(restAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

    http
            .csrf()
            .requireCsrfProtectionMatcher(csrfSecurityRequestMatcher)
            .and().headers()
            .frameOptions()
            .sameOrigin()
            .and().authorizeRequests()
            .antMatchers("/recover*", "/accessDenied*",
                    "/style/**", "/icons/**", "/flash/**", "/script/**",
                    "/sonos/**", "/crossdomain.xml", "/login", "/error")
            .permitAll()
            .antMatchers("/personalSettings*", "/passwordSettings*",
                    "/playerSettings*", "/shareSettings*", "/passwordSettings*")
            .hasRole("SETTINGS")
            .antMatchers("/generalSettings*", "/advancedSettings*", "/userSettings*",
                    "/musicFolderSettings*", "/databaseSettings*", "/rest/startScan*")
            .hasRole("ADMIN")
            .antMatchers("/deletePlaylist*", "/savePlaylist*", "/db*")
            .hasRole("PLAYLIST")
            .antMatchers("/download*")
            .hasRole("DOWNLOAD")
            .antMatchers("/upload*")
            .hasRole("UPLOAD")
            .antMatchers("/createShare*")
            .hasRole("SHARE")
            .antMatchers("/changeCoverArt*", "/editTags*")
            .hasRole("COVERART")
            .antMatchers("/setMusicFileInfo*")
            .hasRole("COMMENT")
            .antMatchers("/podcastReceiverAdmin*")
            .hasRole("PODCAST")
            .antMatchers("/**")
            .hasRole("USER")
            .anyRequest().authenticated()
            .and().formLogin()
            .loginPage("/login")
            .permitAll()
            .defaultSuccessUrl("/index", true)
            .failureUrl(FAILURE_URL)
            .usernameParameter("j_username")
            .passwordParameter("j_password")
            // see http://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/reference/htmlsingle/#csrf-logout
            .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout", "GET")).logoutSuccessUrl(
            "/login?logout")
            .and().rememberMe().key("airsonic");
}
 
開發者ID:airsonic,項目名稱:airsonic,代碼行數:56,代碼來源:GlobalSecurityConfig.java


注:本文中的org.springframework.security.config.annotation.web.builders.HttpSecurity.addFilterBefore方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。