本文整理汇总了Java中org.springframework.security.config.annotation.web.builders.HttpSecurity类的典型用法代码示例。如果您正苦于以下问题:Java HttpSecurity类的具体用法?Java HttpSecurity怎么用?Java HttpSecurity使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
HttpSecurity类属于org.springframework.security.config.annotation.web.builders包,在下文中一共展示了HttpSecurity类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception{
http.addFilterBefore(characterEncodingFilter(), CsrfFilter.class);
http.authorizeRequests()
.antMatchers("/","/category/**","/article/add","/user/update").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN') or hasRole('ROLE_MODERATOR')")
.antMatchers("/admin","/admin/**").access("hasRole('ROLE_ADMIN')")
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("ssoId")
.passwordParameter("password")
.failureHandler(new CustomAuthenticationFailureHandler())
.defaultSuccessUrl("/")
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout").deleteCookies("JSESSIONID")
.invalidateHttpSession(true)
.and()
.rememberMe().tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
.and()
.csrf()
.and()
.exceptionHandling().accessDeniedPage("/error");
http.sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry());
}
开发者ID:Exercon,项目名称:AntiSocial-Platform,代码行数:27,代码来源:SecurityConfiguration.java
示例2: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
/**
* This is the equivalent to:
* <pre>
* <http pattern="/resources/**" security="none"/>
* <http pattern="/css/**" security="none"/>
* <http pattern="/webjars/**" security="none"/>
* </pre>
*
* @param web
* @throws Exception
*/
@Override
public void configure(final WebSecurity web) throws Exception {
// Ignore static resources and webjars from Spring Security
web.ignoring()
.antMatchers("/resources/**")
.antMatchers("/css/**")
.antMatchers("/webjars/**")
;
// Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
// and not the default Filter from AutoConfiguration.
final HttpSecurity http = getHttp();
web.postBuildAction(() -> {
web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
});
}
开发者ID:PacktPublishing,项目名称:Spring-Security-Third-Edition,代码行数:29,代码来源:SecurityConfig.java
示例3: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/", "/assets/**/*", "/js/*", "/images/**/*", "/feedback", "/webhook", "/fbwebhook", "/slackwebhook", "/embed").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.defaultSuccessUrl("/admin")
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
http.headers().frameOptions().disable();
}
开发者ID:dbpedia,项目名称:chatbot,代码行数:18,代码来源:Application.java
示例4: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(new HeaderSecurityFilter(), SecurityContextHolderAwareRequestFilter.class)
.cors()
.and()
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/health").permitAll()
.antMatchers("/websocket").permitAll()
.antMatchers(HttpMethod.OPTIONS,"**").permitAll()
.antMatchers(HttpMethod.POST, "/api/**").hasAuthority(SecurityAuthoritiesEnum.COLLECTOR.toString())
.antMatchers(HttpMethod.DELETE, "/api/**").hasAuthority(SecurityAuthoritiesEnum.COLLECTOR.toString())
.antMatchers(HttpMethod.POST, "/reviews/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.GET, "/dashboards/**").hasAnyAuthority(SecurityAuthoritiesEnum.REGULAR.toString(), SecurityAuthoritiesEnum.SCREEN.toString())
.antMatchers(HttpMethod.GET, "/emitter/**").hasAnyAuthority(SecurityAuthoritiesEnum.REGULAR.toString(), SecurityAuthoritiesEnum.SCREEN.toString())
.antMatchers(HttpMethod.POST, "/dashboards/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.DELETE, "/dashboards/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString())
.antMatchers(HttpMethod.PUT, "/dashboards/**").hasAuthority(SecurityAuthoritiesEnum.REGULAR.toString());
}
开发者ID:BBVA,项目名称:mirrorgate,代码行数:22,代码来源:RestConfig.java
示例5: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
/**
* This is the equivalent to:
* <pre>
* <http pattern="/resources/**" security="none"/>
* <http pattern="/css/**" security="none"/>
* <http pattern="/webjars/**" security="none"/>
* </pre>
*
* @param web WebSecurity
* @throws Exception
*/
@Override
public void configure(final WebSecurity web) throws Exception {
web.ignoring()
.antMatchers("/resources/**")
.antMatchers("/css/**")
.antMatchers("/webjars/**")
;
// Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
// and not the default Filter from AutoConfiguration.
final HttpSecurity http = getHttp();
web.postBuildAction(() -> {
web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
});
}
开发者ID:PacktPublishing,项目名称:Spring-Security-Third-Edition,代码行数:27,代码来源:SecurityConfig.java
示例6: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
//任何访问都必须授权
.anyRequest().fullyAuthenticated()
//配置那些路径可以不用权限访问
.mvcMatchers("/login", "/login/wechat").permitAll()
.and()
.formLogin()
//登陆成功后的处理,因为是API的形式所以不用跳转页面
.successHandler(new MyAuthenticationSuccessHandler())
//登陆失败后的处理
.failureHandler(new MySimpleUrlAuthenticationFailureHandler())
.and()
//登出后的处理
.logout().logoutSuccessHandler(new RestLogoutSuccessHandler())
.and()
//认证不通过后的处理
.exceptionHandling()
.authenticationEntryPoint(new RestAuthenticationEntryPoint());
http.addFilterAt(myFilterSecurityInterceptor, FilterSecurityInterceptor.class);
http.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
//http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http.csrf().disable();
}
开发者ID:luotuo,项目名称:springboot-security-wechat,代码行数:27,代码来源:SecurityConfig.java
示例7: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login**", "/after**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.defaultSuccessUrl("/deptform.html")
.failureUrl("/login.html?error=true")
.successHandler(customSuccessHandler)
.and()
.logout().logoutUrl("/logout.html")
.logoutSuccessHandler(customLogoutHandler);
http.csrf().disable();
}
开发者ID:PacktPublishing,项目名称:Spring-5.0-Cookbook,代码行数:19,代码来源:AppSecurityModelE2.java
示例8: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
/**
* This is the equivalent to:
* <pre>
* <http pattern="/resources/**" security="none"/>
* <http pattern="/css/**" security="none"/>
* <http pattern="/webjars/**" security="none"/>
* </pre>
*
* @param web
* @throws Exception
*/
@Override
public void configure(final WebSecurity web) throws Exception {
// Ignore static resources and webjars from Spring Security
web.ignoring()
.antMatchers("/resources/**")
.antMatchers("/css/**")
.antMatchers("/webjars/**")
;
// Thymeleaf needs to use the Thymeleaf configured FilterSecurityInterceptor
// and not the default Filter from AutoConfiguration.
final HttpSecurity http = getHttp();
web.postBuildAction(() -> {
// web.securityInterceptor(http.getSharedObject(FilterSecurityInterceptor.class));
FilterSecurityInterceptor fsi = http.getSharedObject(FilterSecurityInterceptor.class);
fsi.setSecurityMetadataSource(metadataSource);
web.securityInterceptor(fsi);
});
}
开发者ID:PacktPublishing,项目名称:Spring-Security-Third-Edition,代码行数:32,代码来源:SecurityConfig.java
示例9: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
public void configure(final HttpSecurity http) throws Exception {
http
.requestMatchers().antMatchers("/doctor/**", "/rx/**", "/account/**")
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET,"/doctor/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST,"/doctor/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('write')")
.antMatchers(HttpMethod.GET,"/rx/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('read')")
.antMatchers(HttpMethod.POST,"/rx/**").access("#oauth2.hasScope('doctor') and #oauth2.hasScope('write')")
.antMatchers("/account/**").permitAll()
.and()
.exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler())
.and()
.csrf().disable();
}
开发者ID:PacktPublishing,项目名称:Building-Web-Apps-with-Spring-5-and-Angular,代码行数:18,代码来源:ResourceServerOAuth2Config.java
示例10: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/auth", "/api/users/me", "/api/greetings/public").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
开发者ID:cassiomolin,项目名称:jersey-jwt-springsecurity,代码行数:19,代码来源:WebSecurityConfig.java
示例11: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.headers()
.frameOptions()
.disable()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/api/**").authenticated()
.antMatchers("/management/health").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
.antMatchers("/swagger-resources/configuration/ui").permitAll()
.and()
.apply(securityConfigurerAdapter());
}
开发者ID:deepu105,项目名称:spring-io,代码行数:21,代码来源:MicroserviceSecurityConfiguration.java
示例12: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/","/public/**", "/resources/**",
"/resources/public/**", "/css/**", "/js/**", "/webjars/**").permitAll()
.antMatchers("/", "/home", "/about").permitAll()
// .antMatchers("admin/**", "api/**", "project/**").hasRole("ADMIN")
// .antMatchers("/user/**", "project/**", "api/projects/**").hasRole("USER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/", true)
.failureUrl("/login?error")
.failureHandler(customAuthenticationHandler)
.permitAll()
.and()
.logout()
.permitAll()
.and()
.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
}
开发者ID:Epi-Tools,项目名称:homer,代码行数:24,代码来源:SpringSecurityConfig.java
示例13: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.headers()
.frameOptions()
.disable();
if (properties.isSecurityEnabled()) {
http
.authorizeRequests()
.anyRequest()
.fullyAuthenticated()
.and()
.httpBasic();
}
}
开发者ID:iyzico,项目名称:boot-mon,代码行数:17,代码来源:BootmonServerSecurityConfig.java
示例14: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginProcessingUrl("/api/authentication/form") //认证URL
.loginPage("/api/authentication/require") //登录页
.successHandler(tzAuthenticationSuccessHandler) //登录成功处理器
.failureHandler(tzAuthenticationFailureHandler)
.and()
.authorizeRequests()
.antMatchers(
"/api/authentication/form",
"/api/authentication/require",
"/api/imgs/**",
"/templates/**",
"/api/resources/menus"
)
.permitAll()
.anyRequest()
.access("@rbacService.havePermission(request,authentication)");
}
开发者ID:TZClub,项目名称:OMIPlatform,代码行数:22,代码来源:TZResourcesServerConfig.java
示例15: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
http
.requestMatcher(new OAuthRequestedMatcher())
.csrf().disable()
.anonymous().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
// when restricting access to 'Roles' you must remove the "ROLE_" part role
// for "ROLE_USER" use only "USER"
.antMatchers("/api/hello").access("hasAnyRole('USER')")
.antMatchers("/api/me").hasAnyRole("USER", "ADMIN")
.antMatchers("/api/admin").hasRole("ADMIN")
// use the full name when specifying authority access
.antMatchers("/api/registerUser").hasAuthority("ROLE_REGISTER")
// restricting all access to /api/** to authenticated users
.antMatchers("/api/**").authenticated();
}
开发者ID:tinmegali,项目名称:Using-Spring-Oauth2-to-secure-REST,代码行数:20,代码来源:ResourceConfig.java
示例16: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/xxx/**")
.access("hasRole('ROLE_USER')")
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error")
.permitAll()
.and()
.rememberMe()
.tokenValiditySeconds(60 * 60 * 24 * 7)
.useSecureCookie(true)
.key("remember-me")
.rememberMeCookieName("remember-me")
.and()
.logout()
.deleteCookies("remember-me")
.permitAll();
}
开发者ID:tong12580,项目名称:OutsourcedProject,代码行数:24,代码来源:WebSecurityConfig.java
示例17: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http
.authorizeRequests()
.antMatchers("/oauth/token").anonymous();
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/**")
.access("#oauth2.hasScope('read')");
http
.authorizeRequests()
.antMatchers("/**")
.access("#oauth2.hasScope('write')");
}
开发者ID:kflauri2312lffds,项目名称:Android_watch_magpie,代码行数:19,代码来源:OAuth2SecurityConfiguration.java
示例18: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void configure(HttpSecurity http) throws Exception {
filter.setAuthenticationManager(authenticationManager());
http.headers().cacheControl().disable();
http
.addFilter(filter)
.sessionManagement().sessionCreationPolicy(STATELESS).and()
.csrf().disable()
.formLogin().disable()
.logout().disable()
.authorizeRequests()
.antMatchers("/swagger-ui.html",
"/webjars/springfox-swagger-ui/**",
"/swagger-resources/**",
"/v2/**",
"/health",
"/info"
).permitAll()
.anyRequest().authenticated();
}
开发者ID:hmcts,项目名称:document-management-store-app,代码行数:23,代码来源:SpringSecurityConfiguration.java
示例19: customizeRememberMe
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
@Override
protected void customizeRememberMe(HttpSecurity http) throws Exception {
UserDetailsService userDetailsService = lookup("userDetailsService");
PersistentTokenRepository persistentTokenRepository = lookup("persistentTokenRepository");
AbstractRememberMeServices rememberMeServices = lookup("rememberMeServices");
RememberMeAuthenticationFilter rememberMeAuthenticationFilter =
lookup("rememberMeAuthenticationFilter");
http.rememberMe()
.userDetailsService(userDetailsService)
.tokenRepository(persistentTokenRepository)
.rememberMeServices(rememberMeServices)
.key(rememberMeServices.getKey())
.and()
.logout()
.logoutUrl(LOGOUT_ENDPOINT)
.and()
.addFilterAt(rememberMeAuthenticationFilter, RememberMeAuthenticationFilter.class);
}
开发者ID:springuni,项目名称:springuni-particles,代码行数:20,代码来源:AuthSecurityConfiguration.java
示例20: configure
import org.springframework.security.config.annotation.web.builders.HttpSecurity; //导入依赖的package包/类
/**
* HTTP Security configuration
*
* <pre><http auto-config="true"></pre> is equivalent to:
* <pre>
* <http>
* <form-login />
* <http-basic />
* <logout />
* </http>
* </pre>
*
* Which is equivalent to the following JavaConfig:
*
* <pre>
* http.formLogin()
* .and().httpBasic()
* .and().logout();
* </pre>
*
* @param http HttpSecurity configuration.
* @throws Exception Authentication configuration exception
*
* @see <a href="http://docs.spring.io/spring-security/site/migrate/current/3-to-4/html5/migrate-3-to-4-jc.html">
* Spring Security 3 to 4 migration</a>
*/
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests()
// FIXME: TODO: Allow anyone to use H2 (NOTE: NOT FOR PRODUCTION USE EVER !!! )
.antMatchers("/admin/h2/**").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login/*").permitAll()
.antMatchers("/logout").permitAll()
.antMatchers("/signup/*").permitAll()
.antMatchers("/errors/**").permitAll()
.antMatchers("/admin/*").hasRole("ADMIN")
.antMatchers("/events/").hasRole("ADMIN")
.antMatchers("/**").hasRole("USER")
.and().exceptionHandling().accessDeniedPage("/errors/403")
.and().formLogin()
.loginPage("/login/form")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/default", true)
.permitAll()
.and().logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login/form?logout")
.permitAll()
.and().anonymous()
// CSRF is enabled by default, with Java Config
.and().csrf().disable();
// Enable <frameset> in order to use H2 web console
http.headers().frameOptions().disable();
}
开发者ID:PacktPublishing,项目名称:Spring-Security-Third-Edition,代码行数:66,代码来源:SecurityConfig.java
注:本文中的org.springframework.security.config.annotation.web.builders.HttpSecurity类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论