Java源码示例:org.springframework.security.web.access.channel.ChannelProcessingFilter
示例1
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(new InterfaceAccessKeyFilter(), ChannelProcessingFilter.class)
.addFilterAfter(new CsrfFilter(), InterfaceAccessKeyFilter.class)
.addFilterBefore(new TokenFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterAfter(new TokenSessionFilter(), TokenFilter.class)
.addFilterAfter(new PermissionFilter(), TokenSessionFilter.class)
.csrf().disable()
.headers().frameOptions().sameOrigin()
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and()
.authorizeRequests().antMatchers("/api/register", "/interface/**", "/api/login", "/api/logout").permitAll()
.anyRequest().authenticated();
}
示例2
@Override
protected void configure(HttpSecurity http) throws Exception {
LOG.debug("message Inside InsightsSecurityConfigurationAdapterSAML,HttpSecurity **** {} ",
ApplicationConfigProvider.getInstance().getAutheticationProtocol());
if (AUTH_TYPE.equalsIgnoreCase(ApplicationConfigProvider.getInstance().getAutheticationProtocol())) {
LOG.debug("message Inside SAMLAuthConfig, check http security **** ");
http.cors();
http.csrf().ignoringAntMatchers(AuthenticationUtils.CSRF_IGNORE)
.csrfTokenRepository(authenticationUtils.csrfTokenRepository())
.and().addFilterAfter(new InsightsCustomCsrfFilter(), CsrfFilter.class);
http.exceptionHandling().authenticationEntryPoint(samlEntryPoint());
http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class).addFilterAfter(samlFilter(),
BasicAuthenticationFilter.class);
http.anonymous().disable().authorizeRequests().antMatchers("/error").permitAll().antMatchers("/admin/**")
.access("hasAuthority('Admin')").antMatchers("/saml/**").permitAll()
// .antMatchers("/user/insightsso/**").permitAll() ///logout
.anyRequest().authenticated();
http.logout().logoutSuccessUrl("/");
}
}
示例3
/**
* Defines the web based security configuration.
*
* @param http It allows configuring web based security for specific http requests.
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.authenticationEntryPoint(samlEntryPoint());
http
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class)
.addFilterBefore(samlFilter(), CsrfFilter.class);
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/saml/**").permitAll()
.antMatchers("/css/**").permitAll()
.antMatchers("/img/**").permitAll()
.antMatchers("/js/**").permitAll()
.anyRequest().authenticated();
http
.logout()
.disable(); // The logout procedure is already handled by SAML filters.
}
示例4
@Override
protected void configure(HttpSecurity http) throws Exception {
configureActiveMQProvider();
configureWithSSL(http);
configureH2Console(http);
http.authorizeRequests()
.requestMatchers(createAllowedPathMatchers()).permitAll()
.and().authorizeRequests().anyRequest().authenticated()
.and().exceptionHandling().authenticationEntryPoint(samlEntryPoint())
.and().csrf().csrfTokenRepository(csrfTokenRepository).ignoringRequestMatchers(createCsrfIgnoreMatchers())
.and().addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class)
.authorizeRequests().withObjectPostProcessor(createRoleProcessor())
.and().logout().logoutSuccessUrl("/");
}
示例5
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable();
http
.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/error").permitAll()
.antMatchers("/saml/**").permitAll()
.antMatchers("/css/**").permitAll()
.anyRequest().authenticated();
http
.exceptionHandling().accessDeniedHandler(new AccessDeniedHandlerImpl())
.authenticationEntryPoint(getAuthEntryPoint())
.and()
.formLogin()
.loginProcessingUrl("/authenticate")
.usernameParameter("username")
.passwordParameter("password")
.successHandler(new FormAuthSuccessHandler())
.failureHandler(new SimpleUrlAuthenticationFailureHandler())
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/")
.permitAll();
}
示例6
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/*/**").permitAll()
.antMatchers("/login", "/rest/open/**").permitAll()
.antMatchers("/logout", "/rest/**").authenticated();
// Handlers and entry points
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.formLogin().successHandler(authenticationSuccessHandler);
http.formLogin().failureHandler(authenticationFailureHandler);
// Logout
http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
// CORS
http.addFilterBefore(corsFilter, ChannelProcessingFilter.class);
// CSRF
http.csrf().requireCsrfProtectionMatcher(
new AndRequestMatcher(
// Apply CSRF protection to all paths that do NOT match the ones below
// We disable CSRF at login/logout, but only for OPTIONS methods
new NegatedRequestMatcher(new AntPathRequestMatcher("/login*/**", HttpMethod.OPTIONS.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/logout*/**", HttpMethod.OPTIONS.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.GET.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.HEAD.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.OPTIONS.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/rest*/**", HttpMethod.TRACE.toString())),
new NegatedRequestMatcher(new AntPathRequestMatcher("/rest/open*/**"))
)
);
http.addFilterAfter(new CsrfTokenResponseCookieBindingFilter(), CsrfFilter.class); // CSRF tokens handling
}
示例7
@Override
protected void configure(HttpSecurity http) throws Exception {
final RequestMatcher textHtmlMatcher = new MediaTypeRequestMatcher(
contentNegotiationStrategy,
MediaType.TEXT_HTML);
final String loginPage = dashboard("/#/login");
final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm());
basicAuthenticationEntryPoint.afterPropertiesSet();
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/")
.authenticated()
.antMatchers(
dashboard("/**"),
"/authenticate",
"/security/info",
"/features",
"/assets/**").permitAll()
.and()
.formLogin().loginPage(loginPage)
.loginProcessingUrl(dashboard("/login"))
.defaultSuccessUrl(dashboard("/")).permitAll()
.and()
.logout().logoutUrl(dashboard("/logout"))
.logoutSuccessUrl(dashboard("/logout-success.html"))
.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).permitAll()
.and().httpBasic()
.and().exceptionHandling()
.defaultAuthenticationEntryPointFor(
new LoginUrlAuthenticationEntryPoint(loginPage),
textHtmlMatcher)
.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint,
AnyRequestMatcher.INSTANCE)
.and()
.authorizeRequests()
.anyRequest().authenticated();
final SessionRepositoryFilter<ExpiringSession> sessionRepositoryFilter = new SessionRepositoryFilter<ExpiringSession>(
sessionRepository());
sessionRepositoryFilter
.setHttpSessionStrategy(new HeaderHttpSessionStrategy());
http.addFilterBefore(sessionRepositoryFilter,
ChannelProcessingFilter.class).csrf().disable();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
}
