Search in sources :

Example 1 with HttpSecurity

use of org.springframework.security.config.annotation.web.builders.HttpSecurity in project spring-security by spring-projects.

the class WebSecurityConfigurerAdapter method getHttp.

/**
	 * Creates the {@link HttpSecurity} or returns the current instance
	 *
	 * ] * @return the {@link HttpSecurity}
	 * @throws Exception
	 */
@SuppressWarnings({ "rawtypes", "unchecked" })
protected final HttpSecurity getHttp() throws Exception {
    if (http != null) {
        return http;
    }
    DefaultAuthenticationEventPublisher eventPublisher = objectPostProcessor.postProcess(new DefaultAuthenticationEventPublisher());
    localConfigureAuthenticationBldr.authenticationEventPublisher(eventPublisher);
    AuthenticationManager authenticationManager = authenticationManager();
    authenticationBuilder.parentAuthenticationManager(authenticationManager);
    Map<Class<? extends Object>, Object> sharedObjects = createSharedObjects();
    http = new HttpSecurity(objectPostProcessor, authenticationBuilder, sharedObjects);
    if (!disableDefaults) {
        // @formatter:off
        http.csrf().and().addFilter(new WebAsyncManagerIntegrationFilter()).exceptionHandling().and().headers().and().sessionManagement().and().securityContext().and().requestCache().and().anonymous().and().servletApi().and().apply(new DefaultLoginPageConfigurer<HttpSecurity>()).and().logout();
        // @formatter:on
        ClassLoader classLoader = this.context.getClassLoader();
        List<AbstractHttpConfigurer> defaultHttpConfigurers = SpringFactoriesLoader.loadFactories(AbstractHttpConfigurer.class, classLoader);
        for (AbstractHttpConfigurer configurer : defaultHttpConfigurers) {
            http.apply(configurer);
        }
    }
    configure(http);
    return http;
}
Also used : DefaultAuthenticationEventPublisher(org.springframework.security.authentication.DefaultAuthenticationEventPublisher) AuthenticationManager(org.springframework.security.authentication.AuthenticationManager) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) AbstractHttpConfigurer(org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer) WebAsyncManagerIntegrationFilter(org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter)

Example 2 with HttpSecurity

use of org.springframework.security.config.annotation.web.builders.HttpSecurity in project spring-security by spring-projects.

the class WebSecurityConfigurerAdapter method init.

public void init(final WebSecurity web) throws Exception {
    final HttpSecurity http = getHttp();
    web.addSecurityFilterChainBuilder(http).postBuildAction(new Runnable() {

        public void run() {
            FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
            web.securityInterceptor(securityInterceptor);
        }
    });
}
Also used : HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) FilterSecurityInterceptor(org.springframework.security.web.access.intercept.FilterSecurityInterceptor)

Example 3 with HttpSecurity

use of org.springframework.security.config.annotation.web.builders.HttpSecurity in project spring-security-oauth by spring-projects.

the class AuthorizationServerSecurityConfigurer method registerDefaultAuthenticationEntryPoint.

@SuppressWarnings("unchecked")
private void registerDefaultAuthenticationEntryPoint(HttpSecurity http) {
    ExceptionHandlingConfigurer<HttpSecurity> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
    if (exceptionHandling == null) {
        return;
    }
    if (authenticationEntryPoint == null) {
        BasicAuthenticationEntryPoint basicEntryPoint = new BasicAuthenticationEntryPoint();
        basicEntryPoint.setRealmName(realm);
        authenticationEntryPoint = basicEntryPoint;
    }
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher preferredMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML);
    preferredMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(authenticationEntryPoint), preferredMatcher);
}
Also used : BasicAuthenticationEntryPoint(org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy)

Example 4 with HttpSecurity

use of org.springframework.security.config.annotation.web.builders.HttpSecurity in project spring-security-oauth by spring-projects.

the class ResourceServerSecurityConfigurer method registerDefaultAuthenticationEntryPoint.

@SuppressWarnings("unchecked")
private void registerDefaultAuthenticationEntryPoint(HttpSecurity http) {
    ExceptionHandlingConfigurer<HttpSecurity> exceptionHandling = http.getConfigurer(ExceptionHandlingConfigurer.class);
    if (exceptionHandling == null) {
        return;
    }
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher preferredMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML);
    preferredMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    exceptionHandling.defaultAuthenticationEntryPointFor(postProcess(authenticationEntryPoint), preferredMatcher);
}
Also used : HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy)

Example 5 with HttpSecurity

use of org.springframework.security.config.annotation.web.builders.HttpSecurity in project spring-security-oauth by spring-projects.

the class Application method adminResources.

@Bean
protected ResourceServerConfiguration adminResources() {
    ResourceServerConfiguration resource = new ResourceServerConfiguration() {

        // Switch off the Spring Boot @Autowired configurers
        public void setConfigurers(List<ResourceServerConfigurer> configurers) {
            super.setConfigurers(configurers);
        }
    };
    resource.setConfigurers(Arrays.<ResourceServerConfigurer>asList(new ResourceServerConfigurerAdapter() {

        @Override
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
            resources.resourceId("oauth2/admin");
        }

        @Override
        public void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/admin/**").authorizeRequests().anyRequest().access("#oauth2.hasScope('read')");
        }
    }));
    resource.setOrder(3);
    return resource;
}
Also used : ResourceServerConfiguration(org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) ResourceServerConfigurerAdapter(org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter) List(java.util.List) ResourceServerSecurityConfigurer(org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer) Bean(org.springframework.context.annotation.Bean)

Aggregations

HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)7 MediaTypeRequestMatcher (org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)3 ContentNegotiationStrategy (org.springframework.web.accept.ContentNegotiationStrategy)3 HeaderContentNegotiationStrategy (org.springframework.web.accept.HeaderContentNegotiationStrategy)3 List (java.util.List)2 Bean (org.springframework.context.annotation.Bean)2 ResourceServerConfiguration (org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration)2 ResourceServerConfigurerAdapter (org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter)2 ResourceServerSecurityConfigurer (org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer)2 MediaType (org.springframework.http.MediaType)1 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1 DefaultAuthenticationEventPublisher (org.springframework.security.authentication.DefaultAuthenticationEventPublisher)1 AbstractHttpConfigurer (org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer)1 FilterSecurityInterceptor (org.springframework.security.web.access.intercept.FilterSecurityInterceptor)1 HttpStatusEntryPoint (org.springframework.security.web.authentication.HttpStatusEntryPoint)1 LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)1 BasicAuthenticationEntryPoint (org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint)1 WebAsyncManagerIntegrationFilter (org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter)1 RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)1