Search in sources :

Example 6 with HttpSecurity

use of org.springframework.security.config.annotation.web.builders.HttpSecurity in project spring-security-oauth by spring-projects.

the class Application method otherResources.

@Bean
protected ResourceServerConfiguration otherResources() {
    ResourceServerConfiguration resource = new ResourceServerConfiguration() {

        // Switch off the Spring Boot @Autowired configurers
        public void setConfigurers(List<ResourceServerConfigurer> configurers) {
            super.setConfigurers(configurers);
        }
    };
    resource.setConfigurers(Arrays.<ResourceServerConfigurer>asList(new ResourceServerConfigurerAdapter() {

        @Override
        public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
            resources.resourceId("oauth2/other");
        }

        @Override
        public void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests().anyRequest().access("#oauth2.hasScope('trust')");
        }
    }));
    resource.setOrder(4);
    return resource;
}
Also used : ResourceServerConfiguration(org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) ResourceServerConfigurerAdapter(org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter) List(java.util.List) ResourceServerSecurityConfigurer(org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer) Bean(org.springframework.context.annotation.Bean)

Example 7 with HttpSecurity

use of org.springframework.security.config.annotation.web.builders.HttpSecurity in project spring-boot by spring-projects.

the class SsoSecurityConfigurer method addAuthenticationEntryPoint.

private void addAuthenticationEntryPoint(HttpSecurity http, OAuth2SsoProperties sso) throws Exception {
    ExceptionHandlingConfigurer<HttpSecurity> exceptions = http.exceptionHandling();
    ContentNegotiationStrategy contentNegotiationStrategy = http.getSharedObject(ContentNegotiationStrategy.class);
    if (contentNegotiationStrategy == null) {
        contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
    }
    MediaTypeRequestMatcher preferredMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN);
    preferredMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    exceptions.defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(sso.getLoginPath()), preferredMatcher);
    // When multiple entry points are provided the default is the first one
    exceptions.defaultAuthenticationEntryPointFor(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
}
Also used : HttpStatusEntryPoint(org.springframework.security.web.authentication.HttpStatusEntryPoint) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) MediaType(org.springframework.http.MediaType) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) MediaTypeRequestMatcher(org.springframework.security.web.util.matcher.MediaTypeRequestMatcher) ContentNegotiationStrategy(org.springframework.web.accept.ContentNegotiationStrategy) HeaderContentNegotiationStrategy(org.springframework.web.accept.HeaderContentNegotiationStrategy) RequestHeaderRequestMatcher(org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher) LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)

Aggregations

HttpSecurity (org.springframework.security.config.annotation.web.builders.HttpSecurity)7 MediaTypeRequestMatcher (org.springframework.security.web.util.matcher.MediaTypeRequestMatcher)3 ContentNegotiationStrategy (org.springframework.web.accept.ContentNegotiationStrategy)3 HeaderContentNegotiationStrategy (org.springframework.web.accept.HeaderContentNegotiationStrategy)3 List (java.util.List)2 Bean (org.springframework.context.annotation.Bean)2 ResourceServerConfiguration (org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration)2 ResourceServerConfigurerAdapter (org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter)2 ResourceServerSecurityConfigurer (org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer)2 MediaType (org.springframework.http.MediaType)1 AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)1 DefaultAuthenticationEventPublisher (org.springframework.security.authentication.DefaultAuthenticationEventPublisher)1 AbstractHttpConfigurer (org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer)1 FilterSecurityInterceptor (org.springframework.security.web.access.intercept.FilterSecurityInterceptor)1 HttpStatusEntryPoint (org.springframework.security.web.authentication.HttpStatusEntryPoint)1 LoginUrlAuthenticationEntryPoint (org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)1 BasicAuthenticationEntryPoint (org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint)1 WebAsyncManagerIntegrationFilter (org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter)1 RequestHeaderRequestMatcher (org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher)1