use of org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint in project midpoint by Evolveum.
the class MidpointSaml2LoginConfigurer method init.
public void init(B http) throws Exception {
Saml2AuthenticationTokenConverter authenticationConverter = new Saml2AuthenticationTokenConverter((RelyingPartyRegistrationResolver) new DefaultRelyingPartyRegistrationResolver(this.relyingPartyRegistrationRepository));
this.saml2WebSsoAuthenticationFilter = new MidpointSaml2WebSsoAuthenticationFilter(authenticationConverter, this.loginProcessingUrl, auditProvider);
this.setAuthenticationFilter(this.saml2WebSsoAuthenticationFilter);
super.loginProcessingUrl(this.loginProcessingUrl);
Map<String, String> providerUrlMap = this.getIdentityProviderUrlMap(this.relyingPartyRegistrationRepository);
boolean singleProvider = providerUrlMap.size() == 1;
if (singleProvider) {
this.updateAuthenticationDefaults();
this.updateAccessDefaults(http);
String loginUrl = (String) ((Map.Entry) providerUrlMap.entrySet().iterator().next()).getKey();
LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint(loginUrl);
this.registerAuthenticationEntryPoint(http, entryPoint);
} else {
super.init(http);
}
}
use of org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint in project OsmAnd-tools by osmandapp.
the class WebSecurityConfiguration method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
// http.csrf().disable().antMatcher("/**");
// 1. CSRF
Set<String> enabledMethods = new TreeSet<>(Arrays.asList("GET", "HEAD", "TRACE", "OPTIONS", "POST", "DELETE"));
http.csrf().requireCsrfProtectionMatcher(new RequestMatcher() {
@Override
public boolean matches(HttpServletRequest request) {
String method = request.getMethod();
if (method != null && !enabledMethods.contains(method)) {
String url = request.getServletPath();
if (request.getPathInfo() != null) {
url += request.getPathInfo();
}
if (url.startsWith("/api/") || url.startsWith("/subscription/")) {
return false;
}
return true;
}
return false;
}
}).csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http.cors().configurationSource(corsConfigurationSource());
http.authorizeRequests().antMatchers("/actuator/**", "/admin/**").hasAuthority(ROLE_ADMIN).antMatchers("/mapapi/auth/**").permitAll().antMatchers("/mapapi/**").hasAuthority(ROLE_PRO_USER).anyRequest().permitAll();
http.oauth2Login().userInfoEndpoint().userService(oauthGithubUserService());
// SEE MapApiController.loginForm to test form
// http.formLogin().loginPage("/mapapi/auth/loginForm").
// loginProcessingUrl("/mapapi/auth/loginProcess").defaultSuccessUrl("/map/loginSuccess");
LoginUrlAuthenticationEntryPoint mapLogin = new LoginUrlAuthenticationEntryPoint("/map/loginForm");
if (getApplicationContext().getEnvironment().acceptsProfiles(Profiles.of("production"))) {
mapLogin.setForceHttps(true);
}
http.exceptionHandling().defaultAuthenticationEntryPointFor(mapLogin, new AntPathRequestMatcher("/mapapi/**"));
http.rememberMe().tokenValiditySeconds(3600 * 24 * 14);
http.logout().deleteCookies("JSESSIONID").logoutSuccessUrl("/").logoutRequestMatcher(new AntPathRequestMatcher("/logout")).permitAll();
}
Aggregations