use of org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler in project molgenis by molgenis.
the class MolgenisWebAppSecurityConfig method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
// do not write cache control headers for static resources
RequestMatcher matcher = new NegatedRequestMatcher(new OrRequestMatcher(new AntPathRequestMatcher(PATTERN_CSS), new AntPathRequestMatcher(PATTERN_JS), new AntPathRequestMatcher(PATTERN_IMG), new AntPathRequestMatcher(PATTERN_FONTS)));
DelegatingRequestMatcherHeaderWriter cacheControlHeaderWriter = new DelegatingRequestMatcherHeaderWriter(matcher, new CacheControlHeadersWriter());
http.sessionManagement().invalidSessionStrategy(invalidSessionStrategy());
// add default header options but use custom cache control header writer
http.headers().contentTypeOptions().and().xssProtection().and().httpStrictTransportSecurity().and().frameOptions().and().addHeaderWriter(cacheControlHeaderWriter);
http.addFilterBefore(anonymousAuthFilter(), AnonymousAuthenticationFilter.class);
http.authenticationProvider(anonymousAuthenticationProvider());
http.authenticationProvider(tokenAuthenticationProvider());
http.authenticationProvider(runAsAuthenticationProvider());
http.addFilterBefore(tokenAuthenticationFilter(), AnonymousAuthenticationFilter.class);
http.addFilterBefore(googleAuthenticationProcessingFilter(), TokenAuthenticationFilter.class);
http.addFilterAfter(changePasswordFilter(), SwitchUserFilter.class);
http.addFilterAfter(twoFactorAuthenticationFilter(), MolgenisChangePasswordFilter.class);
http.authenticationProvider(twoFactorAuthenticationProvider());
http.authenticationProvider(recoveryAuthenticationProvider());
ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry = http.authorizeRequests();
configureUrlAuthorization(expressionInterceptUrlRegistry);
expressionInterceptUrlRegistry.antMatchers(MolgenisLoginController.URI).permitAll().antMatchers(TwoFactorAuthenticationController.URI + "/**").permitAll().antMatchers(GOOGLE_AUTHENTICATION_URL).permitAll().antMatchers("/beacon/**").permitAll().antMatchers("/logo/**").permitAll().antMatchers("/molgenis.py").permitAll().antMatchers("/molgenis.R").permitAll().antMatchers(AccountController.CHANGE_PASSWORD_URI).authenticated().antMatchers("/account/**").permitAll().antMatchers(PATTERN_SWAGGER).permitAll().antMatchers(PATTERN_CSS).permitAll().antMatchers(PATTERN_IMG).permitAll().antMatchers(PATTERN_JS).permitAll().antMatchers(PATTERN_FONTS).permitAll().antMatchers("/html/**").permitAll().antMatchers("/plugin/void/**").permitAll().antMatchers("/api/**").permitAll().antMatchers("/webjars/**").permitAll().antMatchers("/search").permitAll().antMatchers("/captcha").permitAll().antMatchers("/dataindexerstatus").authenticated().antMatchers("/permission/**/read/**").permitAll().antMatchers("/permission/**/write/**").permitAll().antMatchers("/scripts/**/run").authenticated().antMatchers("/scripts/**/start").authenticated().antMatchers("/files/**").permitAll().antMatchers('/' + PATH_SEGMENT_APPS + "/**").permitAll().anyRequest().denyAll().and().httpBasic().authenticationEntryPoint(authenticationEntryPoint()).and().formLogin().loginPage(MolgenisLoginController.URI).failureUrl(MolgenisLoginController.URI + "?error").and().logout().deleteCookies("JSESSIONID").addLogoutHandler((req, res, auth) -> {
if (req.getSession(false) != null && req.getSession().getAttribute("continueWithUnsupportedBrowser") != null) {
req.setAttribute("continueWithUnsupportedBrowser", true);
}
}).logoutSuccessHandler((req, res, auth) -> {
StringBuilder logoutSuccessUrl = new StringBuilder("/");
if (req.getAttribute("continueWithUnsupportedBrowser") != null) {
logoutSuccessUrl.append("?continueWithUnsupportedBrowser=true");
}
SimpleUrlLogoutSuccessHandler logoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
logoutSuccessHandler.setDefaultTargetUrl(logoutSuccessUrl.toString());
logoutSuccessHandler.onLogoutSuccess(req, res, auth);
}).and().csrf().disable();
}
use of org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler in project judge by zjnu-acm.
the class SecurityConfiguration method configure.
@Override
protected void configure(HttpSecurity http) throws Exception {
SimpleUrlAuthenticationSuccessHandler simpleUrlAuthenticationSuccessHandler = new SimpleUrlAuthenticationSuccessHandler("/");
simpleUrlAuthenticationSuccessHandler.setUseReferer(false);
simpleUrlAuthenticationSuccessHandler.setTargetUrlParameter("url");
DefaultRedirectStrategy defaultRedirectStrategy = new DefaultRedirectStrategy();
simpleUrlAuthenticationSuccessHandler.setRedirectStrategy(defaultRedirectStrategy);
SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
simpleUrlLogoutSuccessHandler.setUseReferer(true);
// @formatter:off
http.authorizeRequests().antMatchers(ckfinder.getServlet().getPath()).hasAnyRole("ADMIN").and().csrf().disable().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and().formLogin().loginPage("/login").usernameParameter("user_id1").passwordParameter("password1").successHandler(simpleUrlAuthenticationSuccessHandler).failureHandler(failureHandler()).permitAll().and().headers().cacheControl().disable().httpStrictTransportSecurity().disable().frameOptions().sameOrigin().and().logout().logoutUrl("/logout.html").logoutSuccessHandler(simpleUrlLogoutSuccessHandler).permitAll().and().rememberMe().rememberMeParameter("rememberMe").tokenRepository(persistentTokenRepository).and().requestCache().requestCache(new NullRequestCache()).and().servletApi();
// @formatter:on
}
use of org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler in project spring-security by spring-projects.
the class LogoutConfigurer method getLogoutSuccessHandler.
/**
* Gets the {@link LogoutSuccessHandler} if not null, otherwise creates a new
* {@link SimpleUrlLogoutSuccessHandler} using the {@link #logoutSuccessUrl(String)}.
* @return the {@link LogoutSuccessHandler} to use
*/
public LogoutSuccessHandler getLogoutSuccessHandler() {
LogoutSuccessHandler handler = this.logoutSuccessHandler;
if (handler == null) {
handler = createDefaultSuccessHandler();
this.logoutSuccessHandler = handler;
}
return handler;
}
use of org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler in project spring-security by spring-projects.
the class LogoutConfigurer method createDefaultSuccessHandler.
private LogoutSuccessHandler createDefaultSuccessHandler() {
SimpleUrlLogoutSuccessHandler urlLogoutHandler = new SimpleUrlLogoutSuccessHandler();
urlLogoutHandler.setDefaultTargetUrl(this.logoutSuccessUrl);
if (this.defaultLogoutSuccessHandlerMappings.isEmpty()) {
return urlLogoutHandler;
}
DelegatingLogoutSuccessHandler successHandler = new DelegatingLogoutSuccessHandler(this.defaultLogoutSuccessHandlerMappings);
successHandler.setDefaultLogoutSuccessHandler(urlLogoutHandler);
return successHandler;
}
Aggregations