@Override
protected void configure(HttpSecurity http) throws Exception {
final RequestMatcher textHtmlMatcher = new MediaTypeRequestMatcher(
contentNegotiationStrategy,
MediaType.TEXT_HTML);
final String loginPage = dashboard("/#/login");
final BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
basicAuthenticationEntryPoint.setRealmName(securityProperties.getBasic().getRealm());
basicAuthenticationEntryPoint.afterPropertiesSet();
http
.csrf()
.disable()
.authorizeRequests()
.antMatchers("/")
.authenticated()
.antMatchers(
dashboard("/**"),
"/authenticate",
"/security/info",
"/features",
"/assets/**").permitAll()
.and()
.formLogin().loginPage(loginPage)
.loginProcessingUrl(dashboard("/login"))
.defaultSuccessUrl(dashboard("/")).permitAll()
.and()
.logout().logoutUrl(dashboard("/logout"))
.logoutSuccessUrl(dashboard("/logout-success.html"))
.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler()).permitAll()
.and().httpBasic()
.and().exceptionHandling()
.defaultAuthenticationEntryPointFor(
new LoginUrlAuthenticationEntryPoint(loginPage),
textHtmlMatcher)
.defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint,
AnyRequestMatcher.INSTANCE)
.and()
.authorizeRequests()
.anyRequest().authenticated();
final SessionRepositoryFilter sessionRepositoryFilter = new SessionRepositoryFilter(
sessionRepository());
sessionRepositoryFilter
.setHttpSessionStrategy(new HeaderHttpSessionStrategy());
http.addFilterBefore(sessionRepositoryFilter,
ChannelProcessingFilter.class).csrf().disable();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
}
扫一扫
2349
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
