Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @RequestMapping(value = "/simple", method = RequestMethod.POST)
- @ResponseBody
- @Transactional
- @Preauthorize(...)
- public String simple(){
- //collect the user's current details from the getPrinciple() and complete the transaction...
- Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
- return "Simple";
- }
- <beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd">
- <security:global-method-security
- secured-annotations="enabled" />
- <security:http pattern="/**"
- auto-config="true" disable-url-rewriting="true" use-expressions="true">
- <security:custom-filter ref="authenticationTokenProcessingFilter"
- position="FORM_LOGIN_FILTER" />
- <security:intercept-url pattern="/authenticate"
- access="permitAll" />
- <security:intercept-url pattern="/secure/**"
- access="isAuthenticated()" />
- </security:http>
- <bean id="CustomAuthenticationEntryPoint" class="org.foo.CustomAuthenticationEntryPoint" />
- <bean class="org.foo.AuthenticationTokenProcessingFilter" id="authenticationTokenProcessingFilter">
- <constructor-arg ref="authenticationManager" />
- </bean>
- </beans>
- @Bean
- public ApplicationSecurity applicationSecurity() {
- return new ApplicationSecurity();
- }
- @Order(Ordered.LOWEST_PRECEDENCE - 8)
- protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- // this is obviously for a simple "login page" not a custom filter!
- http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin()
- .loginPage("/login").failureUrl("/login?error").permitAll();
- }
- }
- **@EnableGlobalMethodSecurity**
- import javax.servlet.Filter;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.beans.factory.annotation.Qualifier;
- import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.web.AuthenticationEntryPoint;
- import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
- @EnableGlobalMethodSecurity(securedEnabled=true) //<security:global-method-security secured-annotations="enabled" />
- public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
- @Autowired
- @Qualifier("authenticationTokenProcessingFilter")
- private Filter authenticationTokenProcessingFilter;
- @Autowired
- private AuthenticationEntryPoint entryPoint;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.exceptionHandling().authenticationEntryPoint(entryPoint);
- http //auto-config="true"
- .authorizeRequests()
- .anyRequest().authenticated()
- .and()
- .formLogin()
- .and()
- .httpBasic();
- http
- .authorizeRequests() // use-expressions="true"
- .antMatchers("/authenticate").permitAll() //<security:intercept-url pattern="/authenticate" access="permitAll" />
- .antMatchers("/secure/**").authenticated() //<security:intercept-url pattern="/secure/**" access="isAuthenticated()" />
- .and()
- .addFilterBefore(authenticationTokenProcessingFilter, UsernamePasswordAuthenticationFilter.class) // <security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" /> http://docs.spring.io/spring-security/site/docs/3.0.x/reference/ns-config.html
- ;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement