Examples of org.springframework.security.config.annotation.web.builders.HttpSecurity

• org.springframework.security.config.annotation.web.builders.HttpSecurity
  A {@link HttpSecurity} is similar to Spring Security's XML element in the namespaceconfiguration. It allows configuring web based security for specific http requests. By default it will be applied to all requests, but can be restricted using {@link #requestMatcher(RequestMatcher)}or other similar methods.

  Example Usage

  The most basic form based configuration can be seen below. The configuration will require that any URL that is requested will require a User with the role "ROLE_USER". It also defines an in memory authentication scheme with a user that has the username "user", the password "password", and the role "ROLE_USER". For additional examples, refer to the Java Doc of individual methods on {@link HttpSecurity}.

   @Configuration @EnableWebSecurity public class FormLoginSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/**").hasRole("USER") .and() .formLogin(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user") .password("password") .roles("USER"); } } 

  @author Rob Winch @since 3.2 @see EnableWebSecurity

        DefaultAuthenticationEventPublisher eventPublisher = objectPostProcessor.postProcess(new DefaultAuthenticationEventPublisher());
        localConfigureAuthenticationBldr.authenticationEventPublisher(eventPublisher);

        AuthenticationManager authenticationManager = authenticationManager();
        authenticationBuilder.parentAuthenticationManager(authenticationManager);
        http = new HttpSecurity(objectPostProcessor,authenticationBuilder, localConfigureAuthenticationBldr.getSharedObjects());
        http.setSharedObject(UserDetailsService.class, userDetailsService());
        http.setSharedObject(ApplicationContext.class, context);
        http.setSharedObject(ContentNegotiationStrategy.class, contentNegotiationStrategy);
        http.setSharedObject(AuthenticationTrustResolver.class, trustResolver);
        if(!disableDefaults) {

        AuthenticationManagerBuilder globalAuthBuilder = context.getBean(AuthenticationManagerBuilder.class);
        return new UserDetailsServiceDelegator(Arrays.asList(localConfigureAuthenticationBldr, globalAuthBuilder));
    }

    public void init(final WebSecurity web) throws Exception {
        final HttpSecurity http = getHttp();
        web
            .addSecurityFilterChainBuilder(http)
            .postBuildAction(new Runnable() {
                public void run() {
                    FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
                    web.securityInterceptor(securityInterceptor);
                }
            });
    }

        DefaultAuthenticationEventPublisher eventPublisher = objectPostProcessor.postProcess(new DefaultAuthenticationEventPublisher());
        parentAuthenticationBuilder.authenticationEventPublisher(eventPublisher);

        AuthenticationManager authenticationManager = authenticationManager();
        authenticationBuilder.parentAuthenticationManager(authenticationManager);
        http = new HttpSecurity(objectPostProcessor,authenticationBuilder, parentAuthenticationBuilder.getSharedObjects());
        http.setSharedObject(UserDetailsService.class, userDetailsService());
        if(!disableDefaults) {
            http
                .exceptionHandling().and()
                .sessionManagement().and()

        return parentAuthenticationBuilder.getDefaultUserDetailsService();
    }

    @Override
    public void init(final WebSecurity web) throws Exception {
        final HttpSecurity http = getHttp();
        web
            .addSecurityFilterChainBuilder(http)
            .postBuildAction(new Runnable() {
                @Override
                public void run() {
                    FilterSecurityInterceptor securityInterceptor = http.getSharedObject(FilterSecurityInterceptor.class);
                    web.securityInterceptor(securityInterceptor);
                }
            });
    }