@Retention(value=RUNTIME) @Target(value=TYPE) @Documented @Import(value=DelegatingHdivWebSecurityConfiguration.class) public @interface EnableHdivWebSecurity
@Configuration class to have the HDIV Security configuration defined in any
HdivWebSecurityConfigurer or more likely by extending the HdivWebSecurityConfigurerAdapter base class and overriding
individual methods:
@Configuration
@EnableHdivWebSecurity
public class HdivSecurityConfig extends HdivWebSecurityConfigurerAdapter {
@Override
public void configure(SecurityConfigBuilder builder) {
builder.sessionExpired().homePage("/").loginPage("/login.html").and().debugMode(false);
}
@Override
public void addExclusions(ExclusionRegistry registry) {
registry.addUrlExclusions("/", "/login.html", "/logout.html").method("GET");
registry.addUrlExclusions("/j_spring_security_check").method("POST");
registry.addUrlExclusions("/attacks/.*");
registry.addParamExclusions("param1", "param2").forUrls("/attacks/.*");
}
@Override
public void addRules(RuleRegistry registry) {
registry.addRule("safeText").acceptedPattern("ˆ[a-zA-Z0-9@.\\-_]*$");
}
@Override
public void configureEditableValidation(ValidationConfigurer validationConfigurer) {
validationConfigurer.addValidation("/secure/.*");
validationConfigurer.addValidation("/safetext/.*").rules("safeText").disableDefaults();
}
// Possibly more overridden methods ...
}
HdivWebSecurityConfigurer,
HdivWebSecurityConfigurerAdapterCopyright © 2018 hdiv.org. All rights reserved.