Spring security change permitAll list of URLs at runtime -


i need change spring security configuration @ runtime use-case need maintain xml contains vanity urls , corresponding urls. need tell spring @ runtime urls newly added xml , not block access public urls.

my start configuration looks this. 

public static string[] permit_all_urls = new string[] { "/css/**", "/js/**", "/images/**", "/healthcheck.jsp", "/healthcheck",         "/healthcheck.xml", "/memberlogin.html", "/login.html","/wro/**","/*home.html", "/home.html","/auctions.html","/*auctions.html", "/upgrade-subscription", "/pages/**","/public/**", "/", "/content/**","/cms/content/**","/salelistresultallframe/**"};  @override protected void configure(httpsecurity http) throws exception {     list<string> permitallurls = new arraylist<>(arrays.aslist(permit_all_urls));     if (configdatamanager.getallredirecturlsmap() != null)     {         permitallurls.addall(configdatamanager.getallredirecturlsmap().keyset());     }     string[] publicurlpatterns = permitallurls.toarray(new string[permitallurls.size()]);     _logger.info("loading spring security configurations - public urls - " + publicurlpatterns);     copartauthenticationsuccesshandler.setdefaulttargeturl("/dologin.html");     http.exceptionhandling().authenticationentrypoint(copartauthenticationentrypoint);     http.csrf().disable().headers().disable().sessionmanagement().sessionfixation().none();      http.addfilterafter(new resttimoutredirectfilter(), exceptiontranslationfilter.class)             .addfilterafter(copartpreauthenticationfilter, abstractpreauthenticatedprocessingfilter.class)             .addfilterbefore(membersitecodefilter, anonymousauthenticationfilter.class)             .addfilterbefore(membersitecodefilter, abstractpreauthenticatedprocessingfilter.class)             .anonymous().authenticationfilter(new copartanonymousauthenticationfilter());      http.authorizerequests().antmatchers(loginurl).access("isanonymous() or isauthenticated()")             .antmatchers(publicurlpatterns).permitall().anyrequest().fullyauthenticated().and()             .formlogin().loginprocessingurl(loginurl).loginpage(loginpage).permitall().usernameparameter("username")             .passwordparameter("password").successhandler(copartauthenticationsuccesshandler)             .failureurl("/dologin.html?result=error&error=authfailure").permitall().and().logout()             .logouturl("/logout").invalidatehttpsession(true).logoutsuccessurl("/dologout.html?result=success")             .deletecookies(constants.auction_cookie).permitall();     http.portmapper().http(http_port).mapsto(https_port).http(http_port1).mapsto(https_port1); }

i need way reconfigure spring security every time vanity url xml changes.


Comments

Post a Comment

Popular posts from this blog

jOOQ update returning clause with Oracle -

according http://www.jooq.org/doc/3.8/manual/sql-building/sql-statements/update-statement/ jooq doesn't support returning clause in update statements databases except firebird , postgres. does know, still correct oracle jooq? according oracle's documentation, oracle db supports returning clase delete, insert, or update statements. incorrect manual you're right - manual wrong , should fixed: https://github.com/jooq/jooq/issues/5470 single row update returning jooq 3.8 added support single row update .. returning statements. internally, uses callablestatement , pl/sql block of form: begin update "my_table" set "my_table"."column" = 'xyz' "my_table"."id" = 1 returning "my_table"."id", "my_table"."column" ?, ?; ? := sql%rowcount; end; the relevant issue is: https://github.com/jooq/jooq/issues/5190 multi row update returning a...
Read more

java - Warning equals/hashCode on @Data annotation lombok with inheritance -

i have entity inherits other. on other hand, i'm using lombok project reduce boilerplate code, put @data annotation. annotation @data inheritance produces next warning: generating equals/hashcode implementation without call superclass, though class not extend java.lang.object. if intentional, add '@equalsandhashcode(callsuper=false)' type. is advisable add annotation @equalsandhashcode (callsuper = true) or @equalsandhashcode (callsuper = false) ? if not added, 1 callsuper=false or callsuper=true ? the default value false . 1 if don't specify , ignore warning. yes, recommended add @equalsandhashcode annotation on @data annotated classes extend else object. cannot tell if need true or false , depends on class hierarchy, , need examined on case-by-case basis. however, project or package, can configure in lombok.config call super methods if not direct subclass of object. lombok.equalsandhashcode.callsuper = call for configuration system ...
Read more

java - BasicPathUsageException: Cannot join to attribute of basic type -

i using java 8 jpa (hibernate 5.2.1). have clause works perfectly, until introduce clause make use foreign key table values too. i getting following error: basicpathusageexception: cannot join attribute of basic type i think problem related fact have join table, , not sure how create join using join table. employee - employee_category - category model (employee.java): @manytomany(cascade = cascadetype.all, fetch=fetchtype.eager) @jointable ( name="employee_category", joincolumns={ @joincolumn(name="emp_id", referencedcolumnname="id") }, inversejoincolumns={ @joincolumn(name="cat_id", referencedcolumnname="id") } ) private set<category> categories; model (category.java): @id private string id; jpa when introduce following code, fails error above (i think problem new piece of code): join<t, category> category = from.join("id"); predicates.add(criteriabuilder.like(category....
Read more