Java – Spring security, Shibboleth (apache) and onelogin
The actual Spring Security configuration is like this: @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/uri1/**").hasAuthority(Permission.AUTHORITY1.toString()) .antMatchers("/uri2/**").hasAuthority(Permission.AUTHORITY2.toString()) .anyRequest().hasAuthority(Permission.AUTHORITY3.toString()) .and().httpBasic() .realmName("App").and().csrf().disable(); http.authorizeRequests(); http.headers().frameOptions().sameOrigin().cacheControl().disable(); } @Bean public Filter shallowEtagHeaderFilter() { return new…