@Test public void authenticationSuccess() { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange() .anyExchange().authenticated() .and() .formLogin() .authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom")) .and() .build(); WebTestClient webTestClient = WebTestClientBuilder .bindToWebFilters(securityWebFilter) .build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder .webTestClientSetup(webTestClient) .build(); DefaultLoginPage loginPage = DefaultLoginPage.to(driver) .assertAt(); HomePage homePage = loginPage.loginForm() .username("user") .password("password") .submit(HomePage.class); assertThat(driver.getCurrentUrl()).endsWith("/custom"); }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .pathMatchers("/authenticated").authenticated() .pathMatchers("/unobtainable").hasAuthority("unobtainable") .and() .oauth2ResourceServer() .accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED)) .authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.I_AM_A_TEAPOT)) .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); } }
this.authorizeExchange = new AuthorizeExchangeSpec();
/** * For Spring Security webflux, a chain of filters will provide user authentication * and authorization, we add custom filters to enable JWT token approach. * * @param http An initial object to build common filter scenarios. * Customized filters are added here. * @return SecurityWebFilterChain A filter chain for web exchanges that will * provide security **/ @Bean public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http .authorizeExchange() .pathMatchers("/login", "/") .authenticated() .and() .addFilterAt(basicAuthenticationFilter(), SecurityWebFiltersOrder.HTTP_BASIC) .authorizeExchange() .pathMatchers("/api/**") .authenticated() .and() .addFilterAt(bearerAuthenticationFilter(), SecurityWebFiltersOrder.AUTHENTICATION); return http.build(); }
/** * The default {@link ServerHttpSecurity} configuration. * @param http * @return */ private SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http .authorizeExchange() .anyExchange().authenticated(); if (isOAuth2Present && OAuth2ClasspathGuard.shouldConfigure(this.context)) { OAuth2ClasspathGuard.configure(this.context, http); } else { http .httpBasic().and() .formLogin(); } SecurityWebFilterChain result = http.build(); return result; }
@Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { //@formatter:off return http .csrf().disable() .httpBasic().securityContextRepository(new WebSessionServerSecurityContextRepository()) .and() .authorizeExchange() .pathMatchers(HttpMethod.GET, "/posts/**").permitAll() .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN") .pathMatchers("/posts/**").authenticated() .pathMatchers("/auth/**").authenticated() .pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath) .anyExchange().permitAll() .and() .build(); //@formatter:on }
@Bean SecurityWebFilterChain springSecurityFilterChain(final ServerHttpSecurity http) { http .authorizeExchange() .pathMatchers("/favicon.ico", "/css/**", "/webjars/**") .permitAll() .anyExchange() .authenticated() .and() .httpBasic() .and() .formLogin() .and() .logout() ; return http.build(); }
@Bean public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity) { httpSecurity .authorizeExchange() .anyExchange() .authenticated() .and().oauth2Login() .and() .oauth2ResourceServer() .jwt(); return httpSecurity.build(); } }
@Bean SecurityWebFilterChain authorization(ServerHttpSecurity http) { http.httpBasic(); http.csrf().disable(); http .authorizeExchange() .pathMatchers("/proxy").authenticated() .anyExchange().permitAll(); return http.build(); }
@Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { return http.httpBasic().and() .csrf().disable() .authorizeExchange() .pathMatchers("/anything/**").authenticated() .anyExchange().permitAll() .and() .build(); }
/** * Override this to configure authorization */ protected void authorizeExchange(ServerHttpSecurity http) { http.authorizeExchange() .anyExchange().permitAll(); }
@Bean public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { http.csrf().disable(); http.authorizeExchange() .pathMatchers("/webjars/**", "/actuator/**").permitAll() .anyExchange().authenticated() .and().httpBasic(); return http.build(); }
@Bean public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { return http.authorizeExchange() .matchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)) .permitAll().anyExchange().authenticated().and().httpBasic().and() .formLogin().and().build(); }
@Bean public SecurityWebFilterChain configure(ServerHttpSecurity http) throws Exception { return http.authorizeExchange() .pathMatchers("/about").permitAll() .anyExchange().authenticated() .and().oauth2Login() .and().build(); } }
@Bean public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { return http.securityMatcher(EndpointRequest.toAnyEndpoint()) .authorizeExchange() .anyExchange() .hasRole("ENDPOINT_ADMIN") .and().httpBasic() .and().build(); }
@Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { return http .authorizeExchange() .pathMatchers(HttpMethod.GET, "/posts/**").permitAll() .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN") //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath) .anyExchange().authenticated() .and() .build(); }
@Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { return http .authorizeExchange() .pathMatchers(HttpMethod.GET, "/posts/**").permitAll() .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN") //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath) .anyExchange().authenticated() .and() .build(); }
@Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { return http .authorizeExchange() .pathMatchers(HttpMethod.GET, "/posts/**").permitAll() .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN") .pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath) .anyExchange().authenticated() .and() .build(); }
@Bean public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { return http .authorizeExchange() .matchers(EndpointRequest.toAnyEndpoint() .excluding("prometheus")).authenticated() .anyExchange().permitAll().and() .formLogin().and() .httpBasic().and() .build(); }
@Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { return http .authorizeExchange() .pathMatchers(HttpMethod.GET, "/posts/**").permitAll() .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN") .pathMatchers("/posts/**").authenticated() //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath) .anyExchange().permitAll() .and() .csrf().disable() .build(); }