/** * Deny access for everyone * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec denyAll() { return access( (a, e) -> Mono.just(new AuthorizationDecision(false))); }
/** * Allow access for anyone * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec permitAll() { return access( (a, e) -> Mono.just(new AuthorizationDecision(true))); }
/** * Deny access for everyone * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec denyAll() { return access( (a, e) -> Mono.just(new AuthorizationDecision(false))); }
@Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { //@formatter:off return http .csrf().disable() .httpBasic().securityContextRepository(new WebSessionServerSecurityContextRepository()) .and() .authorizeExchange() .pathMatchers(HttpMethod.GET, "/posts/**").permitAll() .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN") .pathMatchers("/posts/**").authenticated() .pathMatchers("/auth/**").authenticated() .pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath) .anyExchange().permitAll() .and() .build(); //@formatter:on }
/** * Require an authenticated user * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec authenticated() { return access(AuthenticatedReactiveAuthorizationManager.authenticated()); }
/** * Require a specific authority. * @param authority the authority to require (i.e. "USER" woudl require authority of "USER"). * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec hasAuthority(String authority) { return access(AuthorityReactiveAuthorizationManager.hasAuthority(authority)); }
/** * Deny access for everyone * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec denyAll() { return access( (a, e) -> Mono.just(new AuthorizationDecision(false))); }
/** * Allow access for anyone * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec permitAll() { return access( (a, e) -> Mono.just(new AuthorizationDecision(true))); }
@Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { return http .authorizeExchange() .pathMatchers(HttpMethod.GET, "/posts/**").permitAll() .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN") .pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath) .anyExchange().authenticated() .and() .build(); }
/** * Require a specific role. This is a shorcut for {@link #hasAuthority(String)} * @param role the role (i.e. "USER" would require "ROLE_USER") * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec hasRole(String role) { return access(AuthorityReactiveAuthorizationManager.hasRole(role)); }
/** * Require a specific authority. * @param authority the authority to require (i.e. "USER" woudl require authority of "USER"). * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec hasAuthority(String authority) { return access(AuthorityReactiveAuthorizationManager.hasAuthority(authority)); }
/** * Require a specific role. This is a shorcut for {@link #hasAuthority(String)} * @param role the role (i.e. "USER" would require "ROLE_USER") * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec hasRole(String role) { return access(AuthorityReactiveAuthorizationManager.hasRole(role)); }
/** * Allow access for anyone * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec permitAll() { return access( (a, e) -> Mono.just(new AuthorizationDecision(true))); }
/** * Require an authenticated user * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec authenticated() { return access(AuthenticatedReactiveAuthorizationManager.authenticated()); }
/** * Require a specific role. This is a shorcut for {@link #hasAuthority(String)} * @param role the role (i.e. "USER" would require "ROLE_USER") * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec hasRole(String role) { return access(AuthorityReactiveAuthorizationManager.hasRole(role)); }
/** * Require a specific authority. * @param authority the authority to require (i.e. "USER" woudl require authority of "USER"). * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec hasAuthority(String authority) { return access(AuthorityReactiveAuthorizationManager.hasAuthority(authority)); }
/** * Require any specific role. This is a shortcut for {@link #hasAnyAuthority(String...)} * @param roles the roles (i.e. "USER" would require "ROLE_USER") * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec hasAnyRole(String... roles) { return access(AuthorityReactiveAuthorizationManager.hasAnyRole(roles)); }
/** * Require an authenticated user * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec authenticated() { return access(AuthenticatedReactiveAuthorizationManager.authenticated()); }
/** * Require any authority * @param authorities the authorities to require (i.e. "USER" would require authority of "USER"). * @return the {@link AuthorizeExchangeSpec} to configure */ public AuthorizeExchangeSpec hasAnyAuthority(String... authorities) { return access(AuthorityReactiveAuthorizationManager.hasAnyAuthority(authorities)); }