/** * The default {@link ServerHttpSecurity} configuration. * @param http * @return */ private SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http .authorizeExchange() .anyExchange().authenticated(); if (isOAuth2Present && OAuth2ClasspathGuard.shouldConfigure(this.context)) { OAuth2ClasspathGuard.configure(this.context, http); } else { http .httpBasic().and() .formLogin(); } SecurityWebFilterChain result = http.build(); return result; }
@Test public void authenticationSuccess() { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange() .anyExchange().authenticated() .and() .formLogin() .authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom")) .and() .build(); WebTestClient webTestClient = WebTestClientBuilder .bindToWebFilters(securityWebFilter) .build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder .webTestClientSetup(webTestClient) .build(); DefaultLoginPage loginPage = DefaultLoginPage.to(driver) .assertAt(); HomePage homePage = loginPage.loginForm() .username("user") .password("password") .submit(HomePage.class); assertThat(driver.getCurrentUrl()).endsWith("/custom"); }
@Test public void defaultFormLoginRequestCache() { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange() .anyExchange().authenticated() .and() .formLogin().and() .build(); WebTestClient webTestClient = WebTestClient .bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)) .build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder .webTestClientSetup(webTestClient) .build(); DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class) .assertAt(); SecuredPage securedPage = loginPage.loginForm() .username("user") .password("password") .submit(SecuredPage.class); securedPage.assertAt(); }
.anyExchange().authenticated() .and() .formLogin().and() .logout() .requiresLogout(ServerWebExchangeMatchers.pathMatchers("/custom-logout"))
@Test public void requestCacheNoOp() { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange() .anyExchange().authenticated() .and() .formLogin().and() .requestCache() .requestCache(NoOpServerRequestCache.getInstance()) .and() .build(); WebTestClient webTestClient = WebTestClient .bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)) .build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder .webTestClientSetup(webTestClient) .build(); DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class) .assertAt(); HomePage securedPage = loginPage.loginForm() .username("user") .password("password") .submit(HomePage.class); securedPage.assertAt(); }
@Test public void customLoginPage() { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange() .pathMatchers("/login").permitAll() .anyExchange().authenticated() .and() .formLogin() .loginPage("/login") .and() .build(); WebTestClient webTestClient = WebTestClient .bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)) .build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder .webTestClientSetup(webTestClient) .build(); CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class) .assertAt(); HomePage homePage = loginPage.loginForm() .username("user") .password("password") .submit(HomePage.class); homePage.assertAt(); }
.anyExchange().authenticated() .and() .formLogin().and() .build();
.anyExchange().authenticated() .and() .formLogin().and() .build();
/** * The default {@link ServerHttpSecurity} configuration. * @param http * @return */ private SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http .authorizeExchange() .anyExchange().authenticated(); if (isOAuth2Present && OAuth2ClasspathGuard.shouldConfigure(this.context)) { OAuth2ClasspathGuard.configure(this.context, http); } else { http .httpBasic().and() .formLogin(); } SecurityWebFilterChain result = http.build(); return result; }
/** * Configure form login */ @Override protected void formLogin(ServerHttpSecurity http) { http.formLogin() .loginPage(loginPage()) // Should be "/login" by default, but not providing that overwrites our AuthenticationFailureHandler, because this is called later .authenticationFailureHandler(authenticationFailureHandler()) .authenticationSuccessHandler(new WebFilterChainServerAuthenticationSuccessHandler()); }
@Bean public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { return http.authorizeExchange() .matchers(EndpointRequest.to(HealthEndpoint.class, InfoEndpoint.class)) .permitAll().anyExchange().authenticated().and().httpBasic().and() .formLogin().and().build(); }
@Bean public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { return http .authorizeExchange() .matchers(EndpointRequest.toAnyEndpoint() .excluding("prometheus")).authenticated() .anyExchange().permitAll().and() .formLogin().and() .httpBasic().and() .build(); }
@Bean SecurityWebFilterChain springSecurityFilterChain(final ServerHttpSecurity http) { http .authorizeExchange() .pathMatchers("/favicon.ico", "/css/**", "/webjars/**") .permitAll() .anyExchange() .authenticated() .and() .httpBasic() .and() .formLogin() .and() .logout() ; return http.build(); }
/** * The default {@link ServerHttpSecurity} configuration. * @param http * @return */ private SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http .authorizeExchange() .anyExchange().authenticated(); if (isOAuth2Present && OAuth2ClasspathGuard.shouldConfigure(this.context)) { OAuth2ClasspathGuard.configure(this.context, http); } else { http .httpBasic().and() .formLogin(); } SecurityWebFilterChain result = http.build(); return result; }