Spring - WebFlux Security
WebFlux Security
Spring Security’s WebFlux support relies on a WebFilter and works the same for Spring WebFlux andSpring WebFlux.Fn. You can find a few sample applications that demonstrate the code below:
• Hello WebFlux hellowebflux
• Hello WebFlux.Fn hellowebfluxfn
• Hello WebFlux Method hellowebflux-method
Minimal WebFlux Security Configuration
You can find a minimal WebFlux Security configuration below:@EnableWebFluxSecurity
public class HelloWebfluxSecurityConfig {
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("user")
.roles("USER")
.build();
return new MapReactiveUserDetailsService(user);
}
}
This configuration provides form and http basic authentication, sets up authorization to require an
authenticated user for accessing any page, sets up a default log in page and a default log out page,
sets up security related HTTP headers, CSRF protection, and more.
Explicit WebFlux Security Configuration
You can find an explicit version of the minimal WebFlux Security configuration below:@Configuration
@EnableWebFluxSecurity
public class HelloWebfluxSecurityConfig {
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("user")
.roles("USER")
.build();
return new MapReactiveUserDetailsService(user);
}
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.anyExchange().authenticated()
)
.httpBasic(withDefaults())
.formLogin(withDefaults());
return http.build();
}
}
Comments
Post a Comment