Spring - WebFlux Security

WebFlux Security

Spring Security’s WebFlux support relies on a WebFilter and works the same for Spring WebFlux and
Spring WebFlux.Fn. You can find a few sample applications that demonstrate the code below:
• Hello WebFlux hellowebflux
• Hello WebFlux.Fn hellowebfluxfn
• Hello WebFlux Method hellowebflux-method

Minimal WebFlux Security Configuration

You can find a minimal WebFlux Security configuration below:

@EnableWebFluxSecurity
public class HelloWebfluxSecurityConfig {
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("user")
.roles("USER")
.build();
return new MapReactiveUserDetailsService(user);
}
}

This configuration provides form and http basic authentication, sets up authorization to require an
authenticated user for accessing any page, sets up a default log in page and a default log out page,
sets up security related HTTP headers, CSRF protection, and more.

Explicit WebFlux Security Configuration

You can find an explicit version of the minimal WebFlux Security configuration below:

@Configuration
@EnableWebFluxSecurity
public class HelloWebfluxSecurityConfig {
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("user")
.roles("USER")
.build();
return new MapReactiveUserDetailsService(user);
}
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange(exchanges ->
exchanges
.anyExchange().authenticated()
)
.httpBasic(withDefaults())
.formLogin(withDefaults());
return http.build();
}
}


Comments

Popular posts from this blog

Today Walkin 14th-Sept

Hibernate Search - Elasticsearch with JSON manipulation

Spring Elasticsearch Operations