spring-security/samples/boot/hellowebflux-method/src/main/java/sample/SecurityConfig.java

/*
 * Copyright 2002-2019 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package sample;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;

import static org.springframework.security.config.Customizer.withDefaults;

/**
 * @author Rob Winch
 * @since 5.0
 */
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class SecurityConfig {

	@Bean
	SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
		return http
			// Demonstrate that method security works
			// Best practice to use both for defense in depth
			.authorizeExchange(exchanges ->
				exchanges
					.anyExchange().permitAll()
			)
			.httpBasic(withDefaults())
			.build();
	}

	@Bean
	public MapReactiveUserDetailsService userDetailsService() {
		User.UserBuilder userBuilder = User.withDefaultPasswordEncoder();
		UserDetails rob = userBuilder.username("rob").password("rob").roles("USER").build();
		UserDetails admin = userBuilder.username("admin").password("admin").roles("USER", "ADMIN").build();
		return new MapReactiveUserDetailsService(rob, admin);
	}

}
Add hellowebflux-method sample Fixes gh-4503 2017-08-17 14:10:21 -05:00			`/*`
Support nested builder in DSL for reactive apps Fixes: gh-7107 2019-07-22 09:31:10 -04:00			`* Copyright 2002-2019 the original author or authors.`
Fix double * in Copyright headers 2017-09-18 10:47:26 -05:00			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
URL Cleanup This commit updates URLs to prefer the https protocol. Redirects are not followed to avoid accidentally expanding intentionally shortened URLs (i.e. if using a URL shortener). # Fixed URLs ## Fixed Success These URLs were switched to an https URL with a 2xx status. While the status was successful, your review is still recommended. * http://www.apache.org/licenses/ with 1 occurrences migrated to: https://www.apache.org/licenses/ ([https](https://www.apache.org/licenses/) result 200). * http://www.apache.org/licenses/LICENSE-2.0 with 2691 occurrences migrated to: https://www.apache.org/licenses/LICENSE-2.0 ([https](https://www.apache.org/licenses/LICENSE-2.0) result 200). * http://www.apache.org/licenses/LICENSE-2.0.html with 2 occurrences migrated to: https://www.apache.org/licenses/LICENSE-2.0.html ([https](https://www.apache.org/licenses/LICENSE-2.0.html) result 200). 2019-03-14 15:30:00 -05:00			`* https://www.apache.org/licenses/LICENSE-2.0`
Fix double * in Copyright headers 2017-09-18 10:47:26 -05:00			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
Add hellowebflux-method sample Fixes gh-4503 2017-08-17 14:10:21 -05:00			`*/`

			`package sample;`

			`import org.springframework.context.annotation.Bean;`
			`import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;`
UserDetailsRepository->ReactiveUserDetailsService Issue gh-4615 2017-10-10 09:46:15 -05:00			`import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;`
Add hellowebflux-method sample Fixes gh-4503 2017-08-17 14:10:21 -05:00			`import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;`
HttpSecurity->ServerHttpSecurity Issue gh-4615 2017-10-10 16:57:15 -05:00			`import org.springframework.security.config.web.server.ServerHttpSecurity;`
Add hellowebflux-method sample Fixes gh-4503 2017-08-17 14:10:21 -05:00			`import org.springframework.security.core.userdetails.User;`
			`import org.springframework.security.core.userdetails.UserDetails;`
			`import org.springframework.security.web.server.SecurityWebFilterChain;`

Support nested builder in DSL for reactive apps Fixes: gh-7107 2019-07-22 09:31:10 -04:00			`import static org.springframework.security.config.Customizer.withDefaults;`

Add hellowebflux-method sample Fixes gh-4503 2017-08-17 14:10:21 -05:00			`/**`
			`* @author Rob Winch`
			`* @since 5.0`
			`*/`
			`@EnableWebFluxSecurity`
			`@EnableReactiveMethodSecurity`
			`public class SecurityConfig {`

			`@Bean`
HttpSecurity->ServerHttpSecurity Issue gh-4615 2017-10-10 16:57:15 -05:00			`SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {`
Add hellowebflux-method sample Fixes gh-4503 2017-08-17 14:10:21 -05:00			`return http`
Remove formLogin() and httpBasic() from defaults 2017-10-12 16:20:38 -05:00			`// Demonstrate that method security works`
			`// Best practice to use both for defense in depth`
Support nested builder in DSL for reactive apps Fixes: gh-7107 2019-07-22 09:31:10 -04:00			`.authorizeExchange(exchanges ->`
			`exchanges`
			`.anyExchange().permitAll()`
			`)`
			`.httpBasic(withDefaults())`
Add hellowebflux-method sample Fixes gh-4503 2017-08-17 14:10:21 -05:00			`.build();`
			`}`

			`@Bean`
Rename userDetailsRepository to userDetailsService 2018-01-09 01:34:11 +09:00			`public MapReactiveUserDetailsService userDetailsService() {`
UserDetailsRepositoryReactiveAuthenticationManager uses DelegatingPasswordEncoder This means passwords will be encoded with BCrypt by default Issue: gh-2775 2017-10-20 16:59:52 -05:00			`User.UserBuilder userBuilder = User.withDefaultPasswordEncoder();`
			`UserDetails rob = userBuilder.username("rob").password("rob").roles("USER").build();`
Apply Checkstyle WhitespaceAfterCheck module 2017-11-16 06:19:44 +09:00			`UserDetails admin = userBuilder.username("admin").password("admin").roles("USER", "ADMIN").build();`
UserDetailsRepository->ReactiveUserDetailsService Issue gh-4615 2017-10-10 09:46:15 -05:00			`return new MapReactiveUserDetailsService(rob, admin);`
Add hellowebflux-method sample Fixes gh-4503 2017-08-17 14:10:21 -05:00			`}`

			`}`