WebFluxSecurityConfiguration defaults HTTP Basic

Fixes gh-4346

config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java

@@ -62,6 +62,7 @@ public class WebFluxSecurityConfiguration implements WebFluxConfigurer {
 	@Bean
 	public HttpSecurity httpSecurity() {
 		HttpSecurity http = http();
+		http.httpBasic();
 		http.authenticationManager(authenticationManager());
 		http.securityContextRepository(new WebSessionSecurityContextRepository());
 		return http;

config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java

@@ -96,6 +96,12 @@ public class HttpSecurity {
 			.flatMap( r -> Optional.of(new SecurityContextRepositoryWebFilter(r)));
 	}
 
+	public class HttpBasicSpec extends HttpBasicBuilder {
+		public HttpSecurity disable() {
+			httpBasic = null;
+			return HttpSecurity.this;
+		}
+	}
 
 	private HttpSecurity() {}
 }

samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java

@@ -36,8 +36,6 @@ public class SecurityConfig {
 
 	@Bean
 	WebFilter springSecurityFilterChain(HttpSecurity http) throws Exception {
-		http.httpBasic();
-
 		http.authorizeExchange()
 			.antMatchers("/admin/**").hasRole("ADMIN")
 			.antMatchers("/users/{user}/**").access(this::currentUserMatchesPath)

samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java

@@ -36,8 +36,6 @@ public class SecurityConfig {
 
 	@Bean
 	WebFilter springSecurityFilterChain(HttpSecurity http) throws Exception {
-		http.httpBasic();
-
 		http.authorizeExchange()
 			.antMatchers("/admin/**").hasRole("ADMIN")
 			.antMatchers("/users/{user}/**").access(this::currentUserMatchesPath)