From 247635ed921769e1aa0ddbb691fce9d3df7d29d5 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Fri, 19 May 2017 21:50:06 -0500 Subject: [PATCH] WebFluxSecurityConfiguration defaults HTTP Basic Fixes gh-4346 --- .../web/reactive/WebFluxSecurityConfiguration.java | 1 + .../security/config/web/server/HttpSecurity.java | 6 ++++++ .../hellowebflux/src/main/java/sample/SecurityConfig.java | 2 -- .../hellowebfluxfn/src/main/java/sample/SecurityConfig.java | 2 -- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java index 2745200e3e..3735734751 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java @@ -62,6 +62,7 @@ public class WebFluxSecurityConfiguration implements WebFluxConfigurer { @Bean public HttpSecurity httpSecurity() { HttpSecurity http = http(); + http.httpBasic(); http.authenticationManager(authenticationManager()); http.securityContextRepository(new WebSessionSecurityContextRepository()); return http; diff --git a/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java index fa993eab41..cd6d654628 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java @@ -96,6 +96,12 @@ public class HttpSecurity { .flatMap( r -> Optional.of(new SecurityContextRepositoryWebFilter(r))); } + public class HttpBasicSpec extends HttpBasicBuilder { + public HttpSecurity disable() { + httpBasic = null; + return HttpSecurity.this; + } + } private HttpSecurity() {} } diff --git a/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java b/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java index 6d45a1cde2..8f64fc7070 100644 --- a/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java +++ b/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java @@ -36,8 +36,6 @@ public class SecurityConfig { @Bean WebFilter springSecurityFilterChain(HttpSecurity http) throws Exception { - http.httpBasic(); - http.authorizeExchange() .antMatchers("/admin/**").hasRole("ADMIN") .antMatchers("/users/{user}/**").access(this::currentUserMatchesPath) diff --git a/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java b/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java index 6d45a1cde2..8f64fc7070 100644 --- a/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java +++ b/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java @@ -36,8 +36,6 @@ public class SecurityConfig { @Bean WebFilter springSecurityFilterChain(HttpSecurity http) throws Exception { - http.httpBasic(); - http.authorizeExchange() .antMatchers("/admin/**").hasRole("ADMIN") .antMatchers("/users/{user}/**").access(this::currentUserMatchesPath)