Use ServerHttpSecurity Lambda DSL in Config

Issue gh-13067
2025-06-22 12:02:14 +00:00 · 2025-06-20 10:09:26 -06:00 · 2025-06-20 10:09:26 -06:00 · 461f00ed38
commit 461f00ed38
parent 9fcfacf283
2 changed files with 11 additions and 7 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
@ -43,6 +43,8 @@ import org.springframework.security.web.reactive.result.method.annotation.Curren
 import org.springframework.web.reactive.config.WebFluxConfigurer;
 import org.springframework.web.reactive.result.method.annotation.ArgumentResolverConfigurer;

+import static org.springframework.security.config.Customizer.withDefaults;
+
 /**
 * @author Rob Winch
 * @author Dan Zheng
@ -156,8 +158,8 @@ class ServerHttpSecurityConfiguration {
 		ContextAwareServerHttpSecurity http = new ContextAwareServerHttpSecurity();
 		// @formatter:off
 		return http.authenticationManager(authenticationManager())
-			.headers().and()
-			.logout().and();
+			.headers(withDefaults())
+			.logout(withDefaults());
 		// @formatter:on
 	}

--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
@ -40,6 +40,8 @@ import org.springframework.util.ClassUtils;
 import org.springframework.util.ObjectUtils;
 import org.springframework.web.reactive.result.view.AbstractView;

+import static org.springframework.security.config.Customizer.withDefaults;
+
 /**
 * @author Rob Winch
 * @since 5.0
@ -121,13 +123,13 @@ class WebFluxSecurityConfiguration {
 	 * @return
 	 */
 	private SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
-		http.authorizeExchange().anyExchange().authenticated();
+		http.authorizeExchange((exchange) -> exchange.anyExchange().authenticated());
 		if (isOAuth2Present && OAuth2ClasspathGuard.shouldConfigure(this.context)) {
 			OAuth2ClasspathGuard.configure(this.context, http);
 		}
 		else {
-			http.httpBasic();
-			http.formLogin();
+			http.httpBasic(withDefaults());
+			http.formLogin(withDefaults());
 		}
 		SecurityWebFilterChain result = http.build();
 		return result;
@ -136,8 +138,8 @@ class WebFluxSecurityConfiguration {
 	private static class OAuth2ClasspathGuard {

 		static void configure(ApplicationContext context, ServerHttpSecurity http) {
-			http.oauth2Login();
-			http.oauth2Client();
+			http.oauth2Login(withDefaults());
+			http.oauth2Client(withDefaults());
 		}

 		static boolean shouldConfigure(ApplicationContext context) {