Guillaume Berche
Josh Cummings
parent
ab9a310485
commit
69336fb3ec
|
|
@ -125,5 +125,60 @@ class HelloWebfluxSecurityConfig {
|
||||||
This configuration explicitly sets up all the same things as our minimal configuration.
|
This configuration explicitly sets up all the same things as our minimal configuration.
|
||||||
From here you can easily make the changes to the defaults.
|
From here you can easily make the changes to the defaults.
|
||||||
|
|
||||||
You can find more examples of explicit configuration in unit tests, by searching https://github.com/spring-projects/spring-security/search?q=path%3Aconfig%2Fsrc%2Ftest%2F+EnableWebFluxSecurity[EnableWebFluxSecurity in the `config/src/test/` directory], e.g. https://github.com/spring-projects/spring-security/blob/9cf3129d7afa2abb439aba6aadfee0a2c8c784bf/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java#L349-L366[MultiSecurityHttpConfig] illustrating multiple `SecurityWebFilterChain` beans.
|
You can find more examples of explicit configuration in unit tests, by searching https://github.com/spring-projects/spring-security/search?q=path%3Aconfig%2Fsrc%2Ftest%2F+EnableWebFluxSecurity[EnableWebFluxSecurity in the `config/src/test/` directory].
|
||||||
|
|
||||||
|
[[jc-webflux-multiple-filter-chains]]
|
||||||
|
=== Multiple chains support
|
||||||
|
|
||||||
|
We can configure multiple `SecurityWebFilterChain` instances.
|
||||||
|
|
||||||
|
For example, the following is an example of having a specific configuration for URL's that start with `/api/`. This overrides the form login configuration with lower precedence.
|
||||||
|
|
||||||
|
[source,java]
|
||||||
|
----
|
||||||
|
@EnableWebFluxSecurity
|
||||||
|
@Import(ReactiveAuthenticationTestConfiguration.class)
|
||||||
|
static class MultiSecurityHttpConfig {
|
||||||
|
|
||||||
|
@Order(Ordered.HIGHEST_PRECEDENCE) <1>
|
||||||
|
@Bean
|
||||||
|
SecurityWebFilterChain apiHttpSecurity(ServerHttpSecurity http) {
|
||||||
|
http
|
||||||
|
.securityMatcher(new PathPatternParserServerWebExchangeMatcher("/api/**")) <2>
|
||||||
|
.authorizeExchange()
|
||||||
|
.anyExchange().denyAll();
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
SecurityWebFilterChain webFormHttpSecurity(ServerHttpSecurity http) { <3>
|
||||||
|
http
|
||||||
|
.authorizeExchange((exchanges) ->
|
||||||
|
exchanges
|
||||||
|
.pathMatchers("/login").permitAll()
|
||||||
|
.anyExchange().authenticated()
|
||||||
|
)
|
||||||
|
.httpBasic(withDefaults())
|
||||||
|
.formLogin((formLogin) -> <4>
|
||||||
|
formLogin
|
||||||
|
.loginPage("/login")
|
||||||
|
);
|
||||||
|
return http.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public static ReactiveUserDetailsService userDetailsService() {
|
||||||
|
return new MapReactiveUserDetailsService(PasswordEncodedUser.user(), PasswordEncodedUser.admin());
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
----
|
||||||
|
|
||||||
|
<1> Configure a SecurityWebFilterChain with an `@Order` to specify which `SecurityWebFilterChain` should be considered first
|
||||||
|
<2> The `PathPatternParserServerWebExchangeMatcher` states that this `SecurityWebFilterChain` will only be applicable to URLs that start with `/api/`
|
||||||
|
<3> Create another instance of `SecurityWebFilterChain` with lower precedence.
|
||||||
|
<4> Some configurations applies to all path matchers within the `webFormHttpSecurity` but not to `apiHttpSecurity` `SecurityWebFilterChain`.
|
||||||
|
|
||||||
|
If the URL does not start with `/api/` the `webFormHttpSecurity` configuration will be used.
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue