Polish Multiple Filter Chains Docs

Issue gh-9178
2025-05-31 09:12:14 +00:00 · 2020-11-02 12:15:19 -07:00 · 2020-11-02 12:15:19 -07:00 · 8b7751f5f4
commit 8b7751f5f4
parent 69336fb3ec
1 changed files with 42 additions and 41 deletions
--- a/docs/manual/src/docs/asciidoc/_includes/reactive/webflux.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/reactive/webflux.adoc
@ -128,57 +128,58 @@ From here you can easily make the changes to the defaults.
 You can find more examples of explicit configuration in unit tests, by searching https://github.com/spring-projects/spring-security/search?q=path%3Aconfig%2Fsrc%2Ftest%2F+EnableWebFluxSecurity[EnableWebFluxSecurity in the `config/src/test/` directory].
 [[jc-webflux-multiple-filter-chains]]
-=== Multiple chains support
+=== Multiple Chains Support
-We can configure multiple `SecurityWebFilterChain` instances.
+You can configure multiple `SecurityWebFilterChain` instances to separate configuration by `RequestMatcher` s.
-For example, the following is an example of having a specific configuration for URL's that start with `/api/`. This overrides the form login configuration with lower precedence.
+For example, you can isolate configuration for URLs that start with `/api`, like so:
 [source,java]
 ----
-	@EnableWebFluxSecurity
+@Configuration
-	@Import(ReactiveAuthenticationTestConfiguration.class)
+@EnableWebFluxSecurity
-	static class MultiSecurityHttpConfig {
+static class MultiSecurityHttpConfig {
-		@Order(Ordered.HIGHEST_PRECEDENCE)                                                      <1>
+    @Order(Ordered.HIGHEST_PRECEDENCE)                                                      <1>
-		@Bean
+    @Bean
-		SecurityWebFilterChain apiHttpSecurity(ServerHttpSecurity http) {
+    SecurityWebFilterChain apiHttpSecurity(ServerHttpSecurity http) {
-			http
+        http
-                    .securityMatcher(new PathPatternParserServerWebExchangeMatcher("/api/**"))  <2>
+            .securityMatcher(new PathPatternParserServerWebExchangeMatcher("/api/**"))      <2>
-                    .authorizeExchange()
+            .authorizeExchange((exchanges) -> exchanges
-					    .anyExchange().denyAll();
+                .anyExchange().authenticated()
-			return http.build();
+            )
-		}
+            .oauth2ResourceServer(OAuth2ResourceServerSpec::jwt);                           <3>
        return http.build();
    }
-		@Bean
+    @Bean
-    	SecurityWebFilterChain webFormHttpSecurity(ServerHttpSecurity http) {                   <3>
+    SecurityWebFilterChain webHttpSecurity(ServerHttpSecurity http) {                       <4>
-            http
+        http
-                .authorizeExchange((exchanges) ->
+            .authorizeExchange((exchanges) -> exchanges
-                    exchanges
+                .anyExchange().authenticated()
-                        .pathMatchers("/login").permitAll()
+            )
-                        .anyExchange().authenticated()
+            .httpBasic(withDefaults())                                                      <5>
-                )
+        return http.build();
-                .httpBasic(withDefaults())
+    }
                .formLogin((formLogin) ->                                                       <4>
                    formLogin
                        .loginPage("/login")
                );
 		    return http.build();
 	    }
-        @Bean
+    @Bean
-    	public static ReactiveUserDetailsService userDetailsService() {
+    ReactiveUserDetailsService userDetailsService() {
-    		return new MapReactiveUserDetailsService(PasswordEncodedUser.user(), PasswordEncodedUser.admin());
+        return new MapReactiveUserDetailsService(
-    	}
+                PasswordEncodedUser.user(), PasswordEncodedUser.admin());
-
+    }
 	}
 }
 ----
-<1> Configure a SecurityWebFilterChain with an `@Order` to specify which `SecurityWebFilterChain` should be considered first
+<1> Configure a `SecurityWebFilterChain` with an `@Order` to specify which `SecurityWebFilterChain` Spring Security should consider first
-<2> The `PathPatternParserServerWebExchangeMatcher` states that this `SecurityWebFilterChain` will only be applicable to URLs that start with `/api/`
+<2> Use `PathPatternParserServerWebExchangeMatcher` to state that this `SecurityWebFilterChain` will only apply to URL paths that start with `/api/`
-<3> Create another instance of `SecurityWebFilterChain` with lower precedence.
+<3> Specify the authentication mechanisms that will be used for `/api/**` endpoints
-<4> Some configurations applies to all path matchers within the `webFormHttpSecurity` but not to `apiHttpSecurity` `SecurityWebFilterChain`.
+<4> Create another instance of `SecurityWebFilterChain` with lower precedence to match all other URLs
 <5> Specify the authentication mechanisms that will be used for the rest of the application
-If the URL does not start with `/api/` the `webFormHttpSecurity` configuration will be used.
+Spring Security will select one `SecurityWebFilterChain` `@Bean` for each request.
 It will match the requests in order by the `securityMatcher` definition.
 In this case, that means that if the URL path starts with `/api`, then Spring Security will use `apiHttpSecurity`.
 If the URL does not start with `/api` then Spring Security will default to `webHttpSecurity`, which has an implied `securityMatcher` that matches any request.