diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java index 3432ed4edb..c5a52af35d 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurity.java @@ -18,10 +18,64 @@ package org.springframework.security.config.annotation.web.reactive; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; +import org.springframework.security.config.web.server.ServerHttpSecurity; -import java.lang.annotation.*; +import java.lang.annotation.Documented; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; /** + * Add this annotation to a {@code Configuration} class to have Spring Security WebFlux + * support added. User's can then create one or more {@link ServerHttpSecurity} + * {@code Bean} instances. + * + * A minimal configuration can be found below: + * + * 
+ * @EnableWebFluxSecurity
+ * public class MyMinimalSecurityConfiguration {
+ *
+ *     @Bean
+ *     public MapReactiveUserDetailsService userDetailsRepository() {
+ *          UserDetails user = User.withDefaultPasswordEncoder()
+ *               .username("user")
+ *               .password("password")
+ *               .roles("USER")
+ *               .build();
+ *          return new MapReactiveUserDetailsService(user);
+ *     }
+ * }
+ *
+ * Below is the same as our minimal configuration, but explicitly declaring the
+ * {@code ServerHttpSecurity}.
+ *
+ * 
+ * @EnableWebFluxSecurity
+ * public class MyExplicitSecurityConfiguration {
+ *     @Bean
+ *     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
+ *          http
+ *               .authorizeExchange()
+ *                    .anyExchange().authenticated()
+ *                         .and()
+ *                    .httpBasic().and()
+ *                    .formLogin();
+ *          return http.build();
+ *     }
+ *
+ *     @Bean
+ *     public MapReactiveUserDetailsService userDetailsRepository() {
+ *          UserDetails user = User.withDefaultPasswordEncoder()
+ *               .username("user")
+ *               .password("password")
+ *               .roles("USER")
+ *               .build();
+ *          return new MapReactiveUserDetailsService(user);
+ *     }
+ * }
+ *
  * @author Rob Winch
  * @since 5.0
  */
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
index 578910c28e..380e4d4e66 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
@@ -35,7 +35,7 @@ import static org.springframework.security.config.web.server.ServerHttpSecurity.
  * @author Rob Winch
  * @since 5.0
  */
-public class ServerHttpSecurityConfiguration implements WebFluxConfigurer {
+class ServerHttpSecurityConfiguration implements WebFluxConfigurer {
 	private static final String BEAN_NAME_PREFIX = "org.springframework.security.config.annotation.web.reactive.HttpSecurityConfiguration.";
 	private static final String HTTPSECURITY_BEAN_NAME = BEAN_NAME_PREFIX + "httpSecurity";