Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-01 19:09:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add reactive HTTP exploit samples

Browse Source 
Issue gh-8172
This commit is contained in:
Eleftheria Stein 2020-09-18 14:43:23 +02:00
parent 72acc2959e
commit f26387a4b7
1 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
docs/manual/src/docs/asciidoc/_includes/reactive/exploits/http.adoc
View File

@ -14,7 +14,8 @@ For example, the following Java configuration will redirect any HTTP requests to
.Redirect to HTTPS
====
[source,java]
.Java
[source,java,role="primary"]
----
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
@ -24,6 +25,18 @@ SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
return http.build();
}
----
.Kotlin
[source,kotlin,role="secondary"]
----
@Bean
fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
return http {
// ...
redirectToHttps { }
}
}
----
====
The configuration can easily be wrapped around an if statement to only be turned on in production.
@ -32,7 +45,8 @@ For example, if the production environment adds a header named `X-Forwarded-Prot
.Redirect to HTTPS when X-Forwarded
====
[source,java]
.Java
[source,java,role="primary"]
----
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
@ -44,6 +58,22 @@ SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
return http.build();
}
----
.Kotlin
[source,kotlin,role="secondary"]
----
@Bean
fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
return http {
// ...
redirectToHttps {
httpsRedirectWhen {
it.request.headers.containsKey("X-Forwarded-Proto")
}
}
}
}
----
====
[[webflux-hsts]]