Merge pull request #4810 from eugenp/BAEL-1447-v2

add security exc
This commit is contained in:
Loredana Crusoveanu 2018-07-25 23:50:04 +03:00 committed by GitHub
commit 83d0a6c33e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 12 deletions

View File

@ -1,5 +1,6 @@
package com.baeldung.reactive.security;
import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
@ -9,6 +10,8 @@ import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;
import com.baeldung.reactive.actuator.FeaturesEndpoint;
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class SecurityConfig {
@ -16,25 +19,33 @@ public class SecurityConfig {
@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
return http.authorizeExchange()
.pathMatchers("/admin").hasAuthority("ROLE_ADMIN")
.anyExchange().permitAll()
.and().formLogin()
.and().build();
.pathMatchers("/admin")
.hasAuthority("ROLE_ADMIN")
.matchers(EndpointRequest.to(FeaturesEndpoint.class))
.permitAll()
.anyExchange()
.permitAll()
.and()
.formLogin()
.and()
.csrf()
.disable()
.build();
}
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
.username("user")
.password("password")
.roles("USER")
.build();
UserDetails admin = User.withDefaultPasswordEncoder()
.username("admin")
.password("password")
.roles("ADMIN")
.build();
.username("admin")
.password("password")
.roles("ADMIN")
.build();
return new MapReactiveUserDetailsService(user, admin);
}