[JAVA-29010] Upgrade spring-reactive-security to Spring Boot 3 (#16153)
This commit is contained in:
Amit Pandey
GitHub
parent
04b7d05a76
commit
da41c860a1
|
|
@ -24,7 +24,7 @@
|
|||
<module>spring-reactive-client-2</module>
|
||||
<module>spring-reactive-filters</module>
|
||||
<module>spring-reactive-oauth</module>
|
||||
<module>spring-reactive-security</module>
|
||||
<!--<module>spring-reactive-security</module> Uncomment after the parent module gets upgraded to Boot 3-->
|
||||
<module>spring-reactive-data-couchbase</module>
|
||||
<module>spring-reactive</module>
|
||||
<module>spring-reactive-exceptions</module>
|
||||
|
|
|
|||
|
|
@ -10,9 +10,10 @@
|
|||
<description>spring boot security sample project about new features</description>
|
||||
|
||||
<parent>
|
||||
<groupId>com.baeldung.spring.reactive</groupId>
|
||||
<artifactId>spring-reactive-modules</artifactId>
|
||||
<version>1.0.0-SNAPSHOT</version>
|
||||
<groupId>com.baeldung</groupId>
|
||||
<artifactId>parent-boot-3</artifactId>
|
||||
<version>0.0.1-SNAPSHOT</version>
|
||||
<relativePath>../../parent-boot-3</relativePath>
|
||||
</parent>
|
||||
|
||||
<dependencies>
|
||||
|
|
@ -34,8 +35,8 @@
|
|||
<version>${reactor-spring.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.json.bind</groupId>
|
||||
<artifactId>javax.json.bind-api</artifactId>
|
||||
<groupId>jakarta.json.bind</groupId>
|
||||
<artifactId>jakarta.json.bind-api</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.projectlombok</groupId>
|
||||
|
|
@ -51,6 +52,7 @@
|
|||
<dependency>
|
||||
<groupId>org.apache.johnzon</groupId>
|
||||
<artifactId>johnzon-jsonb</artifactId>
|
||||
<version>${johnzon-jsonb.version}</version>
|
||||
</dependency>
|
||||
<!-- utils -->
|
||||
<dependency>
|
||||
|
|
@ -63,6 +65,11 @@
|
|||
<artifactId>spring-boot-devtools</artifactId>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>jakarta.json</groupId>
|
||||
<artifactId>jakarta.json-api</artifactId>
|
||||
<version>${jakarta.json-api.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-test</artifactId>
|
||||
|
|
@ -117,6 +124,8 @@
|
|||
<geronimo-json_1.1_spec.version>1.0</geronimo-json_1.1_spec.version>
|
||||
<reactor-test.version>3.1.6.RELEASE</reactor-test.version>
|
||||
<reactor.version>3.4.29</reactor.version>
|
||||
<jakarta.json-api.version>2.0.1</jakarta.json-api.version>
|
||||
<johnzon-jsonb.version>2.0.0</johnzon-jsonb.version>
|
||||
</properties>
|
||||
|
||||
</project>
|
||||
|
|
@ -2,10 +2,13 @@ package com.baeldung.reactive.authresolver;
|
|||
|
||||
import java.util.Collections;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.ReactiveAuthenticationManager;
|
||||
import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
|
|
@ -24,12 +27,10 @@ public class CustomWebSecurityConfig {
|
|||
@Bean
|
||||
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
|
||||
return http
|
||||
.authorizeExchange()
|
||||
.pathMatchers("/**")
|
||||
.authenticated()
|
||||
.and()
|
||||
.httpBasic()
|
||||
.disable()
|
||||
.csrf(csrfSpec -> csrfSpec.disable())
|
||||
.authorizeExchange(auth -> auth.pathMatchers(HttpMethod.GET,"/**")
|
||||
.authenticated())
|
||||
.httpBasic(httpBasicSpec -> httpBasicSpec.disable())
|
||||
.addFilterAfter(authenticationWebFilter(), SecurityWebFiltersOrder.REACTOR_CONTEXT)
|
||||
.build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ public class CorsGlobalConfigApplication {
|
|||
|
||||
@Bean
|
||||
public SecurityWebFilterChain corsGlobalSpringSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http.csrf().disable();
|
||||
http.csrf(csrfSpec -> csrfSpec.disable());
|
||||
return http.build();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ public class CorsWebFilterApplication {
|
|||
|
||||
@Bean
|
||||
public SecurityWebFilterChain corsWebfilterSpringSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http.csrf().disable();
|
||||
http.csrf(csrfSpec -> csrfSpec.disable());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package com.baeldung.webflux;
|
|||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
|
||||
import org.springframework.security.config.web.server.ServerHttpSecurity;
|
||||
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
|
||||
|
|
@ -27,15 +28,13 @@ public class EmployeeWebSecurityConfig {
|
|||
|
||||
@Bean
|
||||
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
|
||||
http.csrf()
|
||||
.disable()
|
||||
.authorizeExchange()
|
||||
http.csrf(csrfSpec -> csrfSpec.disable())
|
||||
.authorizeExchange(auth -> auth
|
||||
.pathMatchers(HttpMethod.POST, "/employees/update")
|
||||
.hasRole("ADMIN")
|
||||
.pathMatchers("/**")
|
||||
.permitAll()
|
||||
.and()
|
||||
.httpBasic();
|
||||
.permitAll())
|
||||
.httpBasic(Customizer.withDefaults());
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,19 +1,21 @@
|
|||
package com.baeldung.reactive.authresolver;
|
||||
|
||||
import java.util.Base64;
|
||||
|
||||
import org.junit.FixMethodOrder;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.junit.runners.MethodSorters;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||
|
||||
@RunWith(SpringRunner.class)
|
||||
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = AuthResolverApplication.class)
|
||||
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT, classes = {AuthResolverApplication.class, AuthResolverController.class, CustomWebSecurityConfig.class})
|
||||
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
|
||||
@AutoConfigureWebTestClient(timeout = "36000000")
|
||||
public class AuthResolverIntegrationTest {
|
||||
@Autowired
|
||||
private WebTestClient testClient;
|
||||
|
|
|
|||
Loading…
Reference in New Issue