From 3880bdb90823ca2f9e8679d82adb1eb02c2e18a1 Mon Sep 17 00:00:00 2001 From: Madhura Bhave Date: Mon, 12 Feb 2018 16:26:30 -0800 Subject: [PATCH] Add example for customizing webflux security Closes gh-11928 --- .../main/asciidoc/spring-boot-features.adoc | 8 ++++ .../CustomWebFluxSecurityExample.java | 45 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/CustomWebFluxSecurityExample.java diff --git a/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc b/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc index 5855b2391f..945adfd638 100644 --- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc +++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc @@ -3023,6 +3023,7 @@ commonly used locations. [[boot-features-security-webflux]] === WebFlux Security +Similar to Spring MVC applications, you can secure your WebFlux applications by adding the `spring-boot-starter-security` dependency. The default security configuration is implemented in `ReactiveSecurityAutoConfiguration` and in the classes imported from there (`WebFluxSecurityConfiguration` for web security and `ReactiveAuthenticationManagerConfiguration` for authentication configuration, which is also @@ -3041,6 +3042,13 @@ that is based on the `management.endpoints.web.base-path` property. `PathRequest` can be used to create a `ServerWebExchangeMatcher` for resources in commonly used locations. +For example, you can customize your security configuration by adding something like: + +[source,java,indent=0] +---- +include::{code-examples}/web/security/CustomWebFluxSecurityExample.java[tag=custom-webflux-security] +---- + [[boot-features-security-oauth2]] === OAuth2 diff --git a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/CustomWebFluxSecurityExample.java b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/CustomWebFluxSecurityExample.java new file mode 100644 index 0000000000..e4479587b0 --- /dev/null +++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/CustomWebFluxSecurityExample.java @@ -0,0 +1,45 @@ +/* + * Copyright 2012-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.boot.docs.web.security; + +import org.springframework.boot.autoconfigure.security.reactive.PathRequest; +import org.springframework.context.annotation.Bean; +import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity; +import org.springframework.security.config.web.server.ServerHttpSecurity; +import org.springframework.security.web.server.SecurityWebFilterChain; + +/** + * Example configuration for customizing security rules for a WebFlux application. + * + * @author Madhura Bhave + */ +@EnableWebFluxSecurity +public class CustomWebFluxSecurityExample { + + @Bean + public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { + http + .authorizeExchange() + .matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll() + .pathMatchers("/foo", "/bar") + .authenticated().and() + .formLogin(); + return http.build(); + } + +} +