Add example for customizing webflux security

Closes gh-11928
7 years ago · 3880bdb908
parent 16a499b2fa
commit 3880bdb908
2 changed files with 53 additions and 0 deletions
--- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
+++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
@ -3023,6 +3023,7 @@ commonly used locations.

 [[boot-features-security-webflux]]
 === WebFlux Security
+Similar to Spring MVC applications, you can secure your WebFlux applications by adding the `spring-boot-starter-security` dependency.
 The default security configuration is implemented in `ReactiveSecurityAutoConfiguration` and in
 the classes imported from there (`WebFluxSecurityConfiguration` for web security
 and `ReactiveAuthenticationManagerConfiguration` for authentication configuration, which is also
@ -3041,6 +3042,13 @@ that is based on the `management.endpoints.web.base-path` property.
 `PathRequest` can be used to create a `ServerWebExchangeMatcher` for resources in
 commonly used locations.

+For example, you can customize your security configuration by adding something like:
+
+[source,java,indent=0]
+----
+include::{code-examples}/web/security/CustomWebFluxSecurityExample.java[tag=custom-webflux-security]
+----
+

 [[boot-features-security-oauth2]]
 === OAuth2
--- a/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/CustomWebFluxSecurityExample.java
+++ b/spring-boot-project/spring-boot-docs/src/main/java/org/springframework/boot/docs/web/security/CustomWebFluxSecurityExample.java
@ -0,0 +1,45 @@
+/*
+ * Copyright 2012-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.boot.docs.web.security;
+
+import org.springframework.boot.autoconfigure.security.reactive.PathRequest;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+
+/**
+ * Example configuration for customizing security rules for a WebFlux application.
+ *
+ * @author Madhura Bhave
+ */
+@EnableWebFluxSecurity
+public class CustomWebFluxSecurityExample {
+
+	@Bean
+	public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
+		http
+			.authorizeExchange()
+				.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
+				.pathMatchers("/foo", "/bar")
+					.authenticated().and()
+				.formLogin();
+		return http.build();
+	}
+
+}
+