@Test public void basicWithAnonymous() { given(this.authenticationManager.authenticate(any())).willReturn(Mono.just(new TestingAuthenticationToken("rob", "rob", "ROLE_USER", "ROLE_ADMIN"))); this.http.securityContextRepository(new WebSessionServerSecurityContextRepository()); this.http.httpBasic().and().anonymous(); this.http.authenticationManager(this.authenticationManager); ServerHttpSecurity.AuthorizeExchangeSpec authorize = this.http.authorizeExchange(); authorize.anyExchange().hasAuthority("ROLE_ADMIN"); WebTestClient client = buildClient(); EntityExchangeResult<String> result = client.get() .uri("/") .headers(headers -> headers.setBasicAuth("rob", "rob")) .exchange() .expectStatus().isOk() .expectHeader().valueMatches(HttpHeaders.CACHE_CONTROL, ".+") .expectBody(String.class).consumeWith(b -> assertThat(b.getResponseBody()).isEqualTo("ok")) .returnResult(); assertThat(result.getResponseCookies().getFirst("SESSION")).isNull(); }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .anyExchange().hasAuthority("SCOPE_message:read") .and() .oauth2ResourceServer() .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); } }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .anyExchange().hasAuthority("message:read") .and() .oauth2ResourceServer() .jwt() .jwtAuthenticationConverter(jwtAuthenticationConverter()) .publicKey(publicKey()); // @formatter:on return http.build(); }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .pathMatchers("/authenticated").authenticated() .pathMatchers("/unobtainable").hasAuthority("unobtainable") .and() .oauth2ResourceServer() .accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED)) .authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.I_AM_A_TEAPOT)) .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); } }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .anyExchange().hasAuthority("SCOPE_message:read") .and() .oauth2ResourceServer() .bearerTokenConverter(bearerTokenAuthenticationConverter()) .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); }