@Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { return http.authorizeExchange() .anyExchange().permitAll() .and() .csrf().disable() .build(); } }
@Bean public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) { // @formatter:off http .authorizeExchange() .anyExchange().authenticated() .and() .oauth2Login() .authenticationConverter(authenticationConverter) .authenticationManager(authenticationManager()); return http.build(); // @formatter:on }
@Bean SecurityWebFilterChain authorization(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .anyExchange().denyAll() .and() .oauth2ResourceServer() .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); } }
.authorizeExchange() .anyExchange().authenticated() .and() .formLogin().and() .logout()
.authorizeExchange() .anyExchange().authenticated() .and() .formLogin().and() .build();
.authorizeExchange() .anyExchange().authenticated() .and() .formLogin().and() .build();
@Test public void authenticationSuccess() { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange() .anyExchange().authenticated() .and() .formLogin() .authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/custom")) .and() .build(); WebTestClient webTestClient = WebTestClientBuilder .bindToWebFilters(securityWebFilter) .build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder .webTestClientSetup(webTestClient) .build(); DefaultLoginPage loginPage = DefaultLoginPage.to(driver) .assertAt(); HomePage homePage = loginPage.loginForm() .username("user") .password("password") .submit(HomePage.class); assertThat(driver.getCurrentUrl()).endsWith("/custom"); }
@Test public void customLoginPage() { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange() .pathMatchers("/login").permitAll() .anyExchange().authenticated() .and() .formLogin() .loginPage("/login") .and() .build(); WebTestClient webTestClient = WebTestClient .bindToController(new CustomLoginPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)) .build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder .webTestClientSetup(webTestClient) .build(); CustomLoginPage loginPage = HomePage.to(driver, CustomLoginPage.class) .assertAt(); HomePage homePage = loginPage.loginForm() .username("user") .password("password") .submit(HomePage.class); homePage.assertAt(); }
@Test public void requestCacheNoOp() { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange() .anyExchange().authenticated() .and() .formLogin().and() .requestCache() .requestCache(NoOpServerRequestCache.getInstance()) .and() .build(); WebTestClient webTestClient = WebTestClient .bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)) .build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder .webTestClientSetup(webTestClient) .build(); DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class) .assertAt(); HomePage securedPage = loginPage.loginForm() .username("user") .password("password") .submit(HomePage.class); securedPage.assertAt(); }
@Test public void customAuthenticationEntryPoint() { SecurityWebFilterChain securityWebFilter = this.http .csrf().disable() .authorizeExchange() .anyExchange().authenticated() .and() .exceptionHandling() .authenticationEntryPoint(redirectServerAuthenticationEntryPoint("/auth")) .and() .build(); WebTestClient client = WebTestClientBuilder .bindToWebFilters(securityWebFilter) .build(); client .get() .uri("/test") .exchange() .expectStatus().isFound() .expectHeader().valueMatches("Location", ".*"); }
@Test public void defaultFormLoginRequestCache() { SecurityWebFilterChain securityWebFilter = this.http .authorizeExchange() .anyExchange().authenticated() .and() .formLogin().and() .build(); WebTestClient webTestClient = WebTestClient .bindToController(new SecuredPageController(), new WebTestClientBuilder.Http200RestController()) .webFilter(new WebFilterChainProxy(securityWebFilter)) .build(); WebDriver driver = WebTestClientHtmlUnitDriverBuilder .webTestClientSetup(webTestClient) .build(); DefaultLoginPage loginPage = SecuredPage.to(driver, DefaultLoginPage.class) .assertAt(); SecuredPage securedPage = loginPage.loginForm() .username("user") .password("password") .submit(SecuredPage.class); securedPage.assertAt(); }
@Test public void defaultAccessDeniedHandler() { SecurityWebFilterChain securityWebFilter = this.http .csrf().disable() .httpBasic().and() .authorizeExchange() .anyExchange().hasRole("ADMIN") .and() .exceptionHandling() .and() .build(); WebTestClient client = WebTestClientBuilder .bindToWebFilters(securityWebFilter) .build(); client .get() .uri("/admin") .headers(headers -> headers.setBasicAuth("user", "password")) .exchange() .expectStatus().isForbidden(); }
@Test public void defaultAuthenticationEntryPoint() { SecurityWebFilterChain securityWebFilter = this.http .csrf().disable() .authorizeExchange() .anyExchange().authenticated() .and() .exceptionHandling() .and() .build(); WebTestClient client = WebTestClientBuilder .bindToWebFilters(securityWebFilter) .build(); client .get() .uri("/test") .exchange() .expectStatus().isUnauthorized() .expectHeader().valueMatches("WWW-Authenticate", "Basic.*"); }
@Test public void customAccessDeniedHandler() { SecurityWebFilterChain securityWebFilter = this.http .csrf().disable() .httpBasic().and() .authorizeExchange() .anyExchange().hasRole("ADMIN") .and() .exceptionHandling() .accessDeniedHandler(httpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST)) .and() .build(); WebTestClient client = WebTestClientBuilder .bindToWebFilters(securityWebFilter) .build(); client .get() .uri("/admin") .headers(headers -> headers.setBasicAuth("user", "password")) .exchange() .expectStatus().isBadRequest(); }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .pathMatchers("/authenticated").authenticated() .pathMatchers("/unobtainable").hasAuthority("unobtainable") .and() .oauth2ResourceServer() .accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.BANDWIDTH_LIMIT_EXCEEDED)) .authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.I_AM_A_TEAPOT)) .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); } }
@Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) { return http.httpBasic().and() .authorizeExchange() .pathMatchers("/myapi/**").authenticated() .anyExchange().permitAll() .and() .build(); }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .anyExchange().hasAuthority("SCOPE_message:read") .and() .oauth2ResourceServer() .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); } }
@Bean public SecurityWebFilterChain springSecurityFilter(ServerHttpSecurity http) { http .authorizeExchange() .anyExchange().authenticated() .and() .oauth2Login() .authenticationConverter(authenticationConverter) .authenticationManager(manager) .authenticationMatcher(matcher) .authorizationRequestResolver(resolver); return http.build(); } }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .anyExchange().hasAuthority("message:read") .and() .oauth2ResourceServer() .jwt() .jwtAuthenticationConverter(jwtAuthenticationConverter()) .publicKey(publicKey()); // @formatter:on return http.build(); }
@Bean SecurityWebFilterChain springSecurity(ServerHttpSecurity http) throws Exception { // @formatter:off http .authorizeExchange() .anyExchange().hasAuthority("SCOPE_message:read") .and() .oauth2ResourceServer() .bearerTokenConverter(bearerTokenAuthenticationConverter()) .jwt() .publicKey(publicKey()); // @formatter:on return http.build(); }