@Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception { //@formatter:off return http .csrf().disable() .httpBasic().securityContextRepository(new WebSessionServerSecurityContextRepository()) .and() .authorizeExchange() .pathMatchers(HttpMethod.GET, "/posts/**").permitAll() .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN") .pathMatchers("/posts/**").authenticated() .pathMatchers("/auth/**").authenticated() .pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath) .anyExchange().permitAll() .and() .build(); //@formatter:on }