Java Code Examples for org.springframework.security.web.server.SecurityWebFilterChain

The following examples show how to use org.springframework.security.web.server.SecurityWebFilterChain. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
	http
		.csrf().disable()
		.authorizeExchange()
			.pathMatchers("/headerrouting/**").permitAll()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers("/eureka/**").permitAll()
			.pathMatchers("/oauth/**").permitAll()
			.pathMatchers("/config/**").permitAll()
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 2
Source Project: FEBS-Cloud   Source File: SecurityConfigure.java    License: Apache License 2.0 6 votes vote down vote up
@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
    return http
            .exceptionHandling()
            .authenticationEntryPoint((s, e) -> Mono.fromRunnable(() -> s.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED)))
            .accessDeniedHandler((s, e) -> Mono.fromRunnable(() -> s.getResponse().setStatusCode(HttpStatus.FORBIDDEN)))
            .and()
            .headers().frameOptions().disable()
            .and()
            .csrf().disable()
            .formLogin().disable()
            .httpBasic().disable()
            .authenticationManager(authenticationManager)
            .securityContextRepository(securityContextRepository)
            .authorizeExchange()
            .pathMatchers(HttpMethod.OPTIONS).permitAll()
            .pathMatchers("/route/auth/**").authenticated()
            .anyExchange().permitAll()
            .and().build();
}
 
Example 3
Source Project: spring-security-samples   Source File: SecurityConfig.java    License: MIT License 6 votes vote down vote up
@Bean
public SecurityWebFilterChain securityWebFilterChain() {
	// the matcher for all paths that need to be secured (require a logged-in user)
	final ServerWebExchangeMatcher apiPathMatcher = pathMatchers(API_MATCHER_PATH);

	// default chain for all requests
	final ServerHttpSecurity http = this.context.getBean(ServerHttpSecurity.class);

	return http
		.authorizeExchange().matchers(apiPathMatcher).authenticated()
		.anyExchange().permitAll()
		.and().httpBasic().disable()
		.csrf().disable()
		.oauth2Client()
		.and()
		.oauth2Login()
		.and()
		.build();
}
 
Example 4
Source Project: spring-security-samples   Source File: SecurityConfig.java    License: MIT License 6 votes vote down vote up
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http,
		ReactiveClientRegistrationRepository clientRegistrationRepository) {
	// Authenticate through configured OpenID Provider
	http.oauth2Login();
	// Also logout at the OpenID Connect provider
	http.logout(logout -> logout.logoutSuccessHandler(new OidcClientInitiatedServerLogoutSuccessHandler(
			clientRegistrationRepository)));
	// Require authentication for all requests
	http.authorizeExchange().anyExchange().authenticated();
	// Allow showing /home within a frame
	http.headers().frameOptions().mode(Mode.SAMEORIGIN);
	// Disable CSRF in the gateway to prevent conflicts with proxied service CSRF
	http.csrf().disable();
	return http.build();
}
 
Example 5
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
	http
		.csrf().disable()
		.authorizeExchange()
			.pathMatchers("/headerrouting/**").permitAll()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers("/eureka/**").permitAll()
			.pathMatchers("/oauth/**").permitAll()
			.pathMatchers("/config/**").permitAll()
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 6
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
	http
		.csrf().disable()
		.authorizeExchange()
			.pathMatchers("/headerrouting/**").permitAll()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers("/eureka/**").permitAll()
			.pathMatchers("/oauth/**").permitAll()
			.pathMatchers("/config/**").permitAll()
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 7
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
	http
		.csrf().disable()
		.authorizeExchange()
			.pathMatchers("/headerrouting/**").permitAll()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers("/eureka/**").permitAll()
			.pathMatchers("/oauth/**").permitAll()
			.pathMatchers("/config/**").permitAll()
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 8
Source Project: webFluxTemplate   Source File: SecurityConfiguration.java    License: MIT License 6 votes vote down vote up
@Bean
public SecurityWebFilterChain springSecurityFilterChain(final ServerHttpSecurity http,
                                                        final JwtAuthenticationWebFilter authenticationWebFilter,
                                                        final UnauthorizedAuthenticationEntryPoint entryPoint) {
    // We must override AuthenticationEntryPoint because if AuthenticationWebFilter didn't kicked in
    // (i.e. there are no required headers) then default behavior is to display HttpBasicAuth,
    // so we just return unauthorized to override it.
    // Filter tries to authenticate each request if it contains required headers.
    // Finally, we disable all default security.
    http
            .exceptionHandling()
            .authenticationEntryPoint(entryPoint)
            .and()
            .addFilterAt(authenticationWebFilter, SecurityWebFiltersOrder.AUTHENTICATION)
            .authorizeExchange()
            .pathMatchers(AUTH_WHITELIST).permitAll()
            .anyExchange().authenticated()
            .and()
            .httpBasic().disable()
            .formLogin().disable()
            .csrf().disable()
            .logout().disable();
    return http.build();
}
 
Example 9
Source Project: errors-spring-boot-starter   Source File: ReactiveConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http,
                                                     ServerAccessDeniedHandler accessDeniedHandler,
                                                     ServerAuthenticationEntryPoint authenticationEntryPoint) {
    return http
        .csrf()
        .accessDeniedHandler(accessDeniedHandler)
        .and()
        .exceptionHandling()
        .authenticationEntryPoint(authenticationEntryPoint)
        .accessDeniedHandler(accessDeniedHandler)
        .and()
        .authorizeExchange()
        .pathMatchers(GET, "/test/protected").authenticated()
        .pathMatchers(POST, "/test/protected").hasRole("ADMIN")
        .anyExchange().permitAll()
        .and().build();
}
 
Example 10
Source Project: training   Source File: ReactiveSecurityApplication.java    License: Apache License 2.0 6 votes vote down vote up
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity http) {
	ReactiveAuthorizationManager<AuthorizationContext> auth =
			(authentication, object) -> Mono.just(new AuthorizationDecision(object.getVariables().get("name").equals("rwinch")));

	//@formatter:off
	return
			http
			.authorizeExchange()
				.pathMatchers("/greeting").authenticated()
				.pathMatchers("/hi/{name}").access(auth)
			.and()
				.csrf()
					.disable()
			.httpBasic()
			.and()
			.build();
	//@formatter:on
}
 
Example 11
@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
	return http
			.exceptionHandling()
			.authenticationEntryPoint((swe, e) -> {
				return Mono.fromRunnable(() -> {
					swe.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
				});
			}).accessDeniedHandler((swe, e) -> {
				return Mono.fromRunnable(() -> {
					swe.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
				});
			}).and()
			.csrf().disable()
			.formLogin().disable()
			.httpBasic().disable()
			.authenticationManager(authenticationManager)
			.securityContextRepository(securityContextRepository)
			.authorizeExchange()
			.pathMatchers(HttpMethod.OPTIONS).permitAll()
			.pathMatchers("/login").permitAll()
			.anyExchange().authenticated()
			.and().build();
}
 
Example 12
Source Project: spring-5-examples   Source File: SecurityConfig.java    License: MIT License 6 votes vote down vote up
@Bean SecurityWebFilterChain springSecurityFilterChain(final ServerHttpSecurity http) {

    http
        .authorizeExchange()
          .pathMatchers("/favicon.ico", "/css/**", "/webjars/**")
            .permitAll()
          .anyExchange()
            .authenticated()
            .and()
        .httpBasic()
          .and()
        .formLogin()
          .and()
        .logout()
    ;

    return http.build();
  }
 
Example 13
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    //认证处理器
    ReactiveAuthenticationManager customAuthenticationManager = new CustomAuthenticationManager(tokenStore);
    JsonAuthenticationEntryPoint entryPoint = new JsonAuthenticationEntryPoint();
    //token转换器
    ServerBearerTokenAuthenticationConverter tokenAuthenticationConverter = new ServerBearerTokenAuthenticationConverter();
    tokenAuthenticationConverter.setAllowUriQueryParameter(true);
    //oauth2认证过滤器
    AuthenticationWebFilter oauth2Filter = new AuthenticationWebFilter(customAuthenticationManager);
    oauth2Filter.setServerAuthenticationConverter(tokenAuthenticationConverter);
    oauth2Filter.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
    oauth2Filter.setAuthenticationSuccessHandler(new Oauth2AuthSuccessHandler());
    http.addFilterAt(oauth2Filter, SecurityWebFiltersOrder.AUTHENTICATION);

    ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchange = http.authorizeExchange();
    if (securityProperties.getAuth().getHttpUrls().length > 0) {
        authorizeExchange.pathMatchers(securityProperties.getAuth().getHttpUrls()).authenticated();
    }
    if (securityProperties.getIgnore().getUrls().length > 0) {
        authorizeExchange.pathMatchers(securityProperties.getIgnore().getUrls()).permitAll();
    }
    authorizeExchange
            .pathMatchers(HttpMethod.OPTIONS).permitAll()
            .anyExchange()
                .access(permissionAuthManager)
            .and()
                .exceptionHandling()
                    .accessDeniedHandler(new JsonAccessDeniedHandler())
                    .authenticationEntryPoint(entryPoint)
            .and()
                .headers()
                    .frameOptions()
                    .disable()
            .and()
                .httpBasic().disable()
                .csrf().disable();
    return http.build();
}
 
Example 14
Source Project: spring-cloud-study   Source File: Application.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
    SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
        return http.csrf().disable().authorizeExchange()
                .anyExchange().permitAll()
                .and()
                .build();
//        return http.httpBasic().and()
//                .csrf().disable()
//                .authorizeExchange()
//                .pathMatchers("/limiter/**").authenticated()
//                .anyExchange().permitAll()
//                .and()
//                .build();
    }
 
Example 15
Source Project: spring-microservice-exam   Source File: SecurityConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	String[] ignores = new String[filterIgnorePropertiesConfig.getUrls().size()];
	http
			.csrf().disable()
			.authorizeExchange()
			.pathMatchers(filterIgnorePropertiesConfig.getUrls().toArray(ignores)).permitAll()
			.anyExchange().authenticated();
	http.oauth2ResourceServer().jwt();
	return http.build();
}
 
Example 16
Source Project: spring-cloud-gateway-demo   Source File: SecurityConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
  http
      .authorizeExchange()
        .pathMatchers("/resource")
          .hasAuthority("SCOPE_resource.read")
        .anyExchange()
          .authenticated()
        .and()
      .oauth2ResourceServer()
        .jwt();
  return http.build();
}
 
Example 17
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    // @formatter:off
    http
        .authorizeExchange()
            .anyExchange().authenticated()
            .and()
        .oauth2ResourceServer()
            .jwt();

    Okta.configureResourceServer401ResponseBody(http);

    return http.build();
    // @formatter:on
}
 
Example 18
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http
        .authorizeExchange()
        .pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
        .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
        //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
        .anyExchange().authenticated()
        .and()
        .build();
}
 
Example 19
Source Project: vertx-spring-boot   Source File: TestBase.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    return http
        .csrf().disable()
        .authorizeExchange().anyExchange().permitAll()
        .and()
        .build();
}
 
Example 20
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 21
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
	return http
		.authorizeExchange()
			.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
               .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
			//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
			.anyExchange().authenticated()
			.and()
		.build();
}
 
Example 22
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http
        .authorizeExchange()
        .pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
        .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
        //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
        .anyExchange().authenticated()
        .and()
        .build();
}
 
Example 23
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 24
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
	http
		.csrf().disable()
		.authorizeExchange()
			.pathMatchers("/headerrouting/**").permitAll()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers("/oauth/**").permitAll()
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 25
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 26
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 27
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
	return http
		.authorizeExchange()
			.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
               //.pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")//replace this with method level constraints
			//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
			.anyExchange().authenticated()
			.and()
		.build();
}
 
Example 28
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http
        .authorizeExchange()
        .pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
        .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
        //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
        .anyExchange().authenticated()
        .and()
        .build();
}
 
Example 29
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 30
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}