org.springframework.security.config.web.server.ServerHttpSecurity Java Examples
The following examples show how to use
org.springframework.security.config.web.server.ServerHttpSecurity.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SecurityConfig.java From spring-5-examples with MIT License | 6 votes |
|
@Bean SecurityWebFilterChain springSecurityFilterChain(final ServerHttpSecurity http) {
http
.authorizeExchange()
.pathMatchers("/favicon.ico", "/css/**", "/webjars/**")
.permitAll()
.anyExchange()
.authenticated()
.and()
.httpBasic()
.and()
.formLogin()
.and()
.logout()
;
return http.build();
}
Example #2
| Source File: ReactiveConfig.java From errors-spring-boot-starter with Apache License 2.0 | 6 votes |
|
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http,
ServerAccessDeniedHandler accessDeniedHandler,
ServerAuthenticationEntryPoint authenticationEntryPoint) {
return http
.csrf()
.accessDeniedHandler(accessDeniedHandler)
.and()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint)
.accessDeniedHandler(accessDeniedHandler)
.and()
.authorizeExchange()
.pathMatchers(GET, "/test/protected").authenticated()
.pathMatchers(POST, "/test/protected").hasRole("ADMIN")
.anyExchange().permitAll()
.and().build();
}
Example #3
| Source File: SecurityConfig.java From Hands-On-Microservices-with-Spring-Boot-and-Spring-Cloud with MIT License | 6 votes |
|
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeExchange()
.pathMatchers("/headerrouting/**").permitAll()
.pathMatchers("/actuator/**").permitAll()
.pathMatchers("/eureka/**").permitAll()
.pathMatchers("/oauth/**").permitAll()
.pathMatchers("/config/**").permitAll()
.anyExchange().authenticated()
.and()
.oauth2ResourceServer()
.jwt();
return http.build();
}
Example #4
| Source File: SecurityConfig.java From Hands-On-Microservices-with-Spring-Boot-and-Spring-Cloud with MIT License | 6 votes |
|
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeExchange()
.pathMatchers("/headerrouting/**").permitAll()
.pathMatchers("/actuator/**").permitAll()
.pathMatchers("/eureka/**").permitAll()
.pathMatchers("/oauth/**").permitAll()
.pathMatchers("/config/**").permitAll()
.anyExchange().authenticated()
.and()
.oauth2ResourceServer()
.jwt();
return http.build();
}
Example #5
| Source File: ReactiveSecurityApplication.java From training with Apache License 2.0 | 6 votes |
|
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity http) {
ReactiveAuthorizationManager<AuthorizationContext> auth =
(authentication, object) -> Mono.just(new AuthorizationDecision(object.getVariables().get("name").equals("rwinch")));
//@formatter:off
return
http
.authorizeExchange()
.pathMatchers("/greeting").authenticated()
.pathMatchers("/hi/{name}").access(auth)
.and()
.csrf()
.disable()
.httpBasic()
.and()
.build();
//@formatter:on
}
Example #6
| Source File: SecurityConfig.java From spring-security-samples with MIT License | 6 votes |
|
@Bean
public SecurityWebFilterChain securityWebFilterChain() {
// the matcher for all paths that need to be secured (require a logged-in user)
final ServerWebExchangeMatcher apiPathMatcher = pathMatchers(API_MATCHER_PATH);
// default chain for all requests
final ServerHttpSecurity http = this.context.getBean(ServerHttpSecurity.class);
return http
.authorizeExchange().matchers(apiPathMatcher).authenticated()
.anyExchange().permitAll()
.and().httpBasic().disable()
.csrf().disable()
.oauth2Client()
.and()
.oauth2Login()
.and()
.build();
}
Example #7
| Source File: SecurityConfig.java From spring-security-samples with MIT License | 6 votes |
|
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http,
ReactiveClientRegistrationRepository clientRegistrationRepository) {
// Authenticate through configured OpenID Provider
http.oauth2Login();
// Also logout at the OpenID Connect provider
http.logout(logout -> logout.logoutSuccessHandler(new OidcClientInitiatedServerLogoutSuccessHandler(
clientRegistrationRepository)));
// Require authentication for all requests
http.authorizeExchange().anyExchange().authenticated();
// Allow showing /home within a frame
http.headers().frameOptions().mode(Mode.SAMEORIGIN);
// Disable CSRF in the gateway to prevent conflicts with proxied service CSRF
http.csrf().disable();
return http.build();
}
Example #8
| Source File: ReservationClientApplication.java From bootiful-reactive-microservices with Apache License 2.0 | 5 votes |
|
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity http) {
http.httpBasic();
http.csrf().disable();
http
.authorizeExchange()
.pathMatchers("/proxy").authenticated()
.anyExchange().permitAll();
return http.build();
}
Example #9
| Source File: TweetClientApplication.java From reactive-spring-online-training with Apache License 2.0 | 5 votes |
|
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity http) {
http.httpBasic();
http.csrf().disable();
http
.authorizeExchange()
.pathMatchers("/proxy").authenticated()
.anyExchange().permitAll();
return http.build();
}
Example #10
| Source File: ReservationClientApplication.java From training with Apache License 2.0 | 5 votes |
|
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity security) {
//@formatter:off
return
security
.csrf().disable()
.httpBasic()
.and()
.authorizeExchange()
.pathMatchers("/proxy").authenticated()
.anyExchange().permitAll()
.and()
.build();
//@formatter:on
}
Example #11
| Source File: DemoApplication.java From spring-reactive-sample with GNU General Public License v3.0 | 5 votes |
|
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
return http
.authorizeExchange()
.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
.pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
.pathMatchers("/posts/**").authenticated()
//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
.anyExchange().permitAll()
.and()
.build();
}
Example #12
| Source File: SecurityConfig.java From pivotal-bank-demo with Apache License 2.0 | 5 votes |
|
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
return http
.csrf().disable()
.authorizeExchange()
.anyExchange().permitAll()
.and()
.build();
}
Example #13
| Source File: ReservationClientApplication.java From bootiful-reactive-microservices with Apache License 2.0 | 5 votes |
|
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity httpSecurity) {
httpSecurity.httpBasic();
httpSecurity.csrf().disable();
httpSecurity
.authorizeExchange()
.pathMatchers("/proxy").authenticated()
.anyExchange().permitAll();
return httpSecurity.build();
}
Example #14
| Source File: ReservationClientApplication.java From bootiful-reactive-microservices with Apache License 2.0 | 5 votes |
|
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity http) {
http.csrf().disable();
http.httpBasic();
http.authorizeExchange()
.pathMatchers("/proxy").authenticated()
.anyExchange().permitAll();
return http.build();
}
Example #15
| Source File: DemoApplication.java From spring-reactive-sample with GNU General Public License v3.0 | 5 votes |
|
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
return http
.authorizeExchange()
.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
.pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
.anyExchange().authenticated()
.and()
.build();
}
Example #16
| Source File: SecurityConfig.java From spring-reactive-sample with GNU General Public License v3.0 | 5 votes |
|
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
return http
.authorizeExchange()
.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
.pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
.anyExchange().authenticated()
.and()
.build();
}
Example #17
| Source File: DemoApplication.java From spring-reactive-sample with GNU General Public License v3.0 | 5 votes |
|
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
return http
.authorizeExchange()
.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
.pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
.anyExchange().authenticated()
.and()
.build();
}
Example #18
| Source File: SecurityConfig.java From spring-reactive-sample with GNU General Public License v3.0 | 5 votes |
|
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
return http
.authorizeExchange()
.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
.pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
.anyExchange().authenticated()
.and()
.build();
}
Example #19
| Source File: ServerSSEApplication.java From tutorials with MIT License | 5 votes |
|
@Bean
public SecurityWebFilterChain sseServerSpringSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange()
.anyExchange()
.permitAll();
return http.build();
}
Example #20
| Source File: ConsumerDebuggingApplication.java From tutorials with MIT License | 5 votes |
|
@Bean
public SecurityWebFilterChain debuggingConsumerSpringSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange()
.anyExchange()
.permitAll();
http.csrf().disable();
return http.build();
}
Example #21
| Source File: OAuth2SecurityConfigUtils.java From syncope with Apache License 2.0 | 5 votes |
|
public static void forLogin(
final ServerHttpSecurity http,
final AMType amType,
final ApplicationContext ctx) {
ReactiveClientRegistrationRepository clientRegistrationRepository =
ctx.getBean(ReactiveClientRegistrationRepository.class);
ReactiveOAuth2AuthorizedClientService authorizedClientService =
new InMemoryReactiveOAuth2AuthorizedClientService(clientRegistrationRepository);
ServerOAuth2AuthorizedClientRepository authorizedClientRepository =
new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);
OAuth2AuthorizationRequestRedirectWebFilter authRequestRedirectFilter =
new OAuth2AuthorizationRequestRedirectWebFilter(clientRegistrationRepository);
AuthenticationWebFilter authenticationFilter =
new OAuth2LoginAuthenticationWebFilter(authenticationManager(amType), authorizedClientRepository);
authenticationFilter.setRequiresAuthenticationMatcher(
new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}"));
authenticationFilter.setServerAuthenticationConverter(
new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(clientRegistrationRepository));
authenticationFilter.setAuthenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler());
authenticationFilter.setAuthenticationFailureHandler((exchange, ex) -> Mono.error(ex));
authenticationFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository());
MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher(MediaType.TEXT_HTML);
htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
ServerAuthenticationEntryPoint entrypoint =
new RedirectServerAuthenticationEntryPoint("/oauth2/authorization/" + amType.name());
http.exceptionHandling().authenticationEntryPoint(new DelegateEntry(htmlMatcher, entrypoint).getEntryPoint());
http.addFilterAt(authRequestRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC);
http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION);
}
Example #22
| Source File: TestSecurityConfiguration.java From Hands-On-Reactive-Programming-in-Spring-5 with MIT License | 5 votes |
|
@Bean
@Primary
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
return http
.authorizeExchange()
.anyExchange().permitAll()
.and()
.formLogin()
.and()
.csrf().disable()
.build();
}
Example #23
| Source File: SecurityConfiguration.java From Hands-On-Reactive-Programming-in-Spring-5 with MIT License | 5 votes |
|
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange()
.anyExchange().permitAll()
.and()
.formLogin();
return http.build();
}
Example #24
| Source File: DemoApplication.java From spring-reactive-sample with GNU General Public License v3.0 | 5 votes |
|
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
return http
.authorizeExchange()
.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
.pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
.anyExchange().authenticated()
.and()
.build();
}
Example #25
| Source File: StaticContentApplication.java From tutorials with MIT License | 5 votes |
|
@Bean
public SecurityWebFilterChain staticContentSpringSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange()
.anyExchange()
.permitAll();
return http.build();
}
Example #26
| Source File: SecurityConfig.java From aws-serverless-java-container with Apache License 2.0 | 5 votes |
|
@Bean
public SecurityWebFilterChain securitygWebFilterChain(
ServerHttpSecurity http) {
return http.authorizeExchange()
.anyExchange().authenticated().and().csrf().disable()
.httpBasic()
.and().build();
}
Example #27
| Source File: SecurityConfig.java From spring-reactive-sample with GNU General Public License v3.0 | 5 votes |
|
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
return http
.csrf().disable()
.authorizeExchange()
.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
.pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
.anyExchange().authenticated()
.and()
.build();
}
Example #28
| Source File: FunctionalValidationsApplication.java From tutorials with MIT License | 5 votes |
|
@Bean
public SecurityWebFilterChain functionalValidationsSpringSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange()
.anyExchange()
.permitAll();
http.csrf().disable();
return http.build();
}
Example #29
| Source File: WebSecurityConfig.java From tutorials with MIT License | 5 votes |
|
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange()
.anyExchange()
.authenticated()
.and()
.oauth2Client()
.and()
.formLogin();
return http.build();
}
Example #30
| Source File: SecurityConfig.java From Hands-On-Microservices-with-Spring-Boot-and-Spring-Cloud with MIT License | 5 votes |
|
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange()
.pathMatchers("/actuator/**").permitAll()
.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
.anyExchange().authenticated()
.and()
.oauth2ResourceServer()
.jwt();
return http.build();
}
