org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher Java Examples

The following examples show how to use org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityConfig.java    From spring-security-samples with MIT License 6 votes vote down vote up
@Bean
public SecurityWebFilterChain securityWebFilterChain() {
	// the matcher for all paths that need to be secured (require a logged-in user)
	final ServerWebExchangeMatcher apiPathMatcher = pathMatchers(API_MATCHER_PATH);

	// default chain for all requests
	final ServerHttpSecurity http = this.context.getBean(ServerHttpSecurity.class);

	return http
		.authorizeExchange().matchers(apiPathMatcher).authenticated()
		.anyExchange().permitAll()
		.and().httpBasic().disable()
		.csrf().disable()
		.oauth2Client()
		.and()
		.oauth2Login()
		.and()
		.build();
}
 
Example #2
Source File: ServerWebExchangeMetadataSource.java    From spring-security-reactive with Apache License 2.0 5 votes vote down vote up
public Flux<ConfigAttribute> getConfigAttributes(ServerWebExchange exchange) {
	for(Map.Entry<ServerWebExchangeMatcher,SecurityConfig> entry : mappings.entrySet()) {
		if(entry.getKey().matches(exchange).isMatch()) {
			return Flux.just(entry.getValue());
		}
	}
	return Flux.empty();
}
 
Example #3
Source File: CachingHttpHeadersFilter.java    From jhipster with Apache License 2.0 5 votes vote down vote up
/** {@inheritDoc} */
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
    return ServerWebExchangeMatchers.pathMatchers("/i18n/**", "/content/**", "/app/**")
        .matches(exchange)
        .filter(ServerWebExchangeMatcher.MatchResult::isMatch)
        .doOnNext(matchResult -> {
            ServerHttpResponse response = exchange.getResponse();
            response.getHeaders().setCacheControl("max-age=" + cacheTimeToLive + ", public");
            response.getHeaders().setPragma("cache");
            response.getHeaders().setExpires(cacheTimeToLive + System.currentTimeMillis());

        })
        .then(Mono.defer(() -> chain.filter(exchange)));
}
 
Example #4
Source File: SecurityConfig.java    From syncope with Apache License 2.0 5 votes vote down vote up
@Bean
@Order(0)
public SecurityWebFilterChain actuatorSecurityFilterChain(final ServerHttpSecurity http) {
    ServerWebExchangeMatcher actuatorMatcher = EndpointRequest.toAnyEndpoint();
    return http.securityMatcher(actuatorMatcher).
            authorizeExchange().anyExchange().authenticated().
            and().httpBasic().
            and().csrf().requireCsrfProtectionMatcher(new NegatedServerWebExchangeMatcher(actuatorMatcher)).
            and().build();
}
 
Example #5
Source File: ServerWebExchangeMetadataSource.java    From spring-security-reactive with Apache License 2.0 4 votes vote down vote up
private ServerWebExchangeMetadataSource(LinkedHashMap<ServerWebExchangeMatcher, SecurityConfig> mappings) {
	this.mappings = mappings;
}
 
Example #6
Source File: ServerWebExchangeMetadataSource.java    From spring-security-reactive with Apache License 2.0 4 votes vote down vote up
public Builder add(ServerWebExchangeMatcher matcher, SecurityConfig config) {
	this.mappings.put(matcher, config);
	return this;
}
 
Example #7
Source File: AuthorizeRequestBuilder.java    From spring-security-reactive with Apache License 2.0 4 votes vote down vote up
@Override
protected Access registerMatcher(ServerWebExchangeMatcher matcher) {
	this.matcher = matcher;
	return new Access();
}
 
Example #8
Source File: AbstractServerWebExchangeMatcherRegistry.java    From spring-security-reactive with Apache License 2.0 2 votes vote down vote up
/**
 * Subclasses should implement this method for returning the object that is chained to
 * the creation of the {@link ServerWebExchangeMatcher} instances.
 *
 * @param matcher the {@link ServerWebExchangeMatcher} instances that were created
 * @return the chained Object for the subclass which allows association of something
 * else to the {@link ServerWebExchangeMatcher}
 */
protected abstract T registerMatcher(ServerWebExchangeMatcher matcher);