org.springframework.security.config.web.server.ServerHttpSecurity Java Examples

The following examples show how to use org.springframework.security.config.web.server.ServerHttpSecurity. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SecurityConfig.java    From spring-5-examples with MIT License 6 votes vote down vote up
@Bean SecurityWebFilterChain springSecurityFilterChain(final ServerHttpSecurity http) {

    http
        .authorizeExchange()
          .pathMatchers("/favicon.ico", "/css/**", "/webjars/**")
            .permitAll()
          .anyExchange()
            .authenticated()
            .and()
        .httpBasic()
          .and()
        .formLogin()
          .and()
        .logout()
    ;

    return http.build();
  }
 
Example #2
Source File: ReactiveConfig.java    From errors-spring-boot-starter with Apache License 2.0 6 votes vote down vote up
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http,
                                                     ServerAccessDeniedHandler accessDeniedHandler,
                                                     ServerAuthenticationEntryPoint authenticationEntryPoint) {
    return http
        .csrf()
        .accessDeniedHandler(accessDeniedHandler)
        .and()
        .exceptionHandling()
        .authenticationEntryPoint(authenticationEntryPoint)
        .accessDeniedHandler(accessDeniedHandler)
        .and()
        .authorizeExchange()
        .pathMatchers(GET, "/test/protected").authenticated()
        .pathMatchers(POST, "/test/protected").hasRole("ADMIN")
        .anyExchange().permitAll()
        .and().build();
}
 
Example #3
Source File: SecurityConfig.java    From Hands-On-Microservices-with-Spring-Boot-and-Spring-Cloud with MIT License 6 votes vote down vote up
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
	http
		.csrf().disable()
		.authorizeExchange()
			.pathMatchers("/headerrouting/**").permitAll()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers("/eureka/**").permitAll()
			.pathMatchers("/oauth/**").permitAll()
			.pathMatchers("/config/**").permitAll()
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example #4
Source File: SecurityConfig.java    From Hands-On-Microservices-with-Spring-Boot-and-Spring-Cloud with MIT License 6 votes vote down vote up
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
	http
		.csrf().disable()
		.authorizeExchange()
			.pathMatchers("/headerrouting/**").permitAll()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers("/eureka/**").permitAll()
			.pathMatchers("/oauth/**").permitAll()
			.pathMatchers("/config/**").permitAll()
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example #5
Source File: ReactiveSecurityApplication.java    From training with Apache License 2.0 6 votes vote down vote up
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity http) {
	ReactiveAuthorizationManager<AuthorizationContext> auth =
			(authentication, object) -> Mono.just(new AuthorizationDecision(object.getVariables().get("name").equals("rwinch")));

	//@formatter:off
	return
			http
			.authorizeExchange()
				.pathMatchers("/greeting").authenticated()
				.pathMatchers("/hi/{name}").access(auth)
			.and()
				.csrf()
					.disable()
			.httpBasic()
			.and()
			.build();
	//@formatter:on
}
 
Example #6
Source File: SecurityConfig.java    From spring-security-samples with MIT License 6 votes vote down vote up
@Bean
public SecurityWebFilterChain securityWebFilterChain() {
	// the matcher for all paths that need to be secured (require a logged-in user)
	final ServerWebExchangeMatcher apiPathMatcher = pathMatchers(API_MATCHER_PATH);

	// default chain for all requests
	final ServerHttpSecurity http = this.context.getBean(ServerHttpSecurity.class);

	return http
		.authorizeExchange().matchers(apiPathMatcher).authenticated()
		.anyExchange().permitAll()
		.and().httpBasic().disable()
		.csrf().disable()
		.oauth2Client()
		.and()
		.oauth2Login()
		.and()
		.build();
}
 
Example #7
Source File: SecurityConfig.java    From spring-security-samples with MIT License 6 votes vote down vote up
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http,
		ReactiveClientRegistrationRepository clientRegistrationRepository) {
	// Authenticate through configured OpenID Provider
	http.oauth2Login();
	// Also logout at the OpenID Connect provider
	http.logout(logout -> logout.logoutSuccessHandler(new OidcClientInitiatedServerLogoutSuccessHandler(
			clientRegistrationRepository)));
	// Require authentication for all requests
	http.authorizeExchange().anyExchange().authenticated();
	// Allow showing /home within a frame
	http.headers().frameOptions().mode(Mode.SAMEORIGIN);
	// Disable CSRF in the gateway to prevent conflicts with proxied service CSRF
	http.csrf().disable();
	return http.build();
}
 
Example #8
Source File: ReservationClientApplication.java    From bootiful-reactive-microservices with Apache License 2.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity http) {
	http.httpBasic();
	http.csrf().disable();
	http
		.authorizeExchange()
		.pathMatchers("/proxy").authenticated()
		.anyExchange().permitAll();
	return http.build();
}
 
Example #9
Source File: TweetClientApplication.java    From reactive-spring-online-training with Apache License 2.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity http) {
		http.httpBasic();
		http.csrf().disable();
		http
			.authorizeExchange()
			.pathMatchers("/proxy").authenticated()
			.anyExchange().permitAll();
		return http.build();
}
 
Example #10
Source File: ReservationClientApplication.java    From training with Apache License 2.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity security) {
		//@formatter:off
return
		security
		.csrf().disable()
		.httpBasic()
		.and()
		.authorizeExchange()
			.pathMatchers("/proxy").authenticated()
			.anyExchange().permitAll()
		.and()
		.build();
//@formatter:on
}
 
Example #11
Source File: DemoApplication.java    From spring-reactive-sample with GNU General Public License v3.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http
        .authorizeExchange()
        .pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
        .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
        .pathMatchers("/posts/**").authenticated()
        //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
        .anyExchange().permitAll()
        .and()
        .build();
}
 
Example #12
Source File: SecurityConfig.java    From pivotal-bank-demo with Apache License 2.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http
            .csrf().disable()
            .authorizeExchange()
            .anyExchange().permitAll()
            .and()
            .build();
}
 
Example #13
Source File: ReservationClientApplication.java    From bootiful-reactive-microservices with Apache License 2.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity httpSecurity) {
	httpSecurity.httpBasic();
	httpSecurity.csrf().disable();
	httpSecurity
		.authorizeExchange()
		.pathMatchers("/proxy").authenticated()
		.anyExchange().permitAll();
	return httpSecurity.build();
}
 
Example #14
Source File: ReservationClientApplication.java    From bootiful-reactive-microservices with Apache License 2.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity http) {
	http.csrf().disable();
	http.httpBasic();
	http.authorizeExchange()
		.pathMatchers("/proxy").authenticated()
		.anyExchange().permitAll();
	return http.build();
}
 
Example #15
Source File: DemoApplication.java    From spring-reactive-sample with GNU General Public License v3.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
	return http
		.authorizeExchange()
			.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
               .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
			//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
			.anyExchange().authenticated()
			.and()
		.build();
}
 
Example #16
Source File: SecurityConfig.java    From spring-reactive-sample with GNU General Public License v3.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http
        .authorizeExchange()
        .pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
        .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
        //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
        .anyExchange().authenticated()
        .and()
        .build();
}
 
Example #17
Source File: DemoApplication.java    From spring-reactive-sample with GNU General Public License v3.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http
        .authorizeExchange()
        .pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
        .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
        //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
        .anyExchange().authenticated()
        .and()
        .build();
}
 
Example #18
Source File: SecurityConfig.java    From spring-reactive-sample with GNU General Public License v3.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
	return http
		.authorizeExchange()
			.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
               .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
			//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
			.anyExchange().authenticated()
			.and()
		.build();
}
 
Example #19
Source File: ServerSSEApplication.java    From tutorials with MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain sseServerSpringSecurityFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange()
        .anyExchange()
        .permitAll();
    return http.build();
}
 
Example #20
Source File: ConsumerDebuggingApplication.java    From tutorials with MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain debuggingConsumerSpringSecurityFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange()
        .anyExchange()
        .permitAll();
    http.csrf().disable();
    return http.build();
}
 
Example #21
Source File: OAuth2SecurityConfigUtils.java    From syncope with Apache License 2.0 5 votes vote down vote up
public static void forLogin(
        final ServerHttpSecurity http,
        final AMType amType,
        final ApplicationContext ctx) {

    ReactiveClientRegistrationRepository clientRegistrationRepository =
            ctx.getBean(ReactiveClientRegistrationRepository.class);

    ReactiveOAuth2AuthorizedClientService authorizedClientService =
            new InMemoryReactiveOAuth2AuthorizedClientService(clientRegistrationRepository);
    ServerOAuth2AuthorizedClientRepository authorizedClientRepository =
            new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository(authorizedClientService);

    OAuth2AuthorizationRequestRedirectWebFilter authRequestRedirectFilter =
            new OAuth2AuthorizationRequestRedirectWebFilter(clientRegistrationRepository);

    AuthenticationWebFilter authenticationFilter =
            new OAuth2LoginAuthenticationWebFilter(authenticationManager(amType), authorizedClientRepository);
    authenticationFilter.setRequiresAuthenticationMatcher(
            new PathPatternParserServerWebExchangeMatcher("/login/oauth2/code/{registrationId}"));
    authenticationFilter.setServerAuthenticationConverter(
            new ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(clientRegistrationRepository));
    authenticationFilter.setAuthenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler());
    authenticationFilter.setAuthenticationFailureHandler((exchange, ex) -> Mono.error(ex));
    authenticationFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository());

    MediaTypeServerWebExchangeMatcher htmlMatcher = new MediaTypeServerWebExchangeMatcher(MediaType.TEXT_HTML);
    htmlMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
    ServerAuthenticationEntryPoint entrypoint =
            new RedirectServerAuthenticationEntryPoint("/oauth2/authorization/" + amType.name());
    http.exceptionHandling().authenticationEntryPoint(new DelegateEntry(htmlMatcher, entrypoint).getEntryPoint());

    http.addFilterAt(authRequestRedirectFilter, SecurityWebFiltersOrder.HTTP_BASIC);
    http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION);
}
 
Example #22
Source File: TestSecurityConfiguration.java    From Hands-On-Reactive-Programming-in-Spring-5 with MIT License 5 votes vote down vote up
@Bean
@Primary
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	return http
				.authorizeExchange()
				.anyExchange().permitAll()
	            .and()
	            .formLogin()
				.and()
				.csrf().disable()
				.build();
}
 
Example #23
Source File: SecurityConfiguration.java    From Hands-On-Reactive-Programming-in-Spring-5 with MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
			.authorizeExchange()
			.anyExchange().permitAll()
			.and()
			.formLogin();
	return http.build();
}
 
Example #24
Source File: DemoApplication.java    From spring-reactive-sample with GNU General Public License v3.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http
        .authorizeExchange()
        .pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
        .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
        //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
        .anyExchange().authenticated()
        .and()
        .build();
}
 
Example #25
Source File: StaticContentApplication.java    From tutorials with MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain staticContentSpringSecurityFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange()
            .anyExchange()
            .permitAll();
    return http.build();
}
 
Example #26
Source File: SecurityConfig.java    From aws-serverless-java-container with Apache License 2.0 5 votes vote down vote up
@Bean
public SecurityWebFilterChain securitygWebFilterChain(
        ServerHttpSecurity http) {
    return http.authorizeExchange()
            .anyExchange().authenticated().and().csrf().disable()
            .httpBasic()
            .and().build();
}
 
Example #27
Source File: SecurityConfig.java    From spring-reactive-sample with GNU General Public License v3.0 5 votes vote down vote up
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http
            .csrf().disable()
            .authorizeExchange()
            .pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
            .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
            //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
            .anyExchange().authenticated()
            .and()
            .build();
}
 
Example #28
Source File: FunctionalValidationsApplication.java    From tutorials with MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain functionalValidationsSpringSecurityFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange()
        .anyExchange()
        .permitAll();
    http.csrf().disable();
    return http.build();
}
 
Example #29
Source File: WebSecurityConfig.java    From tutorials with MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange()
        .anyExchange()
        .authenticated()
        .and()
        .oauth2Client()
        .and()
        .formLogin();
    return http.build();
}
 
Example #30
Source File: SecurityConfig.java    From Hands-On-Microservices-with-Spring-Boot-and-Spring-Cloud with MIT License 5 votes vote down vote up
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}