Java Code Examples for org.springframework.security.config.web.server.ServerHttpSecurity

The following examples show how to use org.springframework.security.config.web.server.ServerHttpSecurity. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: spring-security-samples   Source File: SecurityConfig.java    License: MIT License 6 votes vote down vote up
@Bean
public SecurityWebFilterChain securityWebFilterChain() {
	// the matcher for all paths that need to be secured (require a logged-in user)
	final ServerWebExchangeMatcher apiPathMatcher = pathMatchers(API_MATCHER_PATH);

	// default chain for all requests
	final ServerHttpSecurity http = this.context.getBean(ServerHttpSecurity.class);

	return http
		.authorizeExchange().matchers(apiPathMatcher).authenticated()
		.anyExchange().permitAll()
		.and().httpBasic().disable()
		.csrf().disable()
		.oauth2Client()
		.and()
		.oauth2Login()
		.and()
		.build();
}
 
Example 2
Source Project: spring-security-samples   Source File: SecurityConfig.java    License: MIT License 6 votes vote down vote up
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http,
		ReactiveClientRegistrationRepository clientRegistrationRepository) {
	// Authenticate through configured OpenID Provider
	http.oauth2Login();
	// Also logout at the OpenID Connect provider
	http.logout(logout -> logout.logoutSuccessHandler(new OidcClientInitiatedServerLogoutSuccessHandler(
			clientRegistrationRepository)));
	// Require authentication for all requests
	http.authorizeExchange().anyExchange().authenticated();
	// Allow showing /home within a frame
	http.headers().frameOptions().mode(Mode.SAMEORIGIN);
	// Disable CSRF in the gateway to prevent conflicts with proxied service CSRF
	http.csrf().disable();
	return http.build();
}
 
Example 3
Source Project: spring-5-examples   Source File: SecurityConfig.java    License: MIT License 6 votes vote down vote up
@Bean SecurityWebFilterChain springSecurityFilterChain(final ServerHttpSecurity http) {

    http
        .authorizeExchange()
          .pathMatchers("/favicon.ico", "/css/**", "/webjars/**")
            .permitAll()
          .anyExchange()
            .authenticated()
            .and()
        .httpBasic()
          .and()
        .formLogin()
          .and()
        .logout()
    ;

    return http.build();
  }
 
Example 4
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
	http
		.csrf().disable()
		.authorizeExchange()
			.pathMatchers("/headerrouting/**").permitAll()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers("/eureka/**").permitAll()
			.pathMatchers("/oauth/**").permitAll()
			.pathMatchers("/config/**").permitAll()
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 5
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
	http
		.csrf().disable()
		.authorizeExchange()
			.pathMatchers("/headerrouting/**").permitAll()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers("/eureka/**").permitAll()
			.pathMatchers("/oauth/**").permitAll()
			.pathMatchers("/config/**").permitAll()
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 6
Source Project: errors-spring-boot-starter   Source File: ReactiveConfig.java    License: Apache License 2.0 6 votes vote down vote up
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http,
                                                     ServerAccessDeniedHandler accessDeniedHandler,
                                                     ServerAuthenticationEntryPoint authenticationEntryPoint) {
    return http
        .csrf()
        .accessDeniedHandler(accessDeniedHandler)
        .and()
        .exceptionHandling()
        .authenticationEntryPoint(authenticationEntryPoint)
        .accessDeniedHandler(accessDeniedHandler)
        .and()
        .authorizeExchange()
        .pathMatchers(GET, "/test/protected").authenticated()
        .pathMatchers(POST, "/test/protected").hasRole("ADMIN")
        .anyExchange().permitAll()
        .and().build();
}
 
Example 7
Source Project: training   Source File: ReactiveSecurityApplication.java    License: Apache License 2.0 6 votes vote down vote up
@Bean
SecurityWebFilterChain authorization(ServerHttpSecurity http) {
	ReactiveAuthorizationManager<AuthorizationContext> auth =
			(authentication, object) -> Mono.just(new AuthorizationDecision(object.getVariables().get("name").equals("rwinch")));

	//@formatter:off
	return
			http
			.authorizeExchange()
				.pathMatchers("/greeting").authenticated()
				.pathMatchers("/hi/{name}").access(auth)
			.and()
				.csrf()
					.disable()
			.httpBasic()
			.and()
			.build();
	//@formatter:on
}
 
Example 8
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    //认证处理器
    ReactiveAuthenticationManager customAuthenticationManager = new CustomAuthenticationManager(tokenStore);
    JsonAuthenticationEntryPoint entryPoint = new JsonAuthenticationEntryPoint();
    //token转换器
    ServerBearerTokenAuthenticationConverter tokenAuthenticationConverter = new ServerBearerTokenAuthenticationConverter();
    tokenAuthenticationConverter.setAllowUriQueryParameter(true);
    //oauth2认证过滤器
    AuthenticationWebFilter oauth2Filter = new AuthenticationWebFilter(customAuthenticationManager);
    oauth2Filter.setServerAuthenticationConverter(tokenAuthenticationConverter);
    oauth2Filter.setAuthenticationFailureHandler(new ServerAuthenticationEntryPointFailureHandler(entryPoint));
    oauth2Filter.setAuthenticationSuccessHandler(new Oauth2AuthSuccessHandler());
    http.addFilterAt(oauth2Filter, SecurityWebFiltersOrder.AUTHENTICATION);

    ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchange = http.authorizeExchange();
    if (securityProperties.getAuth().getHttpUrls().length > 0) {
        authorizeExchange.pathMatchers(securityProperties.getAuth().getHttpUrls()).authenticated();
    }
    if (securityProperties.getIgnore().getUrls().length > 0) {
        authorizeExchange.pathMatchers(securityProperties.getIgnore().getUrls()).permitAll();
    }
    authorizeExchange
            .pathMatchers(HttpMethod.OPTIONS).permitAll()
            .anyExchange()
                .access(permissionAuthManager)
            .and()
                .exceptionHandling()
                    .accessDeniedHandler(new JsonAccessDeniedHandler())
                    .authenticationEntryPoint(entryPoint)
            .and()
                .headers()
                    .frameOptions()
                    .disable()
            .and()
                .httpBasic().disable()
                .csrf().disable();
    return http.build();
}
 
Example 9
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
	return http
			.csrf().disable()
			.httpBasic()
			.and().authorizeExchange()
			.pathMatchers("/bookstores/**").authenticated()
			.pathMatchers("/v2/**").hasAuthority(SecurityAuthorities.ADMIN)
			.matchers(EndpointRequest.to("info", "health")).permitAll()
			.matchers(EndpointRequest.toAnyEndpoint()).hasAuthority(SecurityAuthorities.ADMIN)
			.and().build();
}
 
Example 10
Source Project: spring-microservice-exam   Source File: SecurityConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	String[] ignores = new String[filterIgnorePropertiesConfig.getUrls().size()];
	http
			.csrf().disable()
			.authorizeExchange()
			.pathMatchers(filterIgnorePropertiesConfig.getUrls().toArray(ignores)).permitAll()
			.anyExchange().authenticated();
	http.oauth2ResourceServer().jwt();
	return http.build();
}
 
Example 11
Source Project: tutorials   Source File: SecurityConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
    return http.authorizeExchange()
        .pathMatchers("/", "/admin")
        .hasAuthority("ROLE_ADMIN")
        .matchers(EndpointRequest.to(FeaturesEndpoint.class))
        .permitAll()
        .anyExchange()
        .permitAll()
        .and()
        .formLogin()
        .and()
        .csrf()
        .disable()
        .build();
}
 
Example 12
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    // @formatter:off
    http
        .authorizeExchange()
            .anyExchange().authenticated()
            .and()
        .oauth2ResourceServer()
            .jwt();

    Okta.configureResourceServer401ResponseBody(http);

    return http.build();
    // @formatter:on
}
 
Example 13
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    // @formatter:off
    http
        .authorizeExchange()
            .anyExchange().authenticated()
            .and()
        .oauth2Login()
            .and()
        .oauth2ResourceServer()
            .jwt();
    return http.build();
    // @formatter:on
}
 
Example 14
Source Project: vertx-spring-boot   Source File: TestBase.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    return http
        .csrf().disable()
        .authorizeExchange().anyExchange().permitAll()
        .and()
        .build();
}
 
Example 15
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http
        .authorizeExchange()
        .pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
        .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
        //.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
        .anyExchange().authenticated()
        .and()
        .build();
}
 
Example 16
Source Project: tutorials   Source File: ConsumerSSEApplication.java    License: MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain sseConsumerSpringSecurityFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange()
        .anyExchange()
        .permitAll();
    return http.build();
}
 
Example 17
Source Project: tutorials   Source File: WebSecurityConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain securitygWebFilterChain(
  ServerHttpSecurity http) {
    return  http
 
        .authorizeExchange()
            .matchers(EndpointRequest.to(
                   FeaturesEndpoint.class
            )).permitAll().anyExchange().permitAll().and().csrf().disable().build();
}
 
Example 18
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 19
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 20
Source Project: syncope   Source File: SecurityConfig.java    License: Apache License 2.0 5 votes vote down vote up
@Bean
@Order(0)
public SecurityWebFilterChain actuatorSecurityFilterChain(final ServerHttpSecurity http) {
    ServerWebExchangeMatcher actuatorMatcher = EndpointRequest.toAnyEndpoint();
    return http.securityMatcher(actuatorMatcher).
            authorizeExchange().anyExchange().authenticated().
            and().httpBasic().
            and().csrf().requireCsrfProtectionMatcher(new NegatedServerWebExchangeMatcher(actuatorMatcher)).
            and().build();
}
 
Example 21
Source Project: tutorials   Source File: WebClientApplication.java    License: MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain functionalValidationsSpringSecurityFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange()
        .anyExchange()
        .permitAll();
    http.csrf().disable();
    return http.build();
}
 
Example 22
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 23
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 24
@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
	return http
		.authorizeExchange()
			.pathMatchers(HttpMethod.GET, "/posts/**").permitAll()
               .pathMatchers(HttpMethod.DELETE, "/posts/**").hasRole("ADMIN")
			//.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
			.anyExchange().authenticated()
			.and()
		.build();
}
 
Example 25
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 26
@Bean
@Profile("secure")
public SecurityWebFilterChain securityWebFilterChainSecure(ServerHttpSecurity http) {
	return http
			.authorizeExchange((authorizeExchange) -> authorizeExchange
					.pathMatchers(this.adminServer.path("/assets/**")).permitAll()
					.pathMatchers(this.adminServer.path("/login")).permitAll().anyExchange().authenticated())
			.formLogin((formLogin) -> formLogin.loginPage(this.adminServer.path("/login")))
			.logout((logout) -> logout.logoutUrl(this.adminServer.path("/logout")))
			.httpBasic(Customizer.withDefaults()).csrf(ServerHttpSecurity.CsrfSpec::disable).build();
}
 
Example 27
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 28
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
	http
		.csrf().disable()
		.authorizeExchange()
			.pathMatchers("/headerrouting/**").permitAll()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers("/oauth/**").permitAll()
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 29
@Bean
   SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
	http
		.authorizeExchange()
			.pathMatchers("/actuator/**").permitAll()
			.pathMatchers(POST, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(DELETE, "/product-composite/**").hasAuthority("SCOPE_product:write")
			.pathMatchers(GET, "/product-composite/**").hasAuthority("SCOPE_product:read")
			.anyExchange().authenticated()
			.and()
		.oauth2ResourceServer()
			.jwt();
	return http.build();
}
 
Example 30
Source Project: tutorials   Source File: WebSecurityConfig.java    License: MIT License 5 votes vote down vote up
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange()
        .anyExchange()
        .authenticated()
        .and()
        .oauth2Client()
        .and()
        .formLogin();
    return http.build();
}