spring-security-config/org.springframework.security.config.web.server/ServerHttpSecurityDsl

ServerHttpSecurityDsl

class ServerHttpSecurityDsl(http: ServerHttpSecurity, init: ServerHttpSecurityDsl.() -> Unit)

A ServerHttpSecurity Kotlin DSL created by http { } in order to configure ServerHttpSecurity using idiomatic Kotlin code.

Author

Eleftheria Stein

Since

5.4

Parameters

init

the configurations to apply to the provided ServerHttpSecurity

Constructors

Link copied to clipboard
constructor(http: ServerHttpSecurity, init: ServerHttpSecurityDsl.() -> Unit)

Properties

Link copied to clipboard
var authenticationManager: ReactiveAuthenticationManager?

the default ReactiveAuthenticationManager to use

Link copied to clipboard
var securityContextRepository: ServerSecurityContextRepository?

Functions

Link copied to clipboard
fun addFilterAfter(webFilter: WebFilter, order: SecurityWebFiltersOrder)

Adds a WebFilter after specific position.

Link copied to clipboard
fun addFilterAt(webFilter: WebFilter, order: SecurityWebFiltersOrder)

Adds a WebFilter at a specific position.

Link copied to clipboard
fun addFilterBefore(webFilter: WebFilter, order: SecurityWebFiltersOrder)

Adds a WebFilter before specific position.

Link copied to clipboard
fun anonymous(anonymousConfiguration: ServerAnonymousDsl.() -> Unit)

Enables and configures anonymous authentication.

Link copied to clipboard
fun authorizeExchange(authorizeExchangeConfiguration: AuthorizeExchangeDsl.() -> Unit)

Allows restricting access based upon the ServerWebExchange

Link copied to clipboard
fun cors(corsConfiguration: ServerCorsDsl.() -> Unit)

Allows configuring CORS.

Link copied to clipboard
fun csrf(csrfConfiguration: ServerCsrfDsl.() -> Unit)

Enables CSRF protection.

Link copied to clipboard
fun exceptionHandling(exceptionHandlingConfiguration: ServerExceptionHandlingDsl.() -> Unit)

Allows configuring exception handling.

Link copied to clipboard
fun formLogin(formLoginConfiguration: ServerFormLoginDsl.() -> Unit)

Enables form based authentication.

Link copied to clipboard
fun headers(headersConfiguration: ServerHeadersDsl.() -> Unit)

Allows configuring response headers.

Link copied to clipboard
fun httpBasic(httpBasicConfiguration: ServerHttpBasicDsl.() -> Unit)

Enables HTTP basic authentication.

Link copied to clipboard
fun logout(logoutConfiguration: ServerLogoutDsl.() -> Unit)

Provides logout support.

Link copied to clipboard
fun oauth2Client(oauth2ClientConfiguration: ServerOAuth2ClientDsl.() -> Unit)

Configures OAuth2 client support.

Link copied to clipboard
fun oauth2Login(oauth2LoginConfiguration: ServerOAuth2LoginDsl.() -> Unit)

Configures authentication support using an OAuth 2.0 and/or OpenID Connect 1.0 Provider. A ReactiveClientRegistrationRepository is required and must be registered as a Bean or configured via ServerOAuth2LoginDsl.clientRegistrationRepository.

Link copied to clipboard
fun oauth2ResourceServer(oauth2ResourceServerConfiguration: ServerOAuth2ResourceServerDsl.() -> Unit)

Configures OAuth2 resource server support.

Link copied to clipboard
fun oidcLogout(oidcLogoutConfiguration: ServerOidcLogoutDsl.() -> Unit)

Configures logout support using an OpenID Connect 1.0 Provider. A ReactiveClientRegistrationRepository is required and must be registered as a Bean or configured via ServerOidcLogoutDsl.clientRegistrationRepository.

Link copied to clipboard
fun oneTimeTokenLogin(oneTimeTokenLoginConfiguration: ServerOneTimeTokenLoginDsl.() -> Unit)

Configures One-Time Token Login support.

Link copied to clipboard
fun passwordManagement(passwordManagementConfiguration: ServerPasswordManagementDsl.() -> Unit)

Enables password management.

Link copied to clipboard
fun redirectToHttps(httpsRedirectConfiguration: ServerHttpsRedirectDsl.() -> Unit)

Allows configuring HTTPS redirection rules.

Link copied to clipboard
fun requestCache(requestCacheConfiguration: ServerRequestCacheDsl.() -> Unit)

Allows configuring request cache which is used when a flow is interrupted (i.e. due to requesting credentials) so that the request can be replayed after authentication.

Link copied to clipboard
fun securityMatcher(securityMatcher: ServerWebExchangeMatcher)

Allows configuring the ServerHttpSecurity to only be invoked when matching the provided ServerWebExchangeMatcher.

Link copied to clipboard
fun sessionManagement(sessionManagementConfig: ServerSessionManagementDsl.() -> Unit)

Configures Session Management support.

Link copied to clipboard
fun x509(x509Configuration: ServerX509Dsl.() -> Unit)

Adds X509 based pre authentication to an application using a certificate provided by a client.

Generated by Dokka
© 2026 Copyright