Annotation Interface EnableWebFluxSecurity
@Retention(RUNTIME)
@Target(TYPE)
@Documented
@Import({org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfiguration.class,org.springframework.security.config.annotation.web.reactive.WebFluxSecurityConfiguration.class,org.springframework.security.config.annotation.web.reactive.ReactiveOAuth2ClientImportSelector.class,org.springframework.security.config.annotation.web.reactive.ReactiveObservationImportSelector.class})
public @interface EnableWebFluxSecurity
Add this annotation to a
Configuration
class to have Spring Security WebFlux
support added. User's can then create one or more ServerHttpSecurity
Bean
instances.
A minimal configuration can be found below:
@Configuration @EnableWebFluxSecurity public class MyMinimalSecurityConfiguration { @Bean public MapReactiveUserDetailsService userDetailsService() { UserDetails user = User.withDefaultPasswordEncoder() .username("user") .password("password") .roles("USER") .build(); return new MapReactiveUserDetailsService(user); } }Below is the same as our minimal configuration, but explicitly declaring the
ServerHttpSecurity
.
@Configuration @EnableWebFluxSecurity public class MyExplicitSecurityConfiguration { @Bean public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http .authorizeExchange() .anyExchange().authenticated() .and() .httpBasic().and() .formLogin(); return http.build(); } @Bean public MapReactiveUserDetailsService userDetailsService() { UserDetails user = User.withDefaultPasswordEncoder() .username("user") .password("password") .roles("USER") .build(); return new MapReactiveUserDetailsService(user); } }
- Since:
- 5.0