Annotation Interface EnableWebFluxSecurity


@Retention(RUNTIME) @Target(TYPE) @Documented @Import({org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfiguration.class,org.springframework.security.config.annotation.web.reactive.WebFluxSecurityConfiguration.class,org.springframework.security.config.annotation.web.reactive.ReactiveOAuth2ClientImportSelector.class,org.springframework.security.config.annotation.web.reactive.ReactiveObservationImportSelector.class}) public @interface EnableWebFluxSecurity
Add this annotation to a Configuration class to have Spring Security WebFlux support added. User's can then create one or more ServerHttpSecurity Bean instances. A minimal configuration can be found below:
 @Configuration
 @EnableWebFluxSecurity
 public class MyMinimalSecurityConfiguration {

     @Bean
     public MapReactiveUserDetailsService userDetailsService() {
          UserDetails user = User.withDefaultPasswordEncoder()
               .username("user")
               .password("password")
               .roles("USER")
               .build();
          return new MapReactiveUserDetailsService(user);
     }
 }
 
Below is the same as our minimal configuration, but explicitly declaring the ServerHttpSecurity.
 @Configuration
 @EnableWebFluxSecurity
 public class MyExplicitSecurityConfiguration {
     @Bean
     public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
          http
               .authorizeExchange()
                    .anyExchange().authenticated()
                         .and()
                    .httpBasic().and()
                    .formLogin();
          return http.build();
     }

     @Bean
     public MapReactiveUserDetailsService userDetailsService() {
          UserDetails user = User.withDefaultPasswordEncoder()
               .username("user")
               .password("password")
               .roles("USER")
               .build();
          return new MapReactiveUserDetailsService(user);
     }
 }
 
Since:
5.0