Annotation Interface EnableWebFluxSecurity
@Retention(RUNTIME)
@Target(TYPE)
@Documented
@Import({org.springframework.security.config.annotation.web.reactive.ServerHttpSecurityConfiguration.class,org.springframework.security.config.annotation.web.reactive.WebFluxSecurityConfiguration.class,org.springframework.security.config.annotation.web.reactive.ReactiveOAuth2ClientImportSelector.class,org.springframework.security.config.annotation.web.reactive.ReactiveObservationImportSelector.class})
public @interface EnableWebFluxSecurity
Add this annotation to a
Configuration class to have Spring Security WebFlux
support added. User's can then create one or more ServerHttpSecurity
Bean instances.
A minimal configuration can be found below:
@Configuration
@EnableWebFluxSecurity
public class MyMinimalSecurityConfiguration {
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new MapReactiveUserDetailsService(user);
}
}
Below is the same as our minimal configuration, but explicitly declaring the
ServerHttpSecurity.
@Configuration
@EnableWebFluxSecurity
public class MyExplicitSecurityConfiguration {
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange()
.anyExchange().authenticated()
.and()
.httpBasic().and()
.formLogin();
return http.build();
}
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new MapReactiveUserDetailsService(user);
}
}
- Since:
- 5.0