Add this annotation to a
Configuration
class to have Spring Security WebFlux
support added. User's can then create one or more
ServerHttpSecurity
Bean
instances.
A minimal configuration can be found below:
@EnableWebFluxSecurity
public class MyMinimalSecurityConfiguration {
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new MapReactiveUserDetailsService(user);
}
}
Below is the same as our minimal configuration, but explicitly declaring the
ServerHttpSecurity
.
@EnableWebFluxSecurity
public class MyExplicitSecurityConfiguration {
// @formatter:off
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange()
.anyExchange().authenticated()
.and()
.httpBasic().and()
.formLogin();
return http.build();
}
// @formatter:on
// @formatter:off
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new MapReactiveUserDetailsService(user);
}
// @formatter:on
}