WebFlux Spring Security配置
最小化可运行配置
package com.terwergreen.bugucms.config;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler;
import java.net.URI;
/**
* @Author Terwer
* @Date 2018/6/22 15:55
* @Version 1.0
* @Description 安全授权配置
**/
@EnableWebFluxSecurity
public class SecurityConfig {
private Log logger = LogFactory.getLog(this.getClass());
@Autowired
PasswordEncoder passwordEncoder;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
logger.info("WebFlux Security begin");
return http
.authorizeExchange()
.pathMatchers("/admin/**")
.authenticated()
.pathMatchers("/**")
.permitAll()
.and()
.csrf()
//.csrfTokenRepository(customCsrfTokenRepository)
//.requireCsrfProtectionMatcher(customCsrfMatcher)
.and()
.formLogin()
//.loginPage("/login")
//.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/login?error"))
//.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/admin"))
.and()
.logout()
//.logoutUrl("/logout")
.logoutSuccessHandler(logoutSuccessHandler("/login?logout"))
.and()
.build();
}
public ServerLogoutSuccessHandler logoutSuccessHandler(String uri) {
RedirectServerLogoutSuccessHandler successHandler = new RedirectServerLogoutSuccessHandler();
successHandler.setLogoutSuccessUrl(URI.create(uri));
return successHandler;
}
@Bean
public ReactiveUserDetailsService userDetailsService() {
//内存中缓存权限数据
User.UserBuilder userBuilder = User.builder();
UserDetails admin = userBuilder.username("admin").password(passwordEncoder.encode("123456")).roles("USER", "ADMIN").build();
// 输出加密密码
String encodePassword = passwordEncoder.encode("123456");
logger.info("encodePassword:" + encodePassword);
return new MapReactiveUserDetailsService(admin);
}
}
参考
https://www.sudoinit5.com/post/spring-reactive-auth-forms/
WebFlux Spring Security配置的更多相关文章
- spring boot 之 spring security 配置
Spring Security简介 之前项目都是用shiro,但是时过境迁,spring security变得越来越流行.spring security的前身是Acegi, acegi 我也玩过,那都 ...
- spring security 配置多个AuthenticationProvider
前言 发现很少关于spring security的文章,基本都是入门级的,配个UserServiceDetails或者配个路由控制就完事了,而且很多还是xml配置,国内通病...so,本文里的配置都是 ...
- Spring学习日志之Spring Security配置
依赖引入 <dependency> <groupId>org.springframework.security</groupId> <artifactId&g ...
- Spring Security配置
更加优雅地配置Spring Securiy(使用Java配置和注解):https://www.cnblogs.com/xxzhuang/p/5960001.html 采用注解方式实现security: ...
- Spring Security配置个过滤器也这么卷
以前胖哥带大家用Spring Security过滤器实现了验证码认证,今天我们来改良一下验证码认证的配置方式,更符合Spring Security的设计风格,也更加内卷. CaptchaAuthent ...
- spring mvc 和spring security配置 web.xml设置
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://xmln ...
- 通过 Spring Security配置 解决X-Frame-Options deny 造成的页面空白 iframe调用问题
spring Security下,X-Frame-Options默认为DENY,非Spring Security环境下,X-Frame-Options的默认大多也是DENY,这种情况下,浏览器拒绝当前 ...
- spring mvc 和spring security配置 spring-servlet.xml和spring-security.xml设置
spring-servlet.xml配置 <?xml version="1.0" encoding="UTF-8"?> <beans xmln ...
- 最简单的Spring Security配置示例
代码结构: pom.xml <?xml version="1.0" encoding="UTF-8"?> <project xmlns=&qu ...
随机推荐
- Extended VM Disk In VirtualBox or VMware (虚拟机磁盘扩容)
First, Clean VM all snapshot, and poweroff your VM. vmdk: vmware-vdiskmanager -x 16GB myDisk.vmdk vd ...
- nginx_lua_waf 部署、测试记录
ngx_lua_waf ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙 源码:https://github.com/loveshell/ngx ...
- python卸载或者安装时提示There is a problem with this Windows Installer package.A program required for this install to complete could not be run. Contact your support personnel or package vendor
1.卸载时报这个错,先进行下修复,再执行卸载: 2.安装时报这个错,安装的过程中,没有取得管理员的权限. Msi格式的文件,点右键后,也没有“以管理员身份运行”的菜单项,那怎么办呢?你可以点“开始”菜 ...
- 安装.NET Framework 3.5
https://www.microsoft.com/zh-CN/download/details.aspx?id=22 https://docs.microsoft.com/zh-cn/dotnet/ ...
- [Windows] Windows 8.x 取消触摸板切换界面
在鼠标中选中UltraNav,找到Application Gestures - Edge Swipes,取消Enable Edge Swipes.
- Struts2(五)数据校验
一.概述 在提交表单数据时,如果数据需要保存到数据库,空输入等可能会引发一些异常,为了避免引起用户的输入引起底层异常,通常在进行业务逻辑操作之前,先执行基本的数据校验. 下面通过两种方式来阐述Stru ...
- 【Java知识点专项练习】之 volatile 关键字的功能
volatile是java中的一个类型修饰符.它是被设计用来修饰被不同线程访问和修改的变量.如果不加入volatile,基本上会导致这样的结果:要么无法编写多线程程序,要么编译器 失去大量优化的机会. ...
- linux c++环境
set expandtab set autoindent set smartindent
- 一、K3 Cloud 开发插件《K3 Cloud开发手册》
1.K3 Cloud打开 提示错误:未能加载文件或程序集“XXXXXXXXX”或它的某一个依赖项 原因:未正常关机导致的Temporary ASP.NET Files文件夹下的文件损坏 解决:删除C: ...
- cocos2d-x-lua如何导出自定义类到lua脚本环境
这篇教程是基于你的工程是cocos2d-x-lua的项目,我假设你已经完全驾驭cocos-x/samples/Lua/HelloLua工程,基本明白lua和c++互调的一些原理. 我们的目的是要在 ...