WebFlux Spring Security配置
最小化可运行配置
package com.terwergreen.bugucms.config;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler;
import java.net.URI;
/**
* @Author Terwer
* @Date 2018/6/22 15:55
* @Version 1.0
* @Description 安全授权配置
**/
@EnableWebFluxSecurity
public class SecurityConfig {
private Log logger = LogFactory.getLog(this.getClass());
@Autowired
PasswordEncoder passwordEncoder;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
logger.info("WebFlux Security begin");
return http
.authorizeExchange()
.pathMatchers("/admin/**")
.authenticated()
.pathMatchers("/**")
.permitAll()
.and()
.csrf()
//.csrfTokenRepository(customCsrfTokenRepository)
//.requireCsrfProtectionMatcher(customCsrfMatcher)
.and()
.formLogin()
//.loginPage("/login")
//.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/login?error"))
//.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/admin"))
.and()
.logout()
//.logoutUrl("/logout")
.logoutSuccessHandler(logoutSuccessHandler("/login?logout"))
.and()
.build();
}
public ServerLogoutSuccessHandler logoutSuccessHandler(String uri) {
RedirectServerLogoutSuccessHandler successHandler = new RedirectServerLogoutSuccessHandler();
successHandler.setLogoutSuccessUrl(URI.create(uri));
return successHandler;
}
@Bean
public ReactiveUserDetailsService userDetailsService() {
//内存中缓存权限数据
User.UserBuilder userBuilder = User.builder();
UserDetails admin = userBuilder.username("admin").password(passwordEncoder.encode("123456")).roles("USER", "ADMIN").build();
// 输出加密密码
String encodePassword = passwordEncoder.encode("123456");
logger.info("encodePassword:" + encodePassword);
return new MapReactiveUserDetailsService(admin);
}
}
参考
https://www.sudoinit5.com/post/spring-reactive-auth-forms/
WebFlux Spring Security配置的更多相关文章
- spring boot 之 spring security 配置
Spring Security简介 之前项目都是用shiro,但是时过境迁,spring security变得越来越流行.spring security的前身是Acegi, acegi 我也玩过,那都 ...
- spring security 配置多个AuthenticationProvider
前言 发现很少关于spring security的文章,基本都是入门级的,配个UserServiceDetails或者配个路由控制就完事了,而且很多还是xml配置,国内通病...so,本文里的配置都是 ...
- Spring学习日志之Spring Security配置
依赖引入 <dependency> <groupId>org.springframework.security</groupId> <artifactId&g ...
- Spring Security配置
更加优雅地配置Spring Securiy(使用Java配置和注解):https://www.cnblogs.com/xxzhuang/p/5960001.html 采用注解方式实现security: ...
- Spring Security配置个过滤器也这么卷
以前胖哥带大家用Spring Security过滤器实现了验证码认证,今天我们来改良一下验证码认证的配置方式,更符合Spring Security的设计风格,也更加内卷. CaptchaAuthent ...
- spring mvc 和spring security配置 web.xml设置
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://xmln ...
- 通过 Spring Security配置 解决X-Frame-Options deny 造成的页面空白 iframe调用问题
spring Security下,X-Frame-Options默认为DENY,非Spring Security环境下,X-Frame-Options的默认大多也是DENY,这种情况下,浏览器拒绝当前 ...
- spring mvc 和spring security配置 spring-servlet.xml和spring-security.xml设置
spring-servlet.xml配置 <?xml version="1.0" encoding="UTF-8"?> <beans xmln ...
- 最简单的Spring Security配置示例
代码结构: pom.xml <?xml version="1.0" encoding="UTF-8"?> <project xmlns=&qu ...
随机推荐
- Ubuntu 16.04服务器 软件的安装及配置
SSH的安装及配置 SSH分客户端openssh-client和openssh-server 如果你只是想登陆别的机器的SSH只需要安装openssh-client(ubuntu有默认安装,如果没有则 ...
- 今天被坑了,而且被坑的好爽! 该死的UTF-8 有 BOM 格式编码
调一个项目,最后无法登录了. 排查到最后发现是cookie无法保存会话ID, 工作两年的经验这时候没用上. 开始一以为是PHP.ini的配置错了. 考虑过域名,浏览器问题. 脚本BUG. 最后最后一步 ...
- CentOS7上Mongodb安装、卸载
参考官网https://docs.mongodb.com/manual/tutorial/install-mongodb-on-red-hat/ 一.安装 1.配置yum管理包 1).在路径/etc/ ...
- Matlab练习——寻找完全数
clc; clear; wq = []; : sum = ; k = ; : i / sum = sum + j; end end == i wq=[wq i]; end end disp(['2至1 ...
- 【PHP】使用GD库实现 图像生成、缩放、logo水印和简单验证码
gd库是php最常用的图片处理库之一(另外一个是imagemagick),可以生成图片.验证码.水印.缩略图等等.要使用gd库首先需要开启gd库扩展, windows系统下需要在php.ini中将ex ...
- SQL SERVER 2008 R2安全配置与防暴力破解
https://blog.csdn.net/enweitech/article/details/49864215 0x00 sql server 2008 权限介绍 在访问sql server 200 ...
- 怎样更改SQL Server 2008的身份验证方式
大家都知道sql server 有两种登录验证方式,即sql server验证方式和windows验证方式,但是sql server默认的是windows登录验证方式,我们如何启用sql server ...
- spring整合websocket通信
1. maven依赖 <?xml version="1.0" encoding="UTF-8"?> <project xmlns=" ...
- Mac下门罗币矿工样本分析
背景 今天遇到一个JSONRPC的告警,怀疑挖矿木马,IOC是132.148.245.101,无其他信息,随即google一波. 查询网络 遇到了,主动下载样本分析,下载地址:http://rjj.q ...
- 2-2 vue环境搭建以及vue-cli使用
一.vue多页面应用文件引用 1.官网拷贝: <script src="https://cdn.jsdelivr.net/npm/vue"></script> ...