/
SecurityHttpConfig.java
48 lines (42 loc) · 2.36 KB
/
SecurityHttpConfig.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package com.github.hth.configuredlogin.security.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
import static org.springframework.security.authorization.AuthorityReactiveAuthorizationManager.hasRole;
@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class SecurityHttpConfig {
@Bean
public SecurityWebFilterChain webHttpSecurity(ServerHttpSecurity http) {
http
.csrf(ServerHttpSecurity.CsrfSpec::disable)
.cors(ServerHttpSecurity.CorsSpec::disable)
.authorizeExchange((authorize) -> authorize
.pathMatchers("/resources/**", "/signup", "/about").permitAll()
.pathMatchers("/home/**").hasRole("USER")
.pathMatchers("/admin/**").hasRole("ADMIN")
.pathMatchers("/db/**").access((authentication, context) ->
hasRole("ADMIN")
.check(authentication, context)
.filter(decision -> !decision.isGranted())
.switchIfEmpty(hasRole("DBA").check(authentication, context))
)
.anyExchange().denyAll())
.formLogin(formLogin -> formLogin
// Customize as per your needs.
.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/home/landing")));
return http.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}