Menu
I'm currently using Springs' WebFlux and I wanted to implement Spring Security. I am struggling to make any of my WebSecurityConfigurerAdapter http rules work and I am thinking it is because HttpSecurity changes have no effect. I'll explain what I mean:
I have chosen to implement WebSecurityConfigurerAdapter which has the method signature.
protected void configure(HttpSecurity http) throws Exception
This has been correctly configured but all of my endpoints receive 401 unauthorized (which is typical of a Configuration not being picked up and a default configuration being used instead). Instead, when I look at the implementations for WebFluxSecurity they usually implement a Bean with the following signature:
public SecurityWebFilterChain securitygWebFilterChain(
ServerHttpSecurity http)
I know a lot of the WebFlux architecture implements a different set of Requests and Response objects to typical Spring so I am wondering whether I have to implement the WebFlux security way of doing things or if the more standard WebSecurityConfigurerAdapter way of implementing security should still work
Cheers
622
0-M2 we deprecated the WebSecurityConfigurerAdapter , as we encourage users to move towards a component-based security configuration. To assist with the transition to this new style of configuration, we have compiled a list of common use-cases and the suggested alternatives going forward.
both infrastructure will compete for the same job (for example, serving static resources, the mappings, etc) mixing both runtime models within the same container is not a good idea and is likely to perform badly or just not work at all.
configure. Deprecated. Used by the default implementation of authenticationManager() to attempt to obtain an AuthenticationManager . If overridden, the AuthenticationManagerBuilder should be used to specify the AuthenticationManager .
If you are looking to develop a web application or Rest web service on non-blocking reactive model, then you can look into Spring WebFlux. Spring WebFlux is supported on Tomcat, Jetty, Servlet 3.1+ containers, as well as on non-Servlet runtimes such as Netty and Undertow.
WebFluxSecurity use ServerHttpSecurity that use WebFilter to filter request.
WebSecurity use HttpSecurity that javax.servlet.Filter to filter request.
it's different class and different implementation, overwrite:
protected void configure(HttpSecurity http) throws Exception
won't work
96
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
