Menu
The idea is to replicate http://blog.netgloo.com/2014/09/28/spring-boot-enable-the-csrf-check-selectively-only-for-some-requests/ in webflux.
This is where I got so far:
@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class SecurityConfig {
@Bean
SecurityWebFilterChain springSecurityFilterChain(final ServerHttpSecurity http) {
http
.csrf().requireCsrfProtectionMatcher(
new ServerWebExchangeMatcher() {
@Override
public Mono<MatchResult> matches(ServerWebExchange serverWebExchange) {
// here check if the url should have csrf or not and then return MatchResult.match() or notMatch(), however I find that if I return match then I get 'Invalid CSRF Token' error.
// return MatchResult.match();
// return MatchResult.notMatch();
}
}
).and()
.anyExchange().authenticated()
.and()
.httpBasic()
.and()
.formLogin().loginPage("/login")
.and().logout()
return http.build();
}
}
868
This should do it
@Bean
SecurityWebFilterChain springSecurityFilterChain(final ServerHttpSecurity http) {
http
.csrf().requireCsrfProtectionMatcher(
new ServerWebExchangeMatcher() {
@Override
public Mono<MatchResult> matches(ServerWebExchange serverWebExchange) {
ServerWebExchangeMatchers.pathMatchers("/urls-with-csrf-check/**").matches(serverWebExchange)
}
}
).and()
.anyExchange().authenticated()
.and()
.httpBasic()
.and()
.formLogin().loginPage("/login")
.and().logout()
return http.build();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
