Menu
In spring-mvc is possible to extends from WebSecurityConfigurerAdapter , override configure(WebSecurity web) and do somethink like this:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(AUTH_WHITE_LIST);
}
The main benefit of this approach is that spring-security even will not try to decode passed token. Is it possible to do pretty much the same but using webflux?
I know that i can do like this:
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeExchange().pathMatchers(AUTH_WHITE_LIST).permitAll()
.anyExchange().authenticated();
return http.build();
}
But this way, as far as i know, spring-security will try to parse provided token first.
728
There are three ways that we can use onErrorResume to handle errors: Compute a dynamic fallback value. Execute an alternative path with a fallback method. Catch, wrap and re-throw an error, e.g., as a custom business exception.
Spring Webflux does not block a thread to handle each request, because no thread is kept waiting for something to be done (e.g. waiting for an answer from a database). As written in 1., it can be blocked while waiting for an answer from a database or from another service that is called via HTTP.
Spring WebFlux is a good fit for highly concurrent applications, applications that need to be able to process a large number of requests with as few resources as possible, for applications that need scalability or for applications that need to stream request data in a live manner.
Spring WebFlux is also supported on a traditional Servlet Container, like Apache Tomcat.
As far as I know, the equivalent of making sure paths (and tokens) are ignored by spring security in webflux is to use the securityMatcher() method on ServerHttpSecurity. I.e. it should be the same as using the WebSecurity#ignoring() method with antMatchers.
@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
return http.securityMatcher(new NegatedServerWebExchangeMatcher(
ServerWebExchangeMatchers.pathMatchers("/ignore/this/path")))
.authorizeExchange()
.anyExchange().authenticated()
.and()
.csrf().disable()
.build();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
