This is the bean where we actually specify the Spring Security configuration:

@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) 
    throws Exception {
    return http
      .authorizeExchange()
      .pathMatchers(HttpMethod.GET, "/api/movie/**").hasRole("USER")
      .pathMatchers(HttpMethod.POST, "/api/movie/**").hasRole("ADMIN")
      .anyExchange().authenticated()
      .and().formLogin()
      .and().build();
}

Similar to what we saw earlier, in the Spring MVC application earlier, we match URL patterns and specify the role that is needed to access it. We are configuring the login method as a form in which the user will be shown the default login form by Spring Security.