Spring Security configuration

In the Spring Security configuration, we tweak the springSecurityFilterChain bean, as shown in the following code snippet:

@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http){
    AuthenticationWebFilter authenticationJWT = new AuthenticationWebFilter(new     
    UserDetailsRepositoryReactiveAuthenticationManager(userDetailsRepository()));
    authenticationJWT.setAuthenticationSuccessHandler(new         
                                                    JWTAuthSuccessHandler());
    http.csrf().disable();
    http
      .authorizeExchange()
      .pathMatchers(WHITELISTED_AUTH_URLS)
      .permitAll()
      .and()
      .addFilterAt(authenticationJWT, SecurityWebFiltersOrder.FIRST)
      .authorizeExchange()
      .pathMatchers(HttpMethod.GET, "/api/movie/**").hasRole("USER")
      .pathMatchers(HttpMethod.POST, "/api/movie/**").hasRole("ADMIN")
      .anyExchange().authenticated()
      .and()
      .addFilterAt(new JWTAuthWebFilter(), SecurityWebFiltersOrder.HTTP_BASIC);
    return http.build();
}

As you can see, we have a new AuthenticationWebFilter and a AuthenticationSuccessHandler configured. We also have a new JWTAuthWebFilter class for handling the JWT-based authentication configured.

We will be using ReactiveUserDetailsService with hardcoded user credentials for testing, as shown in the following code snippet:

@Bean
public MapReactiveUserDetailsService userDetailsRepository() {
    UserDetails user = User.withUsername("user").password("    
        {noop}password").roles("USER").build();
    UserDetails admin = User.withUsername("admin").password("
        {noop}password").roles("USER","ADMIN").build();
    return new MapReactiveUserDetailsService(user, admin);
}

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.222.25.112