Supwisdom Source - institute/sw-backend.git/blob

   1 package com.supwisdom.infras.security.reactive.basic;
   2
   3 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
   4 import org.springframework.context.annotation.Bean;
   5 import org.springframework.context.annotation.Configuration;
   6 import org.springframework.http.HttpMethod;
   7 import org.springframework.security.config.web.server.ServerHttpSecurity;
   8 import org.springframework.security.web.server.SecurityWebFilterChain;
   9
  10 @Configuration
  11 @ConditionalOnProperty(name="infras.security.basic.enabled", havingValue="true")
  12 public class BasicWebFluxSecurityConfiguration {
  13
  14   @Bean
  15   public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
  16       http
  17           .authorizeExchange()
  18               .pathMatchers(HttpMethod.OPTIONS).permitAll()
  19               .pathMatchers("/api/public/**", "/api/open/**").permitAll()
  20               .pathMatchers("/api/v*/public/**", "/api/v*/open/**").permitAll()
  21               .pathMatchers("/api/*/v*/public/**", "/api/*/v*/open/**").permitAll()
  22               .pathMatchers("/api/**").authenticated()
  23               .anyExchange().authenticated();
  24
  25       http.httpBasic();
  26
  27       http.csrf().disable();
  28
  29       http.formLogin().disable();
  30
  31       return http.build();
  32   }
  33
  34 }