WebFlux Spring Security配置

最小化可运行配置

package com.terwergreen.bugucms.config;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler;

import java.net.URI;

/**
 * @Author Terwer
 * @Date 2018/6/22 15:55
 * @Version 1.0
 * @Description 安全授权配置
 **/
@EnableWebFluxSecurity
public class SecurityConfig {
    private Log logger = LogFactory.getLog(this.getClass());

    @Autowired
    PasswordEncoder passwordEncoder;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        logger.info("WebFlux Security begin");
        return http
                .authorizeExchange()
                .pathMatchers("/admin/**")
                .authenticated()
                .pathMatchers("/**")
                .permitAll()
                .and()
                .csrf()
                //.csrfTokenRepository(customCsrfTokenRepository)
                //.requireCsrfProtectionMatcher(customCsrfMatcher)
                .and()
                .formLogin()
                //.loginPage("/login")
                //.authenticationFailureHandler(new RedirectServerAuthenticationFailureHandler("/login?error"))
                //.authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/admin"))
                .and()
                .logout()
                //.logoutUrl("/logout")
                .logoutSuccessHandler(logoutSuccessHandler("/login?logout"))
                .and()
                .build();
    }

    public ServerLogoutSuccessHandler logoutSuccessHandler(String uri) {
        RedirectServerLogoutSuccessHandler successHandler = new RedirectServerLogoutSuccessHandler();
        successHandler.setLogoutSuccessUrl(URI.create(uri));
        return successHandler;
    }

    @Bean
    public ReactiveUserDetailsService userDetailsService() {
        //内存中缓存权限数据
        User.UserBuilder userBuilder = User.builder();
        UserDetails admin = userBuilder.username("admin").password(passwordEncoder.encode("123456")).roles("USER", "ADMIN").build();
        // 输出加密密码
        String encodePassword = passwordEncoder.encode("123456");
        logger.info("encodePassword:" + encodePassword);
        return new MapReactiveUserDetailsService(admin);
    }
}

参考

https://www.sudoinit5.com/post/spring-reactive-auth-forms/