首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

HttpSecurityConfiguration applies all defaults

HttpSecurity headers is off by default and relies on
HttpSecurityConfiguration to enable it. This is more consistent with the
other operators
Rob Winch 8 年之前
父节点
b5edb58050
当前提交
3d745e63f6
共有 3 个文件被更改,包括 11 次插入8 次删除
分列视图 显示文件统计
  1. 6 6
      config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java
  2. 4 1
      config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java
  3. 1 1
      config/src/test/java/org/springframework/security/config/web/server/HttpSecurityTests.java

+ 6 - 6
config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java
查看文件 

@@ -67,12 +67,12 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
 
 	@Bean(HTTPSECURITY_BEAN_NAME)
 
 	@Scope("prototype")
 
 	public HttpSecurity httpSecurity() {
 
-		HttpSecurity http = http();
 
-		http.httpBasic();
 
-		http.formLogin();
 
-		http.authenticationManager(authenticationManager());
 
-		http.securityContextRepository(new WebSessionSecurityContextRepository());
 
-		return http;
 
+		return http()
 
+			.authenticationManager(authenticationManager())
 
+			.securityContextRepository(new WebSessionSecurityContextRepository())
 
+			.headers().and()
 
+			.httpBasic().and()
 
+			.formLogin().and();
 
 	}
 
 
 	private ReactiveAuthenticationManager authenticationManager() {

+ 4 - 1
config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java
查看文件 

@@ -79,7 +79,7 @@ public class HttpSecurity {
 
 
 	private AuthorizeExchangeBuilder authorizeExchangeBuilder;
 
 
-	private HeaderBuilder headers = new HeaderBuilder();
 
+	private HeaderBuilder headers;
 
 	private HttpBasicBuilder httpBasic;
 
 	private FormLoginBuilder formLogin;
 
 
@@ -132,6 +132,9 @@ public class HttpSecurity {
 
 	}
 
 
 	public HeaderBuilder headers() {
 
+		if(this.headers == null) {
 
+			this.headers = new HeaderBuilder();
 
+		}
 
 		return this.headers;
 
 	}

+ 1 - 1
config/src/test/java/org/springframework/security/config/web/server/HttpSecurityTests.java
查看文件 

@@ -56,7 +56,7 @@ public class HttpSecurityTests {
 
 
 	@Before
 
 	public void setup() {
 
-		this.http = HttpSecurity.http();
 
+		this.http = HttpSecurity.http().headers().and();
 
 	}
 
 
 	@Test