Home Esplora Aiuto
Registrati Accedi
github
/
spring-security
mirror da https://github.com/spring-projects/spring-security
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

HttpSecurityConfiguration applies all defaults

HttpSecurity headers is off by default and relies on
HttpSecurityConfiguration to enable it. This is more consistent with the
other operators
Rob Winch 8 anni fa
parent
b5edb58050
commit
3d745e63f6
3 ha cambiato i file con 11 aggiunte e 8 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 6 6
      config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java
  2. 4 1
      config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java
  3. 1 1
      config/src/test/java/org/springframework/security/config/web/server/HttpSecurityTests.java

+ 6 - 6
config/src/main/java/org/springframework/security/config/annotation/web/reactive/HttpSecurityConfiguration.java
Vedi File 

@@ -67,12 +67,12 @@ public class HttpSecurityConfiguration implements WebFluxConfigurer {
 
 	@Bean(HTTPSECURITY_BEAN_NAME)
 
 	@Scope("prototype")
 
 	public HttpSecurity httpSecurity() {
 
-		HttpSecurity http = http();
 
-		http.httpBasic();
 
-		http.formLogin();
 
-		http.authenticationManager(authenticationManager());
 
-		http.securityContextRepository(new WebSessionSecurityContextRepository());
 
-		return http;
 
+		return http()
 
+			.authenticationManager(authenticationManager())
 
+			.securityContextRepository(new WebSessionSecurityContextRepository())
 
+			.headers().and()
 
+			.httpBasic().and()
 
+			.formLogin().and();
 
 	}
 
 
 	private ReactiveAuthenticationManager authenticationManager() {

+ 4 - 1
config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java
Vedi File 

@@ -79,7 +79,7 @@ public class HttpSecurity {
 
 
 	private AuthorizeExchangeBuilder authorizeExchangeBuilder;
 
 
-	private HeaderBuilder headers = new HeaderBuilder();
 
+	private HeaderBuilder headers;
 
 	private HttpBasicBuilder httpBasic;
 
 	private FormLoginBuilder formLogin;
 
 
@@ -132,6 +132,9 @@ public class HttpSecurity {
 
 	}
 
 
 	public HeaderBuilder headers() {
 
+		if(this.headers == null) {
 
+			this.headers = new HeaderBuilder();
 
+		}
 
 		return this.headers;
 
 	}

+ 1 - 1
config/src/test/java/org/springframework/security/config/web/server/HttpSecurityTests.java
Vedi File 

@@ -56,7 +56,7 @@ public class HttpSecurityTests {
 
 
 	@Before
 
 	public void setup() {
 
-		this.http = HttpSecurity.http();
 
+		this.http = HttpSecurity.http().headers().and();
 
 	}
 
 
 	@Test