Appsec

Customized WebFlux Form Authentication This demonstration examines Spring Security WebFlux’s Authentication mechanisms. We will look at authentication with HTML forms using Mustache, User Authentication, and customized form-based login / logout configurations. The ServerHttpSecurity Configuration SecurityWebFilterChain is the governing chain of [WebFilter]’s that allows us to lock down reactive WebFlux applications. With @EnableWebFluxSecurity turned on, we can build this object by issuing commands to the ServerHttpSecurity DSL object. SecurityConfiguration.java: @EnableWebFluxSecurity @Slf4j @Configuration public class SecurityConfiguration { @Bean public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { return http .

Configuring Authentication against a WebFlux app This demonstration examines Spring Security WebFlux’s Authentication mechanisms. We will look at Authentication request escalation, as well as user-domain customizations. Authentication flow-control How do we determine when a request must provide an authentication context? Spring does this with help from an AuthenticationEntryPoint that identifies un-authenticated requests and returns with a response to the user to perform some authentication action. Configure ServerHttpSecurity to use HTTP-BASIC by calling it’s httpBasic() method.