0

In my current system, we are using below functionality for spring security gateway which is mentioned below.

 http
   .csrf().disable()
   .exceptionHandling().and()
   .httpBasic().disable()

but now i want to build a new Endpoint which will use HttpBasic security so how to manage this things using PathMatcher?

if we want to use different configuration methods for httpBasic disable or httpBasic enable. so how it will work for me?

when i will use two filter inside same class then i will get below error..

Description:

The bean 'conversionServicePostProcessor', defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class], could not be registered. A bean with that name has already been defined in class path resource [org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.class] and overriding is disabled.

Action:

Consider renaming one of the beans or enabling overriding by setting spring.main.allow-bean-definition-overriding=true

DILIP DHANKECHA
  • 83
  • 11
  • Does this answer your question? [Spring REST security - Secure different URLs differently](https://stackoverflow.com/questions/33037559/spring-rest-security-secure-different-urls-differently) – Alex May 27 '21 at 11:00
  • @Alex I am talking about PathMatcher.. – DILIP DHANKECHA May 27 '21 at 12:06

1 Answers1

0

The Spring Security documentation has some examples of how to do that.

I think you could do something like:

@Configuration
@EnableWebFluxSecurity
static class MultiSecurityHttpConfig {

    @Order(Ordered.HIGHEST_PRECEDENCE)                                                      
    @Bean
    SecurityWebFilterChain yourEndpointHttpSecurity(ServerHttpSecurity http) {
        http
            .securityMatcher(new PathPatternParserServerWebExchangeMatcher("/your-endpoint/**"))      
            .authorizeExchange((exchanges) -> exchanges
                .anyExchange().authenticated()
            )
            .httpBasic(withDefaults());                         
        return http.build();
    }

    @Bean
    SecurityWebFilterChain webHttpSecurity(ServerHttpSecurity http) {                       
        http
            .csrf().disable()
            .exceptionHandling().and()
            .httpBasic().disable()                                                  
        return http.build();
    }

}

This way firstly your yourEndpointHttpSecurity Bean would be evaluated if the path matches /your-endpoint/** and then your default webHttpSecurity

Marcus Hert da Coregio
  • 1,693
  • 6
  • 16