HttpSecurity.authorizeExchange() allows Method Chaining

Fixes gh-4397
This commit is contained in:
Rob Winch
2017-06-15 15:50:30 -05:00
parent fb85ad6bd7
commit ca6348800e
6 changed files with 94 additions and 107 deletions

View File

@@ -39,12 +39,13 @@ public class SecurityConfig {
@Bean
SecurityWebFilterChain springWebFilterChain(HttpSecurity http) throws Exception {
http.authorizeExchange()
.pathMatchers("/admin/**").hasRole("ADMIN")
.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
.anyExchange().authenticated();
return http.build();
return http
.authorizeExchange()
.pathMatchers("/admin/**").hasRole("ADMIN")
.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
.anyExchange().authenticated()
.and()
.build();
}
private Mono<AuthorizationDecision> currentUserMatchesPath(Mono<Authentication> authentication, AuthorizationContext context) {