HttpSecurity.authorizeExchange() allows Method Chaining
Fixes gh-4397
This commit is contained in:
@@ -39,12 +39,13 @@ public class SecurityConfig {
|
||||
|
||||
@Bean
|
||||
SecurityWebFilterChain springWebFilterChain(HttpSecurity http) throws Exception {
|
||||
http.authorizeExchange()
|
||||
.pathMatchers("/admin/**").hasRole("ADMIN")
|
||||
.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
|
||||
.anyExchange().authenticated();
|
||||
|
||||
return http.build();
|
||||
return http
|
||||
.authorizeExchange()
|
||||
.pathMatchers("/admin/**").hasRole("ADMIN")
|
||||
.pathMatchers("/users/{user}/**").access(this::currentUserMatchesPath)
|
||||
.anyExchange().authenticated()
|
||||
.and()
|
||||
.build();
|
||||
}
|
||||
|
||||
private Mono<AuthorizationDecision> currentUserMatchesPath(Mono<Authentication> authentication, AuthorizationContext context) {
|
||||
|
||||
Reference in New Issue
Block a user