Skip to content

This repository is contains example application using spring boot 2.0, webflux, spring security 5, reactive mongodb and mustache template engine: spring security 5, CSRF protection with mustache, spring webflux functional routes security, method security, authorization decision, etc

Notifications You must be signed in to change notification settings

daggerok/csrf-spring-webflux-mustache

Repository files navigation

reactive security Build Status

This repository is contains example application using spring boot 2.0, webflux, spring security 5, reactive mongodb and mustache template engine

maven
./mvnw clean spring-boot:run
gradle
./gradlew clean bootRun
test
open http://127.0.0.1:8080
# user / user
# adin / admin

http get :8080/api/v1/users
# 401: Unauthorized

http --auth user:user get :8080/api/v1/users
# 403 Forbidden: Access Denied

http -a admin:admin get :8080/api/v1/users accept:'text/html'
# OK
Note
for details, see repository branches
  1. csrf protection, no op password encoder (done in csrf branch)

  2. mongo userDetailService, standart password encoder (done here)

  3. share mongodb publisher, use project user authentication principal (done in that branch)

  4. encode password (cpu costs) in separate thread (see IndexPage.java)

  5. fix deprecated password encoder for support passwords migrations (done SecurityConfig.java)

  6. password-hash upgrade strategy on authentication (done here)

  7. pathMatches by role (done SecurityConfig.java)

  8. pathMatches access authorization decision (done SecurityConfig.java and SecurityConfig.java)

  9. method security (see UserRepository.java and SecurityConfig.java)

  10. webflux functional routes API security (see UserRoutes.java)

  11. oauth2, spring-cloud (todo)

  12. authorization-server, resource-server, jwt…​ (todo)

help resources:

About

This repository is contains example application using spring boot 2.0, webflux, spring security 5, reactive mongodb and mustache template engine: spring security 5, CSRF protection with mustache, spring webflux functional routes security, method security, authorization decision, etc

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published