This repository is contains example application using spring boot 2.0, webflux, spring security 5, reactive mongodb and mustache template engine
./mvnw clean spring-boot:run
./gradlew clean bootRun
open http://127.0.0.1:8080 # user / user # adin / admin http get :8080/api/v1/users # 401: Unauthorized http --auth user:user get :8080/api/v1/users # 403 Forbidden: Access Denied http -a admin:admin get :8080/api/v1/users accept:'text/html' # OK
|
Note
|
for details, see repository branches |
-
csrf protection, no op password encoder (done in csrf branch)
-
mongo userDetailService, standart password encoder (done here)
-
share mongodb publisher, use project user authentication principal (done in that branch)
-
encode password (cpu costs) in separate thread (see IndexPage.java)
-
fix deprecated password encoder for support passwords migrations (done SecurityConfig.java)
-
password-hash upgrade strategy on authentication (done here)
-
pathMatches by role (done SecurityConfig.java)
-
pathMatches access authorization decision (done SecurityConfig.java and SecurityConfig.java)
-
method security (see UserRepository.java and SecurityConfig.java)
-
webflux functional routes API security (see UserRoutes.java)
-
oauth2, spring-cloud (todo)
-
authorization-server, resource-server, jwt… (todo)
help resources: