Skip to content

Latest commit

 

History

History
52 lines (41 loc) · 3.34 KB

README.adoc

File metadata and controls

52 lines (41 loc) · 3.34 KB

reactive security Build Status

This repository is contains example application using spring boot 2.0, webflux, spring security 5, reactive mongodb and mustache template engine

maven
./mvnw clean spring-boot:run
gradle
./gradlew clean bootRun
test
open http://127.0.0.1:8080
# user / user
# adin / admin

http get :8080/api/v1/users
# 401: Unauthorized

http --auth user:user get :8080/api/v1/users
# 403 Forbidden: Access Denied

http -a admin:admin get :8080/api/v1/users accept:'text/html'
# OK
Note
for details, see repository branches
  1. csrf protection, no op password encoder (done in csrf branch)

  2. mongo userDetailService, standart password encoder (done here)

  3. share mongodb publisher, use project user authentication principal (done in that branch)

  4. encode password (cpu costs) in separate thread (see IndexPage.java)

  5. fix deprecated password encoder for support passwords migrations (done SecurityConfig.java)

  6. password-hash upgrade strategy on authentication (done here)

  7. pathMatches by role (done SecurityConfig.java)

  8. pathMatches access authorization decision (done SecurityConfig.java and SecurityConfig.java)

  9. method security (see UserRepository.java and SecurityConfig.java)

  10. webflux functional routes API security (see UserRoutes.java)

  11. oauth2, spring-cloud (todo)

  12. authorization-server, resource-server, jwt…​ (todo)

help resources: