Taking the Driver’s Seat
Explore how to configure and customize security in Spring Boot applications using Spring Security in WebFlux. Understand role-based access control, writing custom security policies, and automating tests to ensure proper authorization for actions like adding inventory. Gain insights into implementing HTTP BASIC and FORM login methods securely and verifying security rules with Spring Security Test.
We'll cover the following...
Spring Security is a curious feature. People need a lot of flexibility when setting up their applications. Some want to lock down sections. Others want to control every page. The login experience varies from site to site.
Certain things have to be done in a specific order, otherwise it’s impractical, or it flat out falls apart. There are a few projects that are a better testimony to dependency injection.
Spring Security has many injection points, including the insertion of custom filters.
Note: Spring WebFlux doesn’t have servlets. Therefore, there are no
javax.servlet.Filterhooks. Filtering is a valuable paradigm in web applications, though. So Spring WebFlux has its version of a filter API (WebFilter). Spring Security’s WebFlux support takes full advantage of it.
Spring Security strives to register all critical filters needed to properly secure our application and make it possible to register our filters. It’s possible to swap out any of those key filters with a custom one, but that requires deliberate action. We won’t explore that because that deviates from the common path of customizing an application.
Are we tailoring our security configuration? That’s precisely what we’re going to dig into.
Writing a custom policy
The following code shows alterations to apply to SecurityConfig ...