package com.njcb.corp.gateway.security;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.web.filter.reactive.HiddenHttpMethodFilter;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
/**
* @author Lei Ji Hui
* @version V1.0
* @date 2021/8/20 17:19
* @description: 注意:webflux环境下要生效必须用注解@EnableWebFluxSecurity使其生效
* cloud gateway采用的webflux技术(此处与web不同)
* @className WebSecurityConfig
**/
@Configuration
@EnableWebFluxSecurity
@Slf4j
public class WebSecurityConfig {
@Bean
SecurityWebFilterChain webFluxSecurityFilterChain(ServerHttpSecurity http) throws Exception {
http.authorizeExchange()
.anyExchange()
.permitAll();
// 一些配置
http.csrf().disable()//必须支持跨域
.httpBasic().disable()
.logout().disable()
.formLogin().disable();
return http.build();
}
@Bean
public HiddenHttpMethodFilter hiddenHttpMethodFilter() {
return new HiddenHttpMethodFilter() {
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
return chain.filter(exchange);
}
};
}
}
注意:gateway网关项目和普通springboot项目关闭security验证的方式不同。原因是gateway采用的webflux技术,不是servlet。