Spring webflux Security - Disable csrf with property
Question
I have a Spring WebFlux security as follows and would like to control CSRF using property. How can I add if check for the CSRF alone here?
@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
return http.authorizeExchange().matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
//.pathMatchers("/register", "/login").permitAll()
.anyExchange().authenticated()
.and().formLogin()
.securityContextRepository(securityContextRepository())
.and()
.exceptionHandling()
.accessDeniedHandler(new HttpStatusServerAccessDeniedHandler(HttpStatus.BAD_REQUEST))
.and().csrf().disable()
.build();
}
1 answers
solution1
1 ACCPTED 2021-02-03 00:16:07
you just add something like:
// All your stuff up here then
if(!csrfEnabled) {
http.csrf().disable();
}
return http.build();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
spring security csrf disable issue
Spring Security 5.1.5 with WebFlux user disable not working
Cannot disable CSRF security in Spring Boot
How to disable Spring Security on Tests for Webflux Functional Endpoints
Spring Boot Security and Auth0 - Cannot disable CSRF
Spring security 403 forbidden error keeps happening even with csrf disable
Spring Security and CSRF attack
CSRF and Spring Security
Disable WebSession creation when using spring-security with spring-webflux
Migrating Spring Security AbstractAuthenticationProcessingFilter to WebFlux
Related Tags