diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java index 2745200e3e..3735734751 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java @@ -62,6 +62,7 @@ public class WebFluxSecurityConfiguration implements WebFluxConfigurer { @Bean public HttpSecurity httpSecurity() { HttpSecurity http = http(); + http.httpBasic(); http.authenticationManager(authenticationManager()); http.securityContextRepository(new WebSessionSecurityContextRepository()); return http; diff --git a/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java index fa993eab41..cd6d654628 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/HttpSecurity.java @@ -96,6 +96,12 @@ public class HttpSecurity { .flatMap( r -> Optional.of(new SecurityContextRepositoryWebFilter(r))); } + public class HttpBasicSpec extends HttpBasicBuilder { + public HttpSecurity disable() { + httpBasic = null; + return HttpSecurity.this; + } + } private HttpSecurity() {} } diff --git a/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java b/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java index 6d45a1cde2..8f64fc7070 100644 --- a/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java +++ b/samples/javaconfig/hellowebflux/src/main/java/sample/SecurityConfig.java @@ -36,8 +36,6 @@ public class SecurityConfig { @Bean WebFilter springSecurityFilterChain(HttpSecurity http) throws Exception { - http.httpBasic(); - http.authorizeExchange() .antMatchers("/admin/**").hasRole("ADMIN") .antMatchers("/users/{user}/**").access(this::currentUserMatchesPath) diff --git a/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java b/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java index 6d45a1cde2..8f64fc7070 100644 --- a/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java +++ b/samples/javaconfig/hellowebfluxfn/src/main/java/sample/SecurityConfig.java @@ -36,8 +36,6 @@ public class SecurityConfig { @Bean WebFilter springSecurityFilterChain(HttpSecurity http) throws Exception { - http.httpBasic(); - http.authorizeExchange() .antMatchers("/admin/**").hasRole("ADMIN") .antMatchers("/users/{user}/**").access(this::currentUserMatchesPath)