spring security and session

mrFlick72 · May 5, 2019 · 3804a3a · 3804a3a
1 parent b01a448
commit 3804a3a
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/ui/src/main/java/it/valeriovaudi/ui/UiApplication.java b/ui/src/main/java/it/valeriovaudi/ui/UiApplication.java
@@ -4,12 +4,15 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
 import org.springframework.context.annotation.Bean;
+import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.ReactiveAuthorizationManager;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.server.SecurityWebFilterChain;
+import reactor.core.publisher.Mono;
 
 import static java.util.Arrays.asList;
 
@@ -28,7 +31,7 @@ class SecurityConfig {
 
     @Bean
     public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
-        return http.authorizeExchange()
+        return http.csrf().disable().authorizeExchange()
                 .pathMatchers("/index.html").hasRole("USER")
                 .pathMatchers("/messages.html").hasRole("ADMIN")
                 .anyExchange().permitAll()