spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard

Published 20 hours ago verified publisher icon spring-projects

Support ServerWebExchangeFirewall @Bean

Open rwinch opened this issue 1 year ago • 0 comments

Spring Security does not use the ServerWebExchangeFirewall Bean when exposed.

We should fix this, but in the meantime users can leverage a BeanPostProcessor approach.

@Bean
BeanPostProcessor beanPostProcessor() {
	return new BeanPostProcessor() {
		@Override
		public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
			if (bean instanceof WebFilterChainProxy) {
				WebFilterChainProxy springSecurity = (WebFilterChainProxy) bean;
				springSecurity.setFirewall(ServerWebExchangeFirewall.INSECURE_NOOP);
			}
			return bean;
		}
	};
}

rwinch avatar Oct 22 '24 18:10 rwinch