Securing the chat microservice
Okay, this chapter is titled Securing Your App with Spring Boot, yet we have spent a fair amount of time... NOT securing our app! That is about to change. Thanks to this little bit of restructuring, we can move forward with locking things down as desired.
Let's take a crack at writing some security policies, starting with the chat
microservice:
@EnableWebFluxSecurity public class SecurityConfiguration { @Bean SecurityWebFilterChain springWebFilterChain(HttpSecurity http) { return http .authorizeExchange() .pathMatchers("/**").authenticated() .and() .build(); } }
The preceding security policy can be defined as follows:
@EnableWebFluxSecurity
activates the Spring WebFlux security filters needed to secure our application@Bean
marks the one method as a bean definitionHttpSecurity.http()
lets us define a simple set of authentication and authorization rules- In this...