Categories
28°C, New York
Home WebSocket Spring Webflux Websocket Security – Basic Authentication

Spring Webflux Websocket Security – Basic Authentication

Step-by-Step Implementation of Spring Webflux Websocket Security – Basic Authentication

Below is the Example of Spring Webflux Websocket Security – Basic Authentication:

Java 
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.PathMatchers;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.MatchResultMatchers;

@Configuration
@EnableWebFluxSecurity
public class WebSocketSecurityConfig {

    // Configure basic authentication with in-memory user details
    @Bean
    public MapReactiveUserDetailsService userDetailsService() {
        UserDetails user = User.withDefaultPasswordEncoder()
                .username("user")
                .password("password")
                .roles("USER")
                .build();
        return new MapReactiveUserDetailsService(user);
    }

    // Configure security for WebSocket endpoints
    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
        http
            .authorizeExchange()
                .matchers(ServerWebExchangeMatchers.pathMatchers("/ws/**"))
                .authenticated()
                .and()
            .httpBasic(Customizer.withDefaults());

        return http.build();
    }
}


Spring Webflux Websocket Security – Basic Authentication

Spring WebFlux WebSockets, the authentication data that was included in the HTTP request at the time the WebSocket connection was established is reused. This indicates that WebSockets will receive the Principal on the HttpServletRequest. The Principal on the HttpServletRequest is automatically overridden if we are using Spring Security. More specifically, we just need to make sure to set up Spring Security to authenticate our HTTP-based web application in order to verify that a user has authenticated to our WebSocket application.

In this article, we will learn how to implement basic authentication in Spring Webflux Websocket Security.

Similar Reads

Spring Webflux Websocket Security – Basic Authentication

Below is the Example of Spring Webflux Websocket Security – Basic Authentication:...

Step-by-Step Implementation of Spring Webflux Websocket Security – Basic Authentication

Below are the steps to implement Spring Webflux Websocket Security....

Tags:
#Dev Scripter 2024 #Java-Spring-WebFlux #Advance Java #Dev Scripter

Step-by-Step Implementation of Spring Webflux Websocket Security – Basic Authentication