My code:
@Configuration
@EnableWebFluxSecurity
@EnableHotmartSecurity
@EnableReactiveMethodSecurity(useAuthorizationManager = true)
class HttpSecurityConfig {
@Bean
fun springSecurityFilterChain(http: ServerHttpSecurity
): SecurityWebFilterChain {
return http
.httpBasic{}
.cors {}
.formLogin { configurer -> configurer.disable() }
.logout { configurer -> configurer.disable() }
.csrf { configurer -> configurer.disable() }
.authorizeExchange {
it.pathMatchers(HttpMethod.OPTIONS).permitAll()
it.pathMatchers("/management/health").permitAll()
it.pathMatchers("/management/**").hasRole("ACTUATOR")
}.build()
}
}
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.1.1</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
When call request /block then return 401 Unauthorized
PathMatcherServerWebExchangeMatcher{pattern='/management/**', method=null}
2023-07-21T23:40:28.995-03:00 DEBUG [api-teste,,] 52726 --- [ parallel-1] athPatternParserServerWebExchangeMatcher : Request 'POST /user/block-users' doesn't match 'null /management/**'
2023-07-21T23:40:28.996-03:00 DEBUG [api-teste,,] 52726 --- [ parallel-1] o.s.s.w.s.u.m.OrServerWebExchangeMatcher : No matches found
2023-07-21T23:40:29.001-03:00 DEBUG [api-teste,,] 52726 --- [ parallel-1] o.s.s.w.s.a.AuthorizationWebFilter : Authorization failed: Access Denied
2023-07-21T23:40:29.028-03:00 DEBUG [api-teste,,] 52726 --- [ parallel-1] ebSessionServerSecurityContextRepository : No SecurityContext found in WebSession: 'org.springframework.web.server.session.InMemoryWebSessionStore$InMemoryWebSession@35f2c0da'
2023-07-21T23:40:29.029-03:00 DEBUG [api-teste,,] 52726 --- [ parallel-1] DelegatingServerAuthenticationEntryPoint : Trying to match using org.springframework.security.config.web.server.ServerHttpSecurity$HttpBasicSpec$$Lambda$1297/0x0000000801395e08@13e6577c
2023-07-21T23:40:29.030-03:00 DEBUG [api-teste,,] 52726 --- [ parallel-1] DelegatingServerAuthenticationEntryPoint : No match found. Using default entry point org.springframework.security.web.server.authentication.HttpBasicServerAuthenticationEntryPoint@5b8b2deb
2023-07-21T23:40:29.032-03:00 DEBUG [api-teste,,] 52726 --- [ parallel-1] o.s.w.s.adapter.HttpWebHandlerAdapter : [4984311b-1] Completed 401 UNAUTHORIZED
2023-07-21T23:40:29.060-03:00 DEBUG [api-teste,,] 52726 --- [ parallel-1] r.n.http.server.HttpServerOperations : [4984311b-1, L:/[0:0:0:0:0:0:0:1]:8080 - R:/[0:0:0:0:0:0:0:1]:62743] Last HTTP response frame
2023-07-21T23:40:29.060-03:00 DEBUG [api-teste,,] 52726 --- [ parallel-1] r.n.http.server.HttpServerOperations : [4984311b-1, L:/[0:0:0:0:0:0:0:1]:8080 - R:/[0:0:0:0:0:0:0:1]:62743] No sendHeaders() called before complete, sending zero-length header
2023-07-21T23:40:29.076-03:00 DEBUG [api-teste,,] 52726 --- [ctor-http-nio-3] r.n.http.server.HttpServerOperations : [4984311b-1, L:/[0:0:0:0:0:0:0:1]:8080 - R:/[0:0:0:0:0:0:0:1]:62743] Decreasing pending responses, now 0
2023-07-21T23:40:29.078-03:00 DEBUG [api-teste,,] 52726 --- [ctor-http-nio-3] r.netty.channel.ChannelOperations : [4984311b-1, L:/[0:0:0:0:0:0:0:1]:8080 - R:/[0:0:0:0:0:0:0:1]:62743] [HttpServer] Channel inbound receiver cancelled (subscription disposed).
2023-07-21T23:40:29.082-03:00 DEBUG [api-teste,,] 52726 --- [ctor-http-nio-3] reactor.netty.channel.FluxReceive : [4984311b-1, L:/[0:0:0:0:0:0:0:1]:8080 - R:/[0:0:0:0:0:0:0:1]:62743] [terminated=true, cancelled=true, pending=0, error=null]: dropping frame LAST_CONTENT(decodeResult: success, content: PooledSlicedByteBuf(ridx: 0, widx: 15, cap: 15/15, unwrapped: PooledUnsafeDirectByteBuf(ridx: 1647, widx: 1647, cap: 2048)))
2023-07-21T23:40:29.083-03:00 DEBUG [api-teste,,] 52726 --- [ctor-http-nio-3] r.n.http.server.HttpServerOperations : [4984311b-1, L:/[0:0:0:0:0:0:0:1]:8080 - R:/[0:0:0:0:0:0:0:1]:62743] Last HTTP packet was sent, terminating the channel
