{"id":19656796,"url":"https://github.com/daggerok/csrf-spring-webflux-mustache","last_synced_at":"2025-10-20T11:20:35.715Z","repository":{"id":151041503,"uuid":"117838601","full_name":"daggerok/csrf-spring-webflux-mustache","owner":"daggerok","description":"This repository is contains example application using spring boot 2.0, webflux, spring security 5, reactive mongodb and mustache template engine: spring security 5, CSRF protection with mustache, spring webflux functional routes security, method security, authorization decision, etc","archived":false,"fork":false,"pushed_at":"2018-09-04T16:24:12.000Z","size":137,"stargazers_count":12,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-05T10:23:13.412Z","etag":null,"topics":["controller-advice","csrf","csrf-protection","csrf-tokens","css-grid","css-grid-layout","maven","mongodb","mustache","reactive","reactive-mongo","reactive-programming","security","spring-boot","spring-mvc","spring-security","spring-web","spring-webflux","webflux"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/daggerok.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-01-17T13:16:44.000Z","updated_at":"2022-10-17T13:41:17.000Z","dependencies_parsed_at":null,"dependency_job_id":"2cc54f58-21d6-4eb3-a9d7-915707f6827d","html_url":"https://github.com/daggerok/csrf-spring-webflux-mustache","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daggerok%2Fcsrf-spring-webflux-mustache","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daggerok%2Fcsrf-spring-webflux-mustache/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daggerok%2Fcsrf-spring-webflux-mustache/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/daggerok%2Fcsrf-spring-webflux-mustache/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/daggerok","download_url":"https://codeload.github.com/daggerok/csrf-spring-webflux-mustache/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251366138,"owners_count":21578080,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["controller-advice","csrf","csrf-protection","csrf-tokens","css-grid","css-grid-layout","maven","mongodb","mustache","reactive","reactive-mongo","reactive-programming","security","spring-boot","spring-mvc","spring-security","spring-web","spring-webflux","webflux"],"created_at":"2024-11-11T15:28:56.152Z","updated_at":"2025-10-20T11:20:35.589Z","avatar_url":"https://github.com/daggerok.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"= reactive security image:https://travis-ci.org/daggerok/csrf-spring-webflux-mustache.svg?branch=master[\"Build Status\", link=\"https://travis-ci.org/daggerok/csrf-spring-webflux-mustache\"]\n\nThis repository is contains example application using spring boot 2.0, webflux, spring security 5, reactive mongodb and mustache template engine\n\n.maven\n----\n./mvnw clean spring-boot:run\n----\n\n.gradle\n----\n./gradlew clean bootRun\n----\n\n.test\n----\nopen http://127.0.0.1:8080\n# user / user\n# adin / admin\n\nhttp get :8080/api/v1/users\n# 401: Unauthorized\n\nhttp --auth user:user get :8080/api/v1/users\n# 403 Forbidden: Access Denied\n\nhttp -a admin:admin get :8080/api/v1/users accept:'text/html'\n# OK\n----\n\nNOTE: for details, see link:https://github.com/daggerok/csrf-spring-webflux-mustache/branches[repository branches]\n\n. csrf protection, no op password encoder (done link:../../blob/csrf/src/main/java/daggerok/web/SecurityConfig.java[in csrf branch])\n. mongo userDetailService, standart password encoder (done link:../../tree/reactive-repository-user-details/[here])\n. share mongodb publisher, use project user authentication principal (done link:../../tree/application-authentication-user/[in that branch])\n. encode password (cpu costs) in separate thread (see link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/schedulers-parallel/src/main/java/daggerok/web/IndexPage.java[IndexPage.java])\n. fix deprecated password encoder for support passwords migrations (done link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/delegate-password-encoder/src/main/java/daggerok/web/config/SecurityConfig.java[SecurityConfig.java])\n. password-hash upgrade strategy on authentication  (done link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/password-upgrade-strategy/src/main/java/daggerok/web/config/passwordmigration/PasswordUpgradeStrategyOnAuthenticationService.java[here])\n. pathMatches by role (done link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/path-matchers-role/src/main/java/daggerok/web/config/SecurityConfig.java[SecurityConfig.java])\n. pathMatches access authorization decision (done link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/path-matchers-authorization-decision/src/main/java/daggerok/web/config/SecurityConfig.java[SecurityConfig.java]\n  and link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/path-matchers-authorization-decision/src/main/java/daggerok/web/security/SecurityConfig.java[SecurityConfig.java])\n. method security (see link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/methods-webflux-routes-security/src/main/java/daggerok/user/UserRepository.java[UserRepository.java]\n  and link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/methods-webflux-routes-security/src/main/java/daggerok/web/security/SecurityConfig.java[SecurityConfig.java])\n. webflux functional routes API security (see link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/methods-webflux-routes-security/src/main/java/daggerok/user/UserRoutes.java[UserRoutes.java])\n. oauth2, spring-cloud (todo)\n. authorization-server, resource-server, jwt... (todo)\n\nhelp resources:\n\n. link:http://mustache.github.io/mustache.5.html[mustache reference]\n. link:https://www.youtube.com/watch?v=EDO1zlyFq6I[Rob Winch talk]\n. link:https://projectreactor.io/docs/core/release/reference/[project reactor reference]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaggerok%2Fcsrf-spring-webflux-mustache","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdaggerok%2Fcsrf-spring-webflux-mustache","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdaggerok%2Fcsrf-spring-webflux-mustache/lists"}