https://github.com/daggerok/csrf-spring-webflux-mustache

This repository is contains example application using spring boot 2.0, webflux, spring security 5, reactive mongodb and mustache template engine: spring security 5, CSRF protection with mustache, spring webflux functional routes security, method security, authorization decision, etc
https://github.com/daggerok/csrf-spring-webflux-mustache

controller-advice csrf csrf-protection csrf-tokens css-grid css-grid-layout maven mongodb mustache reactive reactive-mongo reactive-programming security spring-boot spring-mvc spring-security spring-web spring-webflux webflux

Last synced: about 1 month ago
JSON representation

This repository is contains example application using spring boot 2.0, webflux, spring security 5, reactive mongodb and mustache template engine: spring security 5, CSRF protection with mustache, spring webflux functional routes security, method security, authorization decision, etc

• Host: GitHub
• URL: https://github.com/daggerok/csrf-spring-webflux-mustache
• Owner: daggerok
• Created: 2018-01-17T13:16:44.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2018-09-04T16:24:12.000Z (over 6 years ago)
• Last Synced: 2025-04-05T10:23:13.412Z (about 2 months ago)
• Topics: controller-advice, csrf, csrf-protection, csrf-tokens, css-grid, css-grid-layout, maven, mongodb, mustache, reactive, reactive-mongo, reactive-programming, security, spring-boot, spring-mvc, spring-security, spring-web, spring-webflux, webflux
• Language: Java
• Homepage:
• Size: 134 KB
• Stars: 12
• Watchers: 2
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.adoc

Awesome Lists containing this project

README

        
= reactive security image:https://travis-ci.org/daggerok/csrf-spring-webflux-mustache.svg?branch=master["Build Status", link="https://travis-ci.org/daggerok/csrf-spring-webflux-mustache"]

This repository is contains example application using spring boot 2.0, webflux, spring security 5, reactive mongodb and mustache template engine

.maven

----

./mvnw clean spring-boot:run

----

.gradle

----

./gradlew clean bootRun

----

.test

----

open http://127.0.0.1:8080

# user / user

# adin / admin

http get :8080/api/v1/users

# 401: Unauthorized

http --auth user:user get :8080/api/v1/users

# 403 Forbidden: Access Denied

http -a admin:admin get :8080/api/v1/users accept:'text/html'

# OK

----

NOTE: for details, see link:https://github.com/daggerok/csrf-spring-webflux-mustache/branches[repository branches]

. csrf protection, no op password encoder (done link:../../blob/csrf/src/main/java/daggerok/web/SecurityConfig.java[in csrf branch])

. mongo userDetailService, standart password encoder (done link:../../tree/reactive-repository-user-details/[here])

. share mongodb publisher, use project user authentication principal (done link:../../tree/application-authentication-user/[in that branch])

. encode password (cpu costs) in separate thread (see link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/schedulers-parallel/src/main/java/daggerok/web/IndexPage.java[IndexPage.java])

. fix deprecated password encoder for support passwords migrations (done link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/delegate-password-encoder/src/main/java/daggerok/web/config/SecurityConfig.java[SecurityConfig.java])

. password-hash upgrade strategy on authentication  (done link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/password-upgrade-strategy/src/main/java/daggerok/web/config/passwordmigration/PasswordUpgradeStrategyOnAuthenticationService.java[here])

. pathMatches by role (done link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/path-matchers-role/src/main/java/daggerok/web/config/SecurityConfig.java[SecurityConfig.java])

. pathMatches access authorization decision (done link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/path-matchers-authorization-decision/src/main/java/daggerok/web/config/SecurityConfig.java[SecurityConfig.java]

  and link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/path-matchers-authorization-decision/src/main/java/daggerok/web/security/SecurityConfig.java[SecurityConfig.java])

. method security (see link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/methods-webflux-routes-security/src/main/java/daggerok/user/UserRepository.java[UserRepository.java]

  and link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/methods-webflux-routes-security/src/main/java/daggerok/web/security/SecurityConfig.java[SecurityConfig.java])

. webflux functional routes API security (see link:https://github.com/daggerok/csrf-spring-webflux-mustache/blob/methods-webflux-routes-security/src/main/java/daggerok/user/UserRoutes.java[UserRoutes.java])

. oauth2, spring-cloud (todo)

. authorization-server, resource-server, jwt... (todo)

help resources:

. link:http://mustache.github.io/mustache.5.html[mustache reference]

. link:https://www.youtube.com/watch?v=EDO1zlyFq6I[Rob Winch talk]

. link:https://projectreactor.io/docs/core/release/reference/[project reactor reference]