Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ServerWebExchangeFirewall @Bean #15974

Closed
rwinch opened this issue Oct 22, 2024 · 0 comments
Closed

Support ServerWebExchangeFirewall @Bean #15974

rwinch opened this issue Oct 22, 2024 · 0 comments
Assignees
@rwinch
Labels
in: web An issue in web modules (web, webmvc) type: bug A general bug
Milestone
5.7.14

Comments

@rwinch
Copy link
Member

rwinch commented Oct 22, 2024
edited
Loading

Spring Security does not use the ServerWebExchangeFirewall Bean when exposed.

We should fix this, but in the meantime users can leverage a BeanPostProcessor approach.

@Bean
BeanPostProcessor beanPostProcessor() {
	return new BeanPostProcessor() {
		@Override
		public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
			if (bean instanceof WebFilterChainProxy) {
				WebFilterChainProxy springSecurity = (WebFilterChainProxy) bean;
				springSecurity.setFirewall(ServerWebExchangeFirewall.INSECURE_NOOP);
			}
			return bean;
		}
	};
}

Related #15989 #15975
@rwinch rwinch added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Oct 22, 2024
@rwinch rwinch self-assigned this Oct 22, 2024
@rwinch rwinch changed the title ServerWebExchangeFirewall Bean not Used Support ServerWebExchangeFirewall @Bean Oct 22, 2024
@rwinch rwinch added in: web An issue in web modules (web, webmvc) and removed status: waiting-for-triage An issue we've not yet triaged labels Oct 22, 2024
@rwinch rwinch added this to the 5.7.14 milestone Oct 22, 2024
This was referenced Oct 22, 2024
Closed
Closed
@spencergibb spencergibb mentioned this issue Oct 24, 2024
Closed
@rwinch rwinch mentioned this issue Oct 24, 2024
Closed
rwinch added a commit that referenced this issue Oct 25, 2024
@rwinch
Support ServerWebExchangeFirewall @bean
e48d6b0 
Closes gh-15974
@rwinch rwinch closed this as completed Oct 25, 2024
@rwinch rwinch mentioned this issue Oct 25, 2024
Closed
@kdebski85 kdebski85 mentioned this issue Oct 28, 2024
Closed
@rwinch rwinch mentioned this issue Nov 4, 2024
Closed
@rwinch rwinch mentioned this issue Nov 11, 2024
Closed
@sjohnr sjohnr mentioned this issue Nov 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) type: bug A general bug
Projects
Spring Security Team
Status: No status
Milestone
5.7.14
Development

No branches or pull requests
1 participant
@rwinch