Closed
Description
Spring Security does not use the ServerWebExchangeFirewall
Bean when exposed.
We should fix this, but in the meantime users can leverage a BeanPostProcessor
approach.
@Bean
BeanPostProcessor beanPostProcessor() {
return new BeanPostProcessor() {
@Override
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
if (bean instanceof WebFilterChainProxy) {
WebFilterChainProxy springSecurity = (WebFilterChainProxy) bean;
springSecurity.setFirewall(ServerWebExchangeFirewall.INSECURE_NOOP);
}
return bean;
}
};
}