Skip to content

Support ServerWebExchangeFirewall @Bean #15974

Closed
@rwinch

Description

@rwinch

Spring Security does not use the ServerWebExchangeFirewall Bean when exposed.

We should fix this, but in the meantime users can leverage a BeanPostProcessor approach.

@Bean
BeanPostProcessor beanPostProcessor() {
	return new BeanPostProcessor() {
		@Override
		public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
			if (bean instanceof WebFilterChainProxy) {
				WebFilterChainProxy springSecurity = (WebFilterChainProxy) bean;
				springSecurity.setFirewall(ServerWebExchangeFirewall.INSECURE_NOOP);
			}
			return bean;
		}
	};
}

Related #15989 #15975

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)type: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions