Closed
Description
Spring Security does not use the ServerExchangeRejectedHandler
Bean when exposed.
We should fix this, but in the meantime users can leverage a BeanPostProcessor
approach.
@Bean
BeanPostProcessor beanPostProcessor() {
return new BeanPostProcessor() {
@Override
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
if (bean instanceof WebFilterChainProxy) {
WebFilterChainProxy springSecurity = (WebFilterChainProxy) bean;
springSecurity.setExchangeRejectedHandler((exchange, ex) -> Mono.fromRunnable(() -> exchange.getResponse().setStatusCode(HttpStatus.NOT_ACCEPTABLE)));
}
return bean;
}
};
}