Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Form login requiresAuthenticationMatcher is not used in WebFlux #7863

Closed
eleftherias opened this issue Jan 27, 2020 · 0 comments
Closed

Form login requiresAuthenticationMatcher is not used in WebFlux #7863

eleftherias opened this issue Jan 27, 2020 · 0 comments
Assignees
@eleftherias
Labels
in: config An issue in spring-security-config status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
5.3.0.RC1

Comments

@eleftherias
Copy link
Contributor

Summary

When specifying a custom requiresAuthenticationMatcher in formLogin for WebFlux security, it is not used unless a custom authenticationEntryPoint is used.

Example configuration:

SecurityWebFilterChain securityWebFilter = this.http
	.authorizeExchange()
		.pathMatchers("/login", "/sign-in").permitAll()
		.anyExchange().authenticated()
		.and()
	.formLogin()
		.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in"))
		.and()
	.build();

Actual Behavior

Making a request to "/sign-in" does not perform authentication.
Making a POST to "/login" does perform authentication.

Expected Behavior

Making a request to "/sign-in" should perform authentication.
Making a POST to "/login" should not perform authentication.
@eleftherias eleftherias added in: config An issue in spring-security-config type: bug A general bug labels Jan 27, 2020
@eleftherias eleftherias self-assigned this Jan 27, 2020
@eleftherias eleftherias added this to the 5.3.0.RC1 milestone Jan 27, 2020
eleftherias added a commit that referenced this issue Jan 27, 2020
@eleftherias
Fix requiresAuthenticationMatcher not being used
9dd3dfe 
The custom server requiresAuthenticationMatcher was not always picked up

Fixes: gh-7863
@spring-projects-issues spring-projects-issues added the status: backported An issue that has been backported to maintenance branches label Jan 27, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eleftherias eleftherias

Labels
in: config An issue in spring-security-config status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
5.3.0.RC1
Development

No branches or pull requests
2 participants
@eleftherias @spring-projects-issues