Home
Here is the place where detailed notes are kept to help you get from the book (based on Spring Boot 2.0.0.M5) to the current state of things (Spring Boot 2.0.0.RC1).
The code base was initial published against Spring Boot 2.0.0.M5. It was upgraded to 2.0.0.RC1. For the changes to make to your own applications, check out the following sections.
-
org.springframework.boot:spring-boot-starter-security-reactive→org.springframework.boot:spring-boot-starter-security
-
In Chapter 10, Take Your App To Production with Spring Boot, Spring Cloud Gateway is introduced. As a lingering side effect of Spring Session being lazy in saving session updates, I wrote a custom Spring Cloud Gateway filter to force the current
WebSession(holder of security context) to get saved to MongoDB before making a remote call. The recipient of the remote call uses the SESSION id to then fetch these security context. Since publication, that bit of code was added to Spring Cloud Gateway, making it unnecessary in the book. -
HttpSecurityis renamed asServerHttpSecurity. -
The frontend microservice’s security policy is changed to:
@EnableWebFluxSecurity public class SecurityConfiguration { @Bean SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) { return http .authorizeExchange() .pathMatchers("/**").authenticated() .and() .httpBasic() .securityContextRepository(new WebSessionServerSecurityContextRepository()) // (1) .and() .csrf().disable() // (2) .build(); } }
-
You can now specify that all security details are stored in the HTTP session using
httpBasic().securityContextRepository(new WebSessionServerSecurityContextRepository()). -
CSRF, which wasn’t operational at the time of writing, now is, and is on by default. So for now, it’s disabled explicitly via
csrf().disable().
-
