@Bean
public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) {
    return http.authorizeExchange()
        .pathMatchers("/", "/admin")
        .hasAuthority("ROLE_ADMIN")
        .matchers(EndpointRequest.to(FeaturesEndpoint.class))
        .permitAll()
        .anyExchange()
        .permitAll()
        .and()
        .formLogin()
        .and()
        .csrf()
        .disable()
        .build();
}
 

@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    return http.securityMatcher(EndpointRequest.toAnyEndpoint())
            .authorizeExchange()
            .anyExchange()
            .hasRole("ENDPOINT_ADMIN")
            .and().httpBasic()
            .and().build();
}
 

/**
 * 由于当前工程依赖 org.springframework.security:spring-security-web 的缘故，
 * BASIC 验证需要显示地关闭
 *
 * @param http {@link ServerHttpSecurity}
 * @return {@link SecurityWebFilterChain}
 */
@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
    return http.securityMatcher(EndpointRequest.toAnyEndpoint())
            .httpBasic().disable() // 关闭 BASIC 验证
            .build();
}
 

@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
	return http
			.csrf().disable()
			.httpBasic()
			.and().authorizeExchange()
			.pathMatchers("/bookstores/**").authenticated()
			.pathMatchers("/v2/**").hasAuthority(SecurityAuthorities.ADMIN)
			.matchers(EndpointRequest.to("info", "health")).permitAll()
			.matchers(EndpointRequest.toAnyEndpoint()).hasAuthority(SecurityAuthorities.ADMIN)
			.and().build();
}
 

@Bean
@Order(0)
public SecurityWebFilterChain actuatorSecurityFilterChain(final ServerHttpSecurity http) {
    ServerWebExchangeMatcher actuatorMatcher = EndpointRequest.toAnyEndpoint();
    return http.securityMatcher(actuatorMatcher).
            authorizeExchange().anyExchange().authenticated().
            and().httpBasic().
            and().csrf().requireCsrfProtectionMatcher(new NegatedServerWebExchangeMatcher(actuatorMatcher)).
            and().build();
}
 

@Bean
public SecurityWebFilterChain securitygWebFilterChain(
  ServerHttpSecurity http) {
    return  http
 
        .authorizeExchange()
            .matchers(EndpointRequest.to(
                   FeaturesEndpoint.class
            )).permitAll().anyExchange().permitAll().and().csrf().disable().build();
}