Securing applications with Spring Security
Spring Boot 2.0 has introduced updated support for Spring Security with Spring Framework 5.0 and Reactive support for Spring Security, providing simplified default configurations and ease of customization for Spring Security. As opposed to having multiple auto-configurations for Spring Security, Spring Boot 2.0 has introduced a single behavior that can be overridden easily and can be customized easily with a WebSecurityConfigurerAdapter such as the following:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
.requestMatchers(EndpointRequest.to("info", "health")).permitAll()
protected void configure(AuthenticationManagerBuilder
auth) throws Exception {
One thing to note here is the introduction of the EndpointRequest helper class, which makes it easier to protect endpoints.