Skip to content

Form login requiresAuthenticationMatcher is not used in WebFlux #7863

New issue
New issue
Closed
Closed
Form login requiresAuthenticationMatcher is not used in WebFlux#7863
Assignees
eleftherias
Labels
in: configAn issue in spring-security-configstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug
Milestone
5.3.0.RC1
@eleftherias

Description

@eleftherias
eleftherias
opened on Jan 27, 2020

Summary

When specifying a custom requiresAuthenticationMatcher in formLogin for WebFlux security, it is not used unless a custom authenticationEntryPoint is used.

Example configuration:

SecurityWebFilterChain securityWebFilter = this.http
	.authorizeExchange()
		.pathMatchers("/login", "/sign-in").permitAll()
		.anyExchange().authenticated()
		.and()
	.formLogin()
		.requiresAuthenticationMatcher(new PathPatternParserServerWebExchangeMatcher("/sign-in"))
		.and()
	.build();

Actual Behavior

Making a request to "/sign-in" does not perform authentication.
Making a POST to "/login" does perform authentication.

Expected Behavior

Making a request to "/sign-in" should perform authentication.
Making a POST to "/login" should not perform authentication.

Metadata

Metadata

Assignees

Labels

in: configAn issue in spring-security-configstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions