Spring Security does not use the ServerWebExchangeFirewall Bean when exposed.
We should fix this, but in the meantime users can leverage a BeanPostProcessor approach.
@Bean
BeanPostProcessor beanPostProcessor() {
return new BeanPostProcessor() {
@Override
public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
if (bean instanceof WebFilterChainProxy) {
WebFilterChainProxy springSecurity = (WebFilterChainProxy) bean;
springSecurity.setFirewall(ServerWebExchangeFirewall.INSECURE_NOOP);
}
return bean;
}
};
}Related #15989 #15975
Spring Security does not use the
ServerWebExchangeFirewallBean when exposed.We should fix this, but in the meantime users can leverage a
BeanPostProcessorapproach.Related #15989 #15975