# 8.4.2. WebFlux 安全 与 Spring MVC 应用程序类似,您可以通过添加`spring-boot-starter-security`依赖项来保护您的 WebFlux 应用程序。默认安全配置在`ReactiveSecurityAutoConfiguration`和`UserDetailsServiceAutoConfiguration`中实现。 `ReactiveSecurityAutoConfiguration`导入`WebFluxSecurityConfiguration`用于 Web 安全以及`UserDetailsServiceAutoConfiguration`配置身份验证,这在非 Web 应用程序中也相关。 要完全关闭默认的 Web 应用程序安全配置,您可以添加`WebFilterChainProxy`类型的 bean (这样做不会禁用`UserDetailsService`配置或 Actuator 的安全性)。要关闭`UserDetailsService`配置,您可以添加类型为`ReactiveUserDetailsService`或 `ReactiveAuthenticationManager`的bean 。 当以下任何 Spring Security 模块位于类路径上时,自动配置也会停止: * `spring-security-oauth2-client` * `spring-security-oauth2-resource-server` 要在这些依赖项中的一个或多个依赖项之外使用 `ReactiveUserDetailsService`,请定义您自己的 `MapReactiveUserDetailsService` bean。 访问规则和多个 Spring Security 组件(例如 OAuth 2 客户端和资源服务器)的使用可以通过添加自定义`SecurityWebFilterChain`bean 来配置。Spring Boot 提供了方便的方法,可用于覆盖执行器端点和静态资源的访问规则。 `EndpointRequest`可以用来创建一个基于`management.endpoints.web.base-path`属性的`ServerWebExchangeMatcher`。 `PathRequest`可用于在常用位置创建`ServerWebExchangeMatcher`资源。 例如,您可以通过添加以下内容来自定义安全配置: ```java @Configuration(proxyBeanMethods = false) public class MyWebFluxSecurityConfiguration { @Bean public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http.authorizeExchange((exchange) -> { exchange.matchers(PathRequest.toStaticResources().atCommonLocations()).permitAll(); exchange.pathMatchers("/foo", "/bar").authenticated(); }); http.formLogin(withDefaults()); return http.build(); } } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.shiker.tech/spring-boot-can-kao-wen-dang/8.-wang-luo/8.4.-spring-an-quan/8.4.2.-webflux-an-quan.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.