This question is a follow up from https://github.com/spring-cloud/spring-cloud-gateway/issues/3636 issue, also a MCVE is attached to the issue.
what would be a recommended way of configuring it properly.
When accessing http://dummy.traefik.me/login does not go through the security filter chain, if so, I think it can be done like this
private ServerWebExchangeMatcher getSecurityMatcher() {
return exchange -> {
URI uri = exchange.getRequest().getURI();
if (uri.getHost().equals("dummy.traefik.me")) {
return ServerWebExchangeMatcher.MatchResult.notMatch();
}
return ServerWebExchangeMatcher.MatchResult.match();
};
}
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http
.securityMatcher(getSecurityMatcher())
.authorizeExchange(authorizeRequests -> authorizeRequests
.anyExchange()
.authenticated()
)
.formLogin(withDefaults())
.logout(withDefaults());
return http.build();
}