enable h2 console with Spring Security

I want to use the h2-console in my Spring Boot project with Spring Security enabled. My Config looks like the following, but i cannot reach any of the unauthenticated paths. If i open the console path the Loginprompt apears.

Is there something in the wrong order?

I’ve tried it the old way with a WebSecurityConfigurerAdapter and it worked, but i want to use the new stuff.

@EnableWebFluxSecurity
public class SecurityConfiguration {
    @Bean
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {

        return http
                .csrf().disable()
                .headers().frameOptions().disable().and()
                .authorizeExchange()
                .anyExchange().permitAll()
                .and()
                .httpBasic().and()
                .build();
    }
}

I changed the config to the following and the authentication excludes the h2 console like I expected:

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.headers().frameOptions().disable().and()
                .csrf().disable();
        http
                .authorizeRequests()
                .antMatchers("/", "/h2-console/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .permitAll()
                .and()
                .logout()
                .permitAll();
    }
}

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Jason Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Jason
Guest

H2 console seems to only be available on servlet based servers, and webflux is using jetty which is not a servlet based server.

h2 no accessible