franticticktick
commented
8 months ago You can use ReactiveAuthenticationManagerAdapter, what other API are you missing for your case?
Closed SkepticCoder closed 7 months ago
franticticktick
commented
8 months ago You can use ReactiveAuthenticationManagerAdapter, what other API are you missing for your case?
SkepticCoder
commented
8 months ago I mean I wanna to use Firewall API for Reactive stack. Not just for authentication
rwinch
commented
8 months ago The firewall is primarily to ensure consistency across servlet containers. However, the Spring team already manages consistency through the WebFlux API (Spring's WebFlux creates this) and thus that consistency can be maintained there. Is there a specific feature you are looking for that you are not finding?
SkepticCoder
commented
8 months ago @rwinch But I see configuration to protect from external input parameters at StrictHttpFirewall
Issue 10669 HttpFirewall interface for reactive applications #10669 (https://github.com/spring-projects/spring-security/issues/10669) I would like to have possibility to set up https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/web/firewall/StrictHttpFirewall.html to prevent vulnubiriteis with header and query parameters I mean global configuration Do you mean ServerWebExchangeUtils is already provides this functional? How to enable all settings?
marcusdacoregio
commented
7 months ago @SkepticCoder, as mentioned by Steve here, we would need an example that demonstrates whether an application can be vulnerable to some exploit. If there is an existing attack vector, please responsibly report the vulnerability.
I'll close this since there is no action issue and it has been already discussed in https://github.com/spring-projects/spring-security/issues/10669.
How to convert Http Api to Reactive Http API? It would be great if we have bridge between 2 APIs