You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Some of the controllers return a ResponseEntity<Flux<...>> object. This makes the whole call asynchronous which then leads to the problem that the SecurityFilterChain loses the authentication information.
Normally this is mitigated by enabling @EnableWebFluxSecurity - but this breaks mvc applications.
To Reproduce
Steps to reproduce the behavior:
use mvc application and create SecurityFilterChain that requires login, then try to protect ff4j REST calls
Expected behavior
when logged in with ROLE_ADMIN then access to /api/ff4j/** should be granted.
Actual behaviour is that access is always denied because of webflux usage in the ff4j rest apis
this worked in pre 2.x versions
The text was updated successfully, but these errors were encountered:
Describe the bug
Some of the controllers return a
ResponseEntity<Flux<...>>object. This makes the whole call asynchronous which then leads to the problem that the SecurityFilterChain loses the authentication information.Normally this is mitigated by enabling
@EnableWebFluxSecurity- but this breaks mvc applications.To Reproduce
Steps to reproduce the behavior:
use mvc application and create SecurityFilterChain that requires login, then try to protect ff4j REST calls
Expected behavior
when logged in with ROLE_ADMIN then access to
/api/ff4j/**should be granted.Actual behaviour is that access is always denied because of webflux usage in the ff4j rest apis
this worked in pre 2.x versions
The text was updated successfully, but these errors were encountered: