Spring Security Ability to set WebFlux httpBasic ServerAuthenticationSuccessHandler

Expected Behavior

Ability to set the ServerAuthenticationSuccessHandler via the WebFlux httpBasic builder.

@Bean public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) { http .httpBasic(httpBasicSpec -> httpBasicSpec .authenticationSuccessHandler(new CustomServerAuthenticationSuccess()) .authenticationEntryPoint(new CustomServerAuthenticationEntryPoint())).build() }

Current Behavior

I can not use a different ServerAuthenticationSuccessHandler when using the WebFlux httpBasic builder as this method is not exposed.

Context

Comment From: jgrandja

@vnobo HttpSecurity.httpBasic() and ServerHttpSecurity.httpBasic() are aligned with the configuration options that are exposed.

ServerHttpSecurity.httpBasic() configures an AuthenticationWebFilter, which is composed of a ServerAuthenticationSuccessHandler and ServerAuthenticationFailureHandler.

However, HttpSecurity.httpBasic() configures a BasicAuthenticationFilter, which is NOT composed of an AuthenticationSuccessHandler or AuthenticationFailureHandler.

I don't think we'll expose this in ServerHttpSecurity.httpBasic() as this would misalign the configuration options.

I'd like to better understand why you need to configure ServerAuthenticationSuccessHandler? Can you please provide details on your use case?

Have you considered using ServerHttpSecurity.fromLogin() instead? ...as it exposes both authenticationSuccessHandler() and authenticationFailureHandler().

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.