Support ServerWebExchangeFirewall @Bean #15974
Description
Spring Security does not use the ServerWebExchangeFirewall Bean when exposed.
We should fix this, but in the meantime users can leverage a BeanPostProcessor approach.
@Bean BeanPostProcessor beanPostProcessor() { return new BeanPostProcessor() { @Override public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { if (bean instanceof WebFilterChainProxy) { WebFilterChainProxy springSecurity = (WebFilterChainProxy) bean; springSecurity.setFirewall(ServerWebExchangeFirewall.INSECURE_NOOP); } return bean; } }; }