@startuml spring-security-ServerHttpSecurity
skinparam Shadowing false
skinparam class { 
    BackgroundColor White
}
hide empty members

class ServerHttpSecurity {
    + ServerHttpSecurity addFilterAt(WebFilter webFilter, SecurityWebFilterOrder order)
    + ServerHttpSecurity addFilterBefore(WebFilter webFilter, SecurityWebFilterOrder order)
    + ServerHttpSecurity addFilterAfter(WebFilter webFilter, SecurityWebFilterOrder order)
    + Csrf csrf()
    + Cors cors()
    + AnonymousSpec anonymous()
    + HttpBasicSpec httpBasic()
    + PasswordManagementSpec passwordManagement()
    + FormLoginSpec formLogin()
    + X509Spec x509()
    + OAuth2LoginSpec oauth2Login()
    + OAuth2ClientSpec oauth2Client()
    + OAuth2ResourceServerSpec oauth2ResourceServer()
    + HeaderSpec header()
    + ExceptionHandlingSpec exceptionHandling()
    + AuthorizeExchangeSpec authorizeExchange()
    + LogoutSpec logout()
    + RequestCacheSpec requestCache()
    + ServerHttpSecurity authenticationManager(ReactiveAuthenticationManager manager)
}

class AuthorizeExchangeSpec {
    + ServerHttpSecurity and()
    + Access anyExchange()
}

class Access {
    + AuthorizeExchangeSpec permitAll()
    + AuthorizeExchangeSpec denyAll()
    + AuthorizeExchangeSpec hasRole(String role)
    + AuthorizeExchangeSpec hasAnyRole(String... roles)
    + AuthorizeExchangeSpec hasAuthority(String authority)
    + AuthorizeExchangeSpec hasAnyAuthority(String... authorities)
    + AuthorizeExchangeSpec authenticated()
    + AuthorizeExchangeSpec access(ReactiveAuthenticationManager<AuthorizationContext> manager)
}

abstract AbstractServerWebExchangeMatcherRegistry<T> {
    + T anyExchange()
    + T pathMatchers(HttpMethod method)
    + T pathMatchers(HttpMethod method, String... paths)
    + T pathMatchers(String... paths)
    + T matchers(ServerWebExchangeMatcher... matchers)
}

class HttpBasicSpec {
    + HttpBasicSpec authenticationManager(ReactiveAuthenticationManager manager)
    + HttpBasicSpec securityContextRepository(ServerSecurityContentsRepository repository)
    + HttpBasicSpec authenticationEntryPoint(ServerAuthenticationEntryPoint entryPoint)
    + ServerHttpSecurity and()
    + ServerHttpSecurity disable()
}

class PasswordManagementSpec {
    + PasswordManagementSpec changePasswordPage(String path)
    + ServerHttpSecurity and()
}

class FormLoginSpec {
    + FormLoginSpec authenticationManager(ReactiveAuthenticationManager manager)
    + FormLoginSpec authenticationSuccessHandler(ServerAuthenticationSuccessHandler handler)
    + FormLoginSpec LoginPage(String path)
    + FormLoginSpec authenticationEntryPoint(ServerAuthenticationEntryPoint entryPoint)
    + FormLoginSpec requiresAuthenticationMatcher(ServerWebExchangeMatcher matcher)
    + FormLoginSpec authenticationFailureHandler(ServerAuthenticationFailureHandler handler)
    + FormLoginSpec securityContextRepository(ServerSecurityContextRepository repository)
    + ServerHttpSecurity and()
    + ServerHttpSecurity disable()
}

class AnonymousSpec {
    + AnonymousSpec key(String name)
    + AnonymousSpec principal(Object principal)
    + AnonymousSpec authorities(List<GrantedAuthority> authorities)
    + AnonymousSpec authorities(Stirng... authorities)
    + AnonymousSpec authenticationFilter(AnonymousAuthenticationWebFilter filter)
    + ServerHttpSecurity and()
    + ServerHttpSecurity disable()
}

class HeaderSpec {
    + ServerHttpSecurity and()
    + CacheSpec cache()
    + ContentTypeOptionsSpec contentTypeOptions()
    + FrameOptionsSpec frameOptions()
    + HeaderSpec writer(ServerHttpHeadersWriter writer)
    + HstsSpec hsts()
    + XssProtectionSpec xssProtection()
    + ContentSecurityPolicySpec contentSecurityPolicy(String policy)
    + PermissionPolicySpec permissionPolicy()
    + RefererPolicySpec refererPolicy()
}

class CacheSpec {
    + HeaderSpec disable()
}

class ContentTypeOptionsSpec {
    + HeaderSpec disable()
}

class HstsSpec {
    + HstsSpec maxAge(Duration duration)
    + HstsSpec includeSubdomains(boolean include)
    + HstsSpec preload(boolean preload)
    + HeaderSpec and()
    + HeaderSpec disable()
}

class XssProtectionSpec {
    + HeaderSpec disable()
}

class ContentSecurityPolicySpec {
    + HeaderSpec reportOnly(boolean report)
    + HeaderSpec policyDirectives(String policyDirective)
    + HeaderSpec and()
}

class PermissionPolicySpec {
    + PermissionPolicySpec policy(String policy)
    + HeaderSpec and()
}

class RefererPolicySpec {
    + RefererPolicySpec policy(RefererPolicy policy)
    + HeaderSpec and()
}

ServerHttpSecurity +-- AuthorizeExchangeSpec
AbstractServerWebExchangeMatcherRegistry <- AuthorizeExchangeSpec
AuthorizeExchangeSpec +-- Access
ServerHttpSecurity +-- HttpBasicSpec
PasswordManagementSpec -+ ServerHttpSecurity
ServerHttpSecurity +--- FormLoginSpec
ServerHttpSecurity +- AnonymousSpec
HeaderSpec --+ ServerHttpSecurity
CacheSpec --+ HeaderSpec
ContentTypeOptionsSpec --+ HeaderSpec
HstsSpec -+ HeaderSpec
XssProtectionSpec --+ HeaderSpec
HeaderSpec -+ ContentSecurityPolicySpec
PermissionPolicySpec --+ HeaderSpec
RefererPolicySpec --+ HeaderSpec

@enduml