Spring 5 + WebFlux Security + JWT tokens

7
votes

In a project where we use Spring Boot 2 starters + Spring 5.0.7 + Reactor (WebFlux), we'd like to implement security using Spring Security. Just including the starter:

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

And the bean:

@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http.authorizeExchange()
            .anyExchange().authenticated()
            .and().build();
    }

is more than enough.

However, we'd like to use JWT tokens (generated in another party, in a resource server) to intercept those Authorization headers. I've been struggling with this and I couldn't find any example for Spring 5 (whereas for Spring <5 there are many examples and tutorials).

Has anybody bumped across this problem?

1
spring-bootspring-securityjwtspring-webfluxproject-reactor
You can check medium.com/@ard333/…. The main idea is to install additional two beans into your springWebFilterChain: securityContextRepository and authenticationManager. SecurityContextRepository is the main place for handling your JWT (parsing, verifying...) and AuthenticationManager is just a simple check to mark the request as authenticated, at least I can see like that.nghiaht

1 Answers

5
votes

On August 29th a new Spring version was released: 5.1. This version fixes this problem. The commit implements this is this. The example of how to use it can be checked here.