Spring security 5.1.0.Rc1 has come up with support for OAuth2 Resource Servers in webflux - https://spring.io/blog/2018/08/21/spring-security-5-1-0-rc1-released .
The example given here talks about Oauth2 based on JWT format . how can i configure a oauth2 resource server based and specify the token decoding uri .
In spring MVC i could use @EnableResourceServer and security.oauth2.resource.token-info-uri property . How would i do the same with webflux ?
I don't know if it actually worked with RC1 but with 2.1.0.M1 I could get it to work like this:
build.gradle:
repositories {
mavenCentral()
maven {
url 'https://repo.spring.io/libs-snapshot'
}
}
dependencyManagement {
imports {
mavenBom 'org.springframework.cloud:spring-cloud-gateway:2.1.0.M1'
}
}
dependencies {
compile 'org.springframework.boot:spring-boot-starter-security'
compile 'org.springframework.security:spring-security-oauth2-jose'
compile 'org.springframework.security:spring-security-oauth2-client'
compile 'org.springframework.security:spring-security-oauth2-resource-server'
}
application.yaml
spring:
security:
oauth2:
resourceserver:
jwt:
jwk-set-uri: http://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/certs
Also there's a sample at https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2resourceserver-webflux
