I'm trying to add OAuth2 to WebFlux and can't find any working example.
To Implement own Authorization Server I use such code:
@EnableAuthorizationServer
@Configuration
public class ServerAuth extends AuthorizationServerConfigurerAdapter {
...
}
And my spring boot application stops working because inside AuthorizationServerConfigurerAdapter class there's usage of AuthorizationServerSecurityConfigurer which depends of javax.servlet.Filter but in the WebFlux application, there're no Servlet filters.
Also AuthorizationServerEndpointsConfigurer expects to be initialized with UserDetailsService (old non reactive api) not reactive UserDetailsRepository
Is it possible to use oauth2 in the current WebFlux application if yes could you show the example.
Thanks
OAuth 2.0 allows users to share specific data with an application while keeping their usernames, passwords, and other information private. For example, an application can use OAuth 2.0 to obtain permission from users to store files in their Google Drives. This OAuth 2.0 flow is called the implicit grant flow.
Spring Security OAuth2 − Implements the OAUTH2 structure to enable the Authorization Server and Resource Server. Spring Security JWT − Generates the JWT Token for Web security. Spring Boot Starter JDBC − Accesses the database to ensure the user is available or not. Spring Boot Starter Web − Writes HTTP endpoints.
springframework. boot:spring-boot-starter-oauth2-client . This includes Spring Security's OAuth 2.0 Client support and provides Spring Boot auto-configuration to set up OAuth2/Open ID Connect clients. You can read about how to configure client in the Spring Boot reference documentation.
User login into the system using basic authorization and login credentials. User will got token if user basic auth and login credentials is matched. Next, user send request to access data from service. the API gateway recive the request and check with authorization server.
Authorization server webflux support is yet to be implemented by the spring security team.
currently they have the resource server webflux support as the other answers mentioned. However, they mention here that they are working on Authorization server and based on this, it should be out soon:
The OAuth 2.0 support is currently underway in Spring Security 5 with new Client support. The plan is to also provide support for Resource Server by mid-2018 and Authorization Server by the end of 2018 or early 2019. Our goal is to provide extensive support for OAuth 2.0 Core and Extensions, OpenID Connect 1.0, and Javascript Object Signing and Encryption (JOSE).
source: https://spring.io/blog/2018/01/30/next-generation-oauth-2-0-support-with-spring-security
so for now we are stuck with the servlet OAuth2 server which if you use JWT tokens should be good enough if you ask me.
Cheers!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With