Spring 5 + WebFlux Security + JWT tokens

Question

In a project where we use Spring Boot 2 starters + Spring 5.0.7 + Reactor (WebFlux), we'd like to implement security using Spring Security. Just including the starter:

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

And the bean:

@Bean
SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
    return http.authorizeExchange()
            .anyExchange().authenticated()
            .and().build();
    }

is more than enough.

However, we'd like to use JWT tokens (generated in another party, in a resource server) to intercept those Authorization headers. I've been struggling with this and I couldn't find any example for Spring 5 (whereas for Spring <5 there are many examples and tutorials).

Has anybody bumped across this problem?

Answer 1

On August 29th a new Spring version was released: 5.1. This version fixes this problem. The commit implements this is this. The example of how to use it can be checked here.