Implementation of Security with Spring Security and Spring WebFlux
Below are the implementation steps to secure the Spring WebFlux application with Spring Security.
Step 1: Create the Spring Project
Create a new Spring Boot project using Spring Initializr and add required dependencies,
- Spring Reactive Web
- Spring Security
- Lombok
- Spring DevTools
After the project creation done, the folder structure will be like below:.
Step 2: Configure the Application properties
Open the application.properties file and add the configuration for the application name and server port.
spring.application.name=spring-webflux-security
server.port=8080
Step 3: Create the Security Configuration class.
Now, we will create the SecurityConfig class to configure Spring Security. Go src > org.example.springwebfluxsecurity > SecurityConfig and put the below code.
package org.example.springwebfluxsecurity;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;
@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
http
.authorizeExchange()
.pathMatchers("/public/**").permitAll()
.anyExchange().authenticated()
.and()
.httpBasic()
.and()
.formLogin();
return http.build();
}
@Bean
public MapReactiveUserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new MapReactiveUserDetailsService(user);
}
}
Step 4: Create the Controller class.
We will create one controller class named HomeController, that will create the secure REST API. Go src > org.example.springwebfluxsecurity > HomeController and add the below code.
package org.example.springwebfluxsecurity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import reactor.core.publisher.Mono;
@RestController
public class HelloController {
@GetMapping("/public/hello")
public Mono<String> publicHello() {
return Mono.just("Hello, this is a public endpoint!");
}
@GetMapping("/private/hello")
public Mono<String> privateHello() {
return Mono.just("Hello, this is a private endpoint!");
}
}
Step 5: Main Class(No Changes are required)
Go src > org.example.springwebfluxsecurity > SpringWebFluxSecurityApplication and see the below code.
package org.example.springwebfluxsecurity;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringWebfluxSecurityApplication {
public static void main(String[] args) {
SpringApplication.run(SpringWebfluxSecurityApplication.class, args);
}
}
Step 6: Run the Application
Now, we will run our application and it will start at port 8080.
Step 7: Testing the Application
Public Endpoint:
http://localhost:8080/public/hello
Output:
Private Endpoint:
http://localhost:8080/private/hello
Output:
Once we enter the user credentials of the application then it redirects to the private endpoint.
Security with Spring Security and Spring Webflux
Spring WebFlux is a part of the Spring Framework that supports reactive programming, enabling non-blocking asynchronous request handling. When developing web applications with Spring WebFlux, securing the application is a crucial aspect to ensure unauthorized access is prevented. This article provides a comprehensive example of integrating Spring Security with Spring WebFlux to secure web applications.
Spring Security provides a robust framework for securing Java applications, including support for authentication and authorization. Integrating Spring Security with Spring WebFlux involves configuring security filters, defining user roles, and setting up authentication mechanisms such as form login and basic authentication.