Can anyone suggest how to validate (coming from realiable source,not expired) JWT token coming in header in spring boot webflux.
Asked
Active
Viewed 131 times
-1
-
https://thomasandolf.medium.com/spring-security-jwts-getting-started-ebdb4e4f1dd1 – Toerktumlare Sep 27 '22 at 17:32
-
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. – Community Sep 27 '22 at 23:43
1 Answers
0
Implement ServerSecurityContextRepository
and override Mono<SecurityContext> load(ServerWebExchange exchange)
method.
Then extract the token from ServerWebExchange
and perform validation.
And to use custom security context do:
@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
@RequiredArgsConstructor
public class BaseSecurityConfig implements WebFluxConfigurer {
protected final ServerSecurityContextRepository serverSecurityContextRepository;
protected ServerHttpSecurity basicSecurity(ServerHttpSecurity http) {
return http.securityContextRepository(serverSecurityContextRepository)
...
}
}

Vertigo
- 107
- 7
-
Vertigo I am very new to security part could you please help me with code that would be great help. – art Sep 27 '22 at 11:04
-
Take a look at the accepted answer here: https://stackoverflow.com/questions/47354171/spring-webflux-custom-authentication-for-api There are several approaches to it and custom ServerSecurityContextRepository is one of them ;) – Vertigo Sep 27 '22 at 11:29