-1

Can anyone suggest how to validate (coming from realiable source,not expired) JWT token coming in header in spring boot webflux.

art
  • 1

1 Answers1

0

Implement ServerSecurityContextRepository and override Mono<SecurityContext> load(ServerWebExchange exchange) method. Then extract the token from ServerWebExchange and perform validation.

And to use custom security context do:

@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
@RequiredArgsConstructor
public class BaseSecurityConfig implements WebFluxConfigurer {

    protected final ServerSecurityContextRepository serverSecurityContextRepository;

    protected ServerHttpSecurity basicSecurity(ServerHttpSecurity http) {
        return http.securityContextRepository(serverSecurityContextRepository)
        ...
    }
}
Vertigo
  • 107
  • 7
  • Vertigo I am very new to security part could you please help me with code that would be great help. – art Sep 27 '22 at 11:04
  • Take a look at the accepted answer here: https://stackoverflow.com/questions/47354171/spring-webflux-custom-authentication-for-api There are several approaches to it and custom ServerSecurityContextRepository is one of them ;) – Vertigo Sep 27 '22 at 11:29