Can anyone suggest how to validate (coming from realiable source,not expired) JWT token coming in header in spring webflux

Question

Can anyone suggest how to validate (coming from realiable source,not expired) JWT token coming in header in spring boot webflux.

https://thomasandolf.medium.com/spring-security-jwts-getting-started-ebdb4e4f1dd1 — Toerktumlare, Sep 27 '22 at 17:32
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. — Community, Sep 27 '22 at 23:43

Vertigo · Answer 1 · 2022-09-27T10:25:36.123

0

Implement ServerSecurityContextRepository and override Mono<SecurityContext> load(ServerWebExchange exchange) method. Then extract the token from ServerWebExchange and perform validation.

And to use custom security context do:

@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
@RequiredArgsConstructor
public class BaseSecurityConfig implements WebFluxConfigurer {

    protected final ServerSecurityContextRepository serverSecurityContextRepository;

    protected ServerHttpSecurity basicSecurity(ServerHttpSecurity http) {
        return http.securityContextRepository(serverSecurityContextRepository)
        ...
    }
}

edited Sep 27 '22 at 10:25

answered Sep 27 '22 at 10:16

Vertigo

107
7

Vertigo I am very new to security part could you please help me with code that would be great help. – art Sep 27 '22 at 11:04
Take a look at the accepted answer here: https://stackoverflow.com/questions/47354171/spring-webflux-custom-authentication-for-api There are several approaches to it and custom ServerSecurityContextRepository is one of them ;) – Vertigo Sep 27 '22 at 11:29

Can anyone suggest how to validate (coming from realiable source,not expired) JWT token coming in header in spring webflux

1 Answers1