Horje
Security with Spring Security and Spring Webflux

Spring WebFlux is a part of the Spring Framework that supports reactive programming, enabling non-blocking asynchronous request handling. When developing web applications with Spring WebFlux, securing the application is a crucial aspect to ensure unauthorized access is prevented. This article provides a comprehensive example of integrating Spring Security with Spring WebFlux to secure web applications.

Spring Security provides a robust framework for securing Java applications, including support for authentication and authorization. Integrating Spring Security with Spring WebFlux involves configuring security filters, defining user roles, and setting up authentication mechanisms such as form login and basic authentication.

Implementation of Security with Spring Security and Spring WebFlux

Below are the implementation steps to secure the Spring WebFlux application with Spring Security.

Step 1: Create the Spring Project

Create a new Spring Boot project using Spring Initializr and add required dependencies,

  • Spring Reactive Web
  • Spring Security
  • Lombok
  • Spring DevTools

After the project creation done, the folder structure will be like below:.

Project Structure


Step 2: Configure the Application properties

Open the application.properties file and add the configuration for the application name and server port.

spring.application.name=spring-webflux-security
server.port=8080


Step 3: Create the Security Configuration class.

Now, we will create the SecurityConfig class to configure Spring Security. Go src > org.example.springwebfluxsecurity > SecurityConfig and put the below code.

Java 
package org.example.springwebfluxsecurity;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;

@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
        http
                .authorizeExchange()
                .pathMatchers("/public/**").permitAll()
                .anyExchange().authenticated()
                .and()
                .httpBasic()
                .and()
                .formLogin();

        return http.build();
    }

    @Bean
    public MapReactiveUserDetailsService userDetailsService() {
        UserDetails user = User.withDefaultPasswordEncoder()
                .username("user")
                .password("password")
                .roles("USER")
                .build();
        return new MapReactiveUserDetailsService(user);
    }
}


Step 4: Create the Controller class.

We will create one controller class named HomeController, that will create the secure REST API. Go src > org.example.springwebfluxsecurity > HomeController and add the below code.

Java 
package org.example.springwebfluxsecurity;


import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import reactor.core.publisher.Mono;

@RestController
public class HelloController {

    @GetMapping("/public/hello")
    public Mono<String> publicHello() {
        return Mono.just("Hello, this is a public endpoint!");
    }

    @GetMapping("/private/hello")
    public Mono<String> privateHello() {
        return Mono.just("Hello, this is a private endpoint!");
    }
}


Step 5: Main Class(No Changes are required)

Go src > org.example.springwebfluxsecurity > SpringWebFluxSecurityApplication and see the below code.

Java 
package org.example.springwebfluxsecurity;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SpringWebfluxSecurityApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringWebfluxSecurityApplication.class, args);
    }
}


Step 6: Run the Application

Now, we will run our application and it will start at port 8080.

securitywebfluxlog-compressed


Step 7: Testing the Application

Public Endpoint:

http://localhost:8080/public/hello

Output:

public Output


Private Endpoint:

http://localhost:8080/private/hello

Output:

Login Page


Once we enter the user credentials of the application then it redirects to the private endpoint.

private endpoint Output



 


Reffered: https://www.geeksforgeeks.org

Advance Java

Related
How to Convert a Maven Project into Library to use it as Dependency? How to Convert a Maven Project into Library to use it as Dependency?
Building a Java Project with Maven Building a Java Project with Maven
Running a Single Test or Method With Maven Running a Single Test or Method With Maven
What is Maven? What is Maven?
Maven - External Dependencies Maven - External Dependencies

Type:
 Geek
Category:
 Coding
Sub Category:
 Tutorial
Uploaded by:
 Admin
Views:
 11



 

Horje