Book Image

Hands-On Spring Security 5 for Reactive Applications

By : Tomcy John
Book Image

Hands-On Spring Security 5 for Reactive Applications

By: Tomcy John

Overview of this book

Spring Security enables developers to seamlessly integrate authorization, authentication, and a range of security features for complex enterprise applications. This book provides a hands-on approach to developing reactive applications using Spring and will help you get up and running in no time. Complete with step-by-step explanations, practical examples, and self-assessment questions, the book begins by explaining the essential concepts of reactive programming, Spring Framework, and Spring Security. You’ll then learn about a variety of authentication mechanisms and how to integrate them easily with a Spring MVC application. You’ll also understand how to achieve authorization in a Spring WebFlux application using Spring Security. Furthermore, the book will take you through the configuration required to implement OAuth2 for securing REST APIs, and guide you in integrating security in microservices and serverless applications. Finally, you’ll be able to augment add-ons that will enhance any Spring Security module. By the end of the book, you’ll be equipped to integrate Spring Security into your Java enterprise applications proficiently.
Table of Contents (15 chapters)
Title Page
Copyright and Credits
Packt Upsell

Spring WebFlux authentication architecture

With the core Spring WebFlux concepts covered, we will now get into the crux of this chapter; introducing you to Spring Security for Spring WebFlux based reactive web applications.

As seen earlier, Spring Security in Spring MVC web applications is based on ServletFilter, and for Spring WebFlux, it is based on WebFilter:

Figure 6: Spring MVC and Spring WebFlux authentication approach

We saw Spring Security in detail in Spring MVC web applications in previous chapters. We will now look at the inner details of Spring Security authentication for a Spring WebFlux based web application. The following diagram shows the interaction of various classes when an authentication process kicks in for a WebFlux application:

Figure 7: Spring WebFlux authentication architecture

The preceding diagram is quite self-explanatory, and is very similar to what you saw earlier for Spring MVC. The core difference is that ServletFilter is now replaced with WebFilter, and we have...