Similar to authentication, the core concepts, in regard to authorization remains similar to what we have seen earlier in Spring MVC. However, the classes performing the operation have changed, and are, reactive and non-blocking. The following diagram shows the authorization-related main classes and their interactions in a Spring WebFlux application:
Figure 8: Authorization-related classes in a Spring WebFlux application
As we all know by now, Spring WebFlux security works on WebFilter
, and AuthorizationWebFilter
intercepts the request and uses ReactiveAuthorizationManager
to check whether the Authentication
object has access to a protected resource. ReactiveAuthorizationManager
has two methods, namely, check
(checks whether access is granted to an Authentication
object) and verify
(checks whether access has to be granted for an Authentication
object). In the event of any exception, ExceptionTranslationWebFilter
takes care of handling this by following the appropriate...