- SAP Community
- Products and Technology
- Technology
- Technology Q&A
- How to implement security in Java Spring Reactive ...
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Options
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
How to implement security in Java Spring Reactive (Webflux)?
gippy
Participant
Options
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 10-09-2023 5:28 AM
Does anyone have an example project with Java XSUAA security on the Spring Reactive app (Webflux)? Please help with it as it is not working for me. I am not sure if SAP CF Java libraries are compatible with the reactive framework. My project details are:
About the project
Java project built using Spring Reactive Webflux. It runs on a Netty server for non-blocking API calls.
API Definition: Using Router Functions
Main Pom Libs:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-webflux</artifactId> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <optional>true</optional> </dependency> <!-- Apache CMIS --> <dependency> <groupId>org.apache.chemistry.opencmis</groupId> <artifactId>chemistry-opencmis-client-impl</artifactId> <version>1.1.0</version> </dependency> <!-- Cloud SDK --> <dependency> <groupId>com.sap.cds</groupId> <artifactId>cds-starter-cloudfoundry</artifactId> <version>2.3.0</version> </dependency>Security Config:
import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.core.annotation.Order;import org.springframework.http.HttpMethod;import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;import org.springframework.security.config.web.server.ServerHttpSecurity;import org.springframework.security.web.server.SecurityWebFilterChain;@Configuration@EnableWebFluxSecurity@Order(1)public class SecurityConfiguration {
@Bean public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) { http .authorizeExchange(exchanges -> exchanges .pathMatchers(HttpMethod.GET, "/public/**").permitAll() .pathMatchers("/protected/**").authenticated());
return http.build(); }
}
Issue: On accessing application locally via approuter still takes to Spring default login screen.
Maven Dependency Tree
[INFO] au.com.nutrien:dmsmiddleware-reactive:jar:0.0.1-SNAPSHOT
[INFO] +- org.springframework.boot:spring-boot-starter-webflux:jar:3.1.3:compile
[INFO] | +- org.springframework.boot:spring-boot-starter:jar:3.1.3:compile
[INFO] | | +- org.springframework.boot:spring-boot:jar:3.1.3:compile
[INFO] | | | \- org.springframework:spring-context:jar:6.0.11:compile
[INFO] | | +- org.springframework.boot:spring-boot-autoconfigure:jar:3.1.3:compile
[INFO] | | +- org.springframework.boot:spring-boot-starter-logging:jar:3.1.3:compile
[INFO] | | | +- ch.qos.logback:logback-classic:jar:1.4.11:compile
[INFO] | | | | \- ch.qos.logback:logback-core:jar:1.4.11:compile
[INFO] | | | +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.20.0:compile
[INFO] | | | | \- org.apache.logging.log4j:log4j-api:jar:2.20.0:compile
[INFO] | | | \- org.slf4j:jul-to-slf4j:jar:2.0.7:compile
[INFO] | | +- jakarta.annotation:jakarta.annotation-api:jar:2.1.1:compile
[INFO] | | +- org.springframework:spring-core:jar:6.0.11:compile
[INFO] | | | \- org.springframework:spring-jcl:jar:6.0.11:compile
[INFO] | | \- org.yaml:snakeyaml:jar:1.33:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-json:jar:3.1.3:compile
[INFO] | | +- com.fasterxml.jackson.core:jackson-databind:jar:2.15.2:compile
[INFO] | | | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.15.2:compile
[INFO] | | | \- com.fasterxml.jackson.core:jackson-core:jar:2.15.2:compile
[INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.15.2:compile
[INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.15.2:compile
[INFO] | | \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.15.2:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-reactor-netty:jar:3.1.3:compile
[INFO] | | \- io.projectreactor.netty:reactor-netty-http:jar:1.1.10:compile
[INFO] | | +- io.netty:netty-codec-http:jar:4.1.97.Final:compile
[INFO] | | | +- io.netty:netty-common:jar:4.1.97.Final:compile
[INFO] | | | +- io.netty:netty-buffer:jar:4.1.97.Final:compile
[INFO] | | | +- io.netty:netty-transport:jar:4.1.97.Final:compile
[INFO] | | | +- io.netty:netty-codec:jar:4.1.97.Final:compile
[INFO] | | | \- io.netty:netty-handler:jar:4.1.97.Final:compile
[INFO] | | +- io.netty:netty-codec-http2:jar:4.1.97.Final:compile
[INFO] | | +- io.netty:netty-resolver-dns:jar:4.1.97.Final:compile
[INFO] | | | +- io.netty:netty-resolver:jar:4.1.97.Final:compile
[INFO] | | | \- io.netty:netty-codec-dns:jar:4.1.97.Final:compile
[INFO] | | +- io.netty:netty-resolver-dns-native-macos:jar:osx-x86_64:4.1.97.Final:compile
[INFO] | | | \- io.netty:netty-resolver-dns-classes-macos:jar:4.1.97.Final:compile
[INFO] | | +- io.netty:netty-transport-native-epoll:jar:linux-x86_64:4.1.97.Final:compile
[INFO] | | | +- io.netty:netty-transport-native-unix-common:jar:4.1.97.Final:compile
[INFO] | | | \- io.netty:netty-transport-classes-epoll:jar:4.1.97.Final:compile
[INFO] | | \- io.projectreactor.netty:reactor-netty-core:jar:1.1.10:compile
[INFO] | | \- io.netty:netty-handler-proxy:jar:4.1.97.Final:compile
[INFO] | | \- io.netty:netty-codec-socks:jar:4.1.97.Final:compile
[INFO] | +- org.springframework:spring-web:jar:6.0.11:compile
[INFO] | | +- org.springframework:spring-beans:jar:6.0.11:compile
[INFO] | | \- io.micrometer:micrometer-observation:jar:1.11.3:compile
[INFO] | | \- io.micrometer:micrometer-commons:jar:1.11.3:compile
[INFO] | \- org.springframework:spring-webflux:jar:6.0.11:compile
[INFO] +- org.projectlombok:lombok:jar:1.18.28:compile
[INFO] +- org.apache.chemistry.opencmis:chemistry-opencmis-client-impl:jar:1.1.0:compile
[INFO] | +- org.apache.chemistry.opencmis:chemistry-opencmis-client-api:jar:1.1.0:compile
[INFO] | +- org.apache.chemistry.opencmis:chemistry-opencmis-commons-api:jar:1.1.0:compile
[INFO] | +- org.apache.chemistry.opencmis:chemistry-opencmis-commons-impl:jar:1.1.0:compile
[INFO] | | \- org.codehaus.woodstox:woodstox-core-asl:jar:4.4.1:compile
[INFO] | | \- org.codehaus.woodstox:stax2-api:jar:3.1.4:compile
[INFO] | +- org.apache.chemistry.opencmis:chemistry-opencmis-client-bindings:jar:1.1.0:compile
[INFO] | +- org.apache.cxf:cxf-rt-frontend-jaxws:jar:3.0.12:compile
[INFO] | | +- xml-resolver:xml-resolver:jar:1.2:compile
[INFO] | | +- asm:asm:jar:3.3.1:compile
[INFO] | | +- org.apache.cxf:cxf-core:jar:3.0.12:compile
[INFO] | | | \- org.apache.ws.xmlschema:xmlschema-core:jar:2.2.1:compile
[INFO] | | +- org.apache.cxf:cxf-rt-bindings-soap:jar:3.0.12:compile
[INFO] | | | +- org.apache.cxf:cxf-rt-wsdl:jar:3.0.12:compile
[INFO] | | | \- org.apache.cxf:cxf-rt-databinding-jaxb:jar:3.0.12:compile
[INFO] | | | +- com.sun.xml.bind:jaxb-impl:jar:4.0.3:compile
[INFO] | | | \- com.sun.xml.bind:jaxb-core:jar:4.0.3:compile
[INFO] | | | +- jakarta.xml.bind:jakarta.xml.bind-api:jar:4.0.0:compile
[INFO] | | | | \- jakarta.activation:jakarta.activation-api:jar:2.1.2:compile
[INFO] | | | \- org.eclipse.angus:angus-activation:jar:2.0.1:runtime
[INFO] | | +- org.apache.cxf:cxf-rt-bindings-xml:jar:3.0.12:compile
[INFO] | | +- org.apache.cxf:cxf-rt-frontend-simple:jar:3.0.12:compile
[INFO] | | \- org.apache.cxf:cxf-rt-ws-addr:jar:3.0.12:compile
[INFO] | +- org.apache.cxf:cxf-rt-transports-http:jar:3.0.12:compile
[INFO] | +- org.apache.cxf:cxf-rt-ws-policy:jar:3.0.12:compile
[INFO] | | +- wsdl4j:wsdl4j:jar:1.6.3:compile
[INFO] | | \- org.apache.neethi:neethi:jar:3.0.3:compile
[INFO] | \- org.slf4j:slf4j-api:jar:2.0.7:compile
[INFO] +- com.sap.cds:cds-starter-cloudfoundry:jar:2.3.0:compile
[INFO] | +- com.sap.cds:cds-feature-hana:jar:2.3.0:compile
[INFO] | | +- com.sap.cds:cds-services-api:jar:2.3.0:compile
[INFO] | | | +- com.sap.cds:cds4j-api:jar:2.3.0:compile
[INFO] | | | \- com.sap.cloud.environment.servicebinding.api:java-core-api:jar:0.10.0:compile
[INFO] | | +- com.sap.cds:cds-services-utils:jar:2.3.0:compile
[INFO] | | | +- com.sap.cds:cds4j-core:jar:2.3.0:compile
[INFO] | | | +- org.apache.commons:commons-lang3:jar:3.12.0:compile
[INFO] | | | +- com.sap.cloud.security.xsuaa:token-client:jar:3.1.3:compile
[INFO] | | | \- com.sap.cloud.mt:tools:jar:2.3.0:compile
[INFO] | | \- com.sap.cloud.db.jdbc:ngdbc:jar:2.17.12:compile
[INFO] | +- com.sap.cds:cds-feature-mt:jar:2.3.0:compile
[INFO] | | +- com.sap.cds:cds-adapter-api:jar:2.3.0:compile
[INFO] | | +- com.sap.cds:cds-integration-cloud-sdk:jar:2.3.0:compile
[INFO] | | | +- com.sap.cloud.sdk.cloudplatform:tenant:jar:4.24.0:compile
[INFO] | | | | +- com.sap.cloud.sdk.cloudplatform:cloudplatform-core:jar:4.24.0:compile
[INFO] | | | | \- io.vavr:vavr:jar:0.10.4:compile
[INFO] | | | | \- io.vavr:vavr-match:jar:0.10.4:compile
[INFO] | | | +- com.sap.cloud.sdk.cloudplatform:security:jar:4.24.0:compile
[INFO] | | | | \- com.auth0:java-jwt:jar:4.4.0:compile
[INFO] | | | +- com.sap.cloud.sdk.frameworks:resilience4j:jar:4.24.0:compile
[INFO] | | | | +- com.sap.cloud.sdk.cloudplatform:resilience:jar:4.24.0:compile
[INFO] | | | | +- com.sap.cloud.sdk.cloudplatform:caching:jar:4.24.0:compile
[INFO] | | | | +- org.slf4j:jcl-over-slf4j:jar:2.0.7:runtime
[INFO] | | | | +- io.github.resilience4j:resilience4j-circuitbreaker:jar:1.7.1:compile
[INFO] | | | | | \- io.github.resilience4j:resilience4j-core:jar:1.7.1:compile
[INFO] | | | | +- io.github.resilience4j:resilience4j-bulkhead:jar:1.7.1:compile
[INFO] | | | | +- io.github.resilience4j:resilience4j-timelimiter:jar:1.7.1:compile
[INFO] | | | | +- io.github.resilience4j:resilience4j-retry:jar:1.7.1:compile
[INFO] | | | | +- io.github.resilience4j:resilience4j-ratelimiter:jar:1.7.1:compile
[INFO] | | | | \- javax.cache:cache-api:jar:1.1.1:compile
[INFO] | | | +- com.sap.cloud.sdk.cloudplatform:cloudplatform-connectivity:jar:4.24.0:compile
[INFO] | | | | +- com.mikesamuel:json-sanitizer:jar:1.2.3:compile
[INFO] | | | | +- org.apache.httpcomponents:httpcore:jar:4.4.16:compile
[INFO] | | | | +- org.bouncycastle:bcprov-jdk18on:jar:1.76:compile
[INFO] | | | | \- org.bouncycastle:bcpkix-jdk18on:jar:1.76:compile
[INFO] | | | | \- org.bouncycastle:bcutil-jdk18on:jar:1.76:compile
[INFO] | | | \- com.sap.cloud.sdk.cloudplatform:connectivity-oauth:jar:4.24.0:compile
[INFO] | | | \- com.sap.cloud.environment.servicebinding.api:java-consumption-api:jar:0.10.0:compile
[INFO] | | +- com.sap.cds:cds-services-impl:jar:2.3.0:runtime
[INFO] | | | +- com.sap.cds:cds-services-messaging:jar:2.3.0:runtime
[INFO] | | | | \- jakarta.jms:jakarta.jms-api:jar:3.1.0:runtime
[INFO] | | | +- com.sap.cloud.environment.servicebinding.api:java-access-api:jar:0.10.0:compile
[INFO] | | | +- org.apache.commons:commons-csv:jar:1.10.0:runtime
[INFO] | | | \- io.opentelemetry:opentelemetry-api:jar:1.25.0:runtime
[INFO] | | | \- io.opentelemetry:opentelemetry-context:jar:1.25.0:runtime
[INFO] | | +- com.sap.cloud.mt:cds-mtx:jar:2.3.0:compile
[INFO] | | | +- com.google.guava:guava:jar:32.1.2-jre:compile
[INFO] | | | | +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] | | | | +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] | | | | +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] | | | | +- org.checkerframework:checker-qual:jar:3.33.0:compile
[INFO] | | | | +- com.google.errorprone:error_prone_annotations:jar:2.18.0:compile
[INFO] | | | | \- com.google.j2objc:j2objc-annotations:jar:2.8:compile
[INFO] | | | \- commons-io:commons-io:jar:2.13.0:compile
[INFO] | | +- com.sap.cloud.mt:multi-tenant-runtime:jar:2.3.0:compile
[INFO] | | \- com.sap.cloud.mt:multi-tenant-subscription:jar:2.3.0:compile
[INFO] | | \- com.sap.cloud.instancemanager:client:jar:3.13.0:compile
[INFO] | | +- commons-codec:commons-codec:jar:1.15:compile
[INFO] | | +- com.google.code.gson:gson:jar:2.10.1:compile
[INFO] | | \- com.sap.hcp.cf.logging:cf-java-logging-support-logback:jar:3.6.3:compile
[INFO] | | \- com.sap.hcp.cf.logging:cf-java-logging-support-core:jar:3.6.3:compile
[INFO] | | \- com.fasterxml.jackson.jr:jackson-jr-objects:jar:2.15.2:compile
[INFO] | +- com.sap.cds:cds-feature-cloudfoundry:jar:2.3.0:compile
[INFO] | | \- com.sap.cloud.environment.servicebinding:java-sap-vcap-services:jar:0.10.0:compile
[INFO] | | \- org.json:json:jar:20230618:compile
[INFO] | +- com.sap.cds:cds-feature-xsuaa:jar:2.3.0:compile
[INFO] | +- com.sap.cds:cds-feature-identity:jar:2.3.0:compile
[INFO] | | +- com.sap.cloud.security:java-api:jar:3.1.3:compile
[INFO] | | \- com.sap.cloud.security:java-security:jar:3.1.3:compile
[INFO] | | \- com.sap.cloud.security:env:jar:3.1.3:compile
[INFO] | | | \- com.nimbusds:nimbus-jose-jwt:jar:9.31:compile
[INFO] | | | \- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] | | \- org.springframework.security:spring-security-oauth2-resource-server:jar:6.1.3:compile
[INFO] | +- com.sap.cloud.security:resourceserver-security-spring-boot-starter:jar:3.1.3:compile
[INFO] | | \- com.sap.cloud.security:spring-security:jar:3.1.3:compile
[INFO] | \- org.springframework.boot:spring-boot-starter-security:jar:3.1.3:compile
[INFO] | +- org.springframework:spring-aop:jar:6.0.11:compile
[INFO] | +- org.springframework.security:spring-security-config:jar:6.1.3:compile
[INFO] | \- org.springframework.security:spring-security-web:jar:6.1.3:compile
[INFO] | \- org.springframework:spring-expression:jar:6.0.11:compile
[INFO] \- io.projectreactor:reactor-test:jar:3.5.9:test
[INFO] \- io.projectreactor:reactor-core:jar:3.5.9:compile
[INFO] \- org.reactivestreams:reactive-streams:jar:1.0.4:compile<br>- SAP Managed Tags:
- Java,
- SAP BTP, Cloud Foundry runtime and environment,
- SAP Business Technology Platform
Accepted Solutions (0)
Answers (0)
Ask a Question
Related Content
- Create Data Products with SAP Datasphere Marketplace in Technology Blogs by Members
- Introducing new type of Data Access Control "Operator and Value" for SAP Datasphere in Technology Blogs by SAP
- Unable to run a Python Flask app on BTP with X-CSRF token requirement in Technology Q&A
- Open Sourcing the SAP Cloud SDK for Java: Part 2 - Moving Code in Technology Blogs by SAP
- Rapid Reload: Accelerating AI Development Cycles on SAP AI Core in Technology Blogs by SAP
Top Q&A Solution Author
| User | Count |
|---|---|
| 85 | |
| 11 | |
| 8 | |
| 7 | |
| 7 | |
| 6 | |
| 6 | |
| 6 | |
| 6 | |
| 5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.