Package com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver

Class ReactiveSpringAddonsOidcResourceServerBeans

java.lang.Object
com.c4_soft.springaddons.security.oidc.starter.reactive.resourceserver.ReactiveSpringAddonsOidcResourceServerBeans
@Conditional({IsOidcResourceServerCondition.class,IsNotServlet.class}) @EnableWebFluxSecurity @AutoConfiguration @ImportAutoConfiguration(ReactiveSpringAddonsOidcBeans.class) public class ReactiveSpringAddonsOidcResourceServerBeans extends Object

Usage
If not using spring-boot, @Import or @ComponentScan this class. All beans defined here are @ConditionalOnMissingBean => just define your own @Beans to override.

Provided @Beans

  • SecurityWebFilterChain: applies CORS, CSRF, anonymous, sessionCreationPolicy, SSL redirect and 401 instead of redirect to login properties as defined in SpringAddonsOidcProperties
  • AuthorizeExchangeSpecPostProcessor. Override if you need fined grained HTTP security (more than authenticated() to all routes but the ones defined as permitAll() in SpringAddonsOidcProperties
  • Jwt2AuthoritiesConverter: responsible for converting the JWT into Collection<? extends GrantedAuthority>
  • ReactiveJwt2OpenidClaimSetConverter<T extends Map<String, Object> & Serializable>: responsible for converting the JWT into a claim-set of your choice (OpenID or not)
  • ReactiveJwt2AuthenticationConverter<OAuthentication<T extends OpenidClaimSet>>: responsible for converting the JWT into an Authentication (uses both beans above)
  • ReactiveAuthenticationManagerResolver: required to be able to define more than one token issuer until https://github.com/spring-projects/spring-boot/issues/30108 is solved
Author:
Jerome Wacongne ch4mp@c4-soft.com

  • Constructor Details

    • ReactiveSpringAddonsOidcResourceServerBeans

      public ReactiveSpringAddonsOidcResourceServerBeans()