spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard
verified publisher icon spring-projects

Spring Webflux - cannot get PreAuthortize to work (using Kotlin)

Open dreamstar-enterprises opened this issue 1 year ago • 3 comments

Please see here >>

https://stackoverflow.com/questions/78698990/spring-webflux-preauthorize-not-working-work-using-kotlin

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior.

Expected behavior A clear and concise description of what you expected to happen.

Sample

A link to a GitHub repository with a minimal, reproducible sample.

Reports that include a sample will take priority over reports that do not. At times, we may require a sample, so it is good to try and include a sample up front.

dreamstar-enterprises avatar Jul 02 '24 20:07 dreamstar-enterprises

Seems like this is still an issue: https://github.com/spring-projects/spring-security/issues/12080

dreamstar-enterprises avatar Jul 03 '24 17:07 dreamstar-enterprises

I've tested this multiple times, and still cannot get this to work..

https://stackoverflow.com/questions/78698990/spring-webflux-spring-security-preauthorize-not-working-work-using-kotlin

dreamstar-enterprises avatar Jul 04 '24 18:07 dreamstar-enterprises

The one case where it does work is if I put pre-authorize on the controller, but it all other cases, it doesn't work.

dreamstar-enterprises avatar Jul 04 '24 18:07 dreamstar-enterprises

Thanks for the StackOverflow link, @dreamstar-enterprises. It looks like you got some support from the community; since there is no accepted answer yet, I will periodically check the question for any additional developments.

jzheaux avatar Jul 18 '24 17:07 jzheaux

Thank you.

For the above no matter what I did, I couldn't get it to work with co-routines, so I ended up creating a layer between the Server, and Controller, that converted the suspend functions into a Mono, and then changing all functions in my Controllers to a Mono : (

I do wish there was just ONE comprehensive guide that explained how to connect:

  1. Angular (User Agent)
  2. Spring Client Auth (BFF)
  3. Spring Auth Server (Stateless if possible, using Opaque Tokens)
  4. Spring Resource Server (Rest Statless, but with a caching strategy of the Authentication Objects, so the introspection endpoint isn't queried on every request)

And how to host the Spring Servers, where and how to use Spring Gateway or Spring Session / Redis

I've spent 6 weeks on this, but really do feel I haven't go very far : (

Thanks for the help so far though. Do you do consultancy work? I have a small budget.

dreamstar-enterprises avatar Jul 18 '24 17:07 dreamstar-enterprises