How can i configure oauth2 resourceserver for spring webflux app?

Question

Spring security 5.1.0.Rc1 has come up with support for OAuth2 Resource Servers in webflux - https://spring.io/blog/2018/08/21/spring-security-5-1-0-rc1-released .

The example given here talks about Oauth2 based on JWT format . how can i configure a oauth2 resource server based and specify the token decoding uri .

In spring MVC i could use @EnableResourceServer and security.oauth2.resource.token-info-uri property . How would i do the same with webflux ?

Answer 1

I don't know if it actually worked with RC1 but with 2.1.0.M1 I could get it to work like this:

build.gradle:

repositories {
    mavenCentral()
    maven {
        url 'https://repo.spring.io/libs-snapshot'
    }
}

dependencyManagement {
    imports {
        mavenBom 'org.springframework.cloud:spring-cloud-gateway:2.1.0.M1'
    }
}

dependencies {
    compile 'org.springframework.boot:spring-boot-starter-security'

    compile 'org.springframework.security:spring-security-oauth2-jose'
    compile 'org.springframework.security:spring-security-oauth2-client'
    compile 'org.springframework.security:spring-security-oauth2-resource-server'
}

application.yaml

spring:
 security:
    oauth2:
      resourceserver:
        jwt:
          jwk-set-uri: http://keycloak.example.com/auth/realms/your-realm/protocol/openid-connect/certs

Also there's a sample at https://github.com/spring-projects/spring-security/tree/master/samples/boot/oauth2resourceserver-webflux