search

minio / minio-java

MinIO Client SDK for Java
https://docs.min.io/docs/java-client-quickstart-guide.html
Apache License 2.0
1.12k stars 484 forks source link

How to configure mini to work with spring-webflux using oauth2 ? #1399

Closed gredwhite closed 1 year ago

gredwhite commented 1 year ago

I have sping-boot application with rest services written using Spring web flux.

For now I access minio using login/password authorizaton and it works fine.

For now I want to exchange application JWT token with STS minio token and I implemented method to test:

@PostMapping
public boolean test(JwtAuthenticationToken token) throws ServerException, InsufficientDataException, ErrorResponseException, IOException, NoSuchAlgorithmException, InvalidKeyException, InvalidResponseException, XmlParserException, InternalException {
    MinioClient minioClient =
            MinioClient.builder()
                    .region(...)
                    .endpoint(...)              
                    .credentialsProvider(new WebIdentityProvider(

                            () -> new Jwt(token.getToken().getTokenValue(), 1000),
                            String.valueOf(...),
                            null,
                            null,
                            null,
                            null,
                            null))
                    .build();
    return minioClient.bucketExists("mybucket").build());
}

This code successfully works and returns true because mybucket actually exists.

But it is only test and I need to move minioClient to the configuration. The issue here that I have to have credentials provider there.

So I've created folowing configuration:

@Bean
public MinioClient minioClient() {
    return MinioClient.builder()
            .region(...)
            .endpoint(...)
            .credentialsProvider(new WebIdentityProvider(

                    () -> {
                        String block = null;
                        try {
                            block = ReactiveSecurityContextHolder
                                .getContext()
                                .map(context -> {
                                            return context
                                                    .getAuthentication()
                                                    .getPrincipal();

                                        }
                                )
                                .cast(Jwt.class)
                                .map(Jwt::token)
                                .block();
                        } catch (Exception e) {
                            // it fails here     <=======
                            System.out.println(e);
                        }

                        Jwt jwt = new Jwt(String.valueOf(block),
                                1000);
                        return jwt; },
                    String.valueOf(...),
                    null,
                    null,
                    null,
                    null,
                    null))
            .build();
}

But unfortunately method block() fails with exception:

java.lang.IllegalStateException: block()/blockFirst()/blockLast() are blocking, which is not supported in thread reactor-http-nio-6

Any ideas how to configure it?

balamurugana commented 1 year ago

As ReactiveSecurityContextHolder is from https://github.com/spring-projects/spring-security, you would need to check with respective project about the failure.

gredwhite commented 1 year ago

As ReactiveSecurityContextHolder is from https://github.com/spring-projects/spring-security, you would need to check with respective project about the failure.

I think it is very popular scenario so it would be helpful if you could add it to the https://github.com/minio/minio-java/tree/master/examples

gredwhite commented 1 year ago

As ReactiveSecurityContextHolder is from https://github.com/spring-projects/spring-security, you would need to check with respective project about the failure.

Maybe there is a way to pass JWT token dynamically ? (not via credentials provider)

gredwhite commented 1 year ago

As ReactiveSecurityContextHolder is from https://github.com/spring-projects/spring-security, you would need to check with respective project about the failure.

Do you have plans to create minio reactive client ?

gredwhite commented 1 year ago

Related topic on SO: https://stackoverflow.com/questions/74875058/how-to-get-jwt-token-value-in-spring-webflux-to-exchange-it-with-minio-sts-tok