search

spring-projects / spring-security

Spring Security
http://spring.io/projects/spring-security
Apache License 2.0
8.75k stars 5.88k forks source link

Spring Webflux - cannot get PreAuthortize to work (using Kotlin) #15347

Closed dreamstar-enterprises closed 2 months ago

dreamstar-enterprises commented 3 months ago

Please see here >>

https://stackoverflow.com/questions/78698990/spring-webflux-preauthorize-not-working-work-using-kotlin

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior.

Expected behavior A clear and concise description of what you expected to happen.

Sample

A link to a GitHub repository with a minimal, reproducible sample.

Reports that include a sample will take priority over reports that do not. At times, we may require a sample, so it is good to try and include a sample up front.

dreamstar-enterprises commented 3 months ago

Seems like this is still an issue: https://github.com/spring-projects/spring-security/issues/12080

dreamstar-enterprises commented 3 months ago

I've tested this multiple times, and still cannot get this to work..

https://stackoverflow.com/questions/78698990/spring-webflux-spring-security-preauthorize-not-working-work-using-kotlin

dreamstar-enterprises commented 3 months ago

The one case where it does work is if I put pre-authorize on the controller, but it all other cases, it doesn't work.

jzheaux commented 2 months ago

Thanks for the StackOverflow link, @dreamstar-enterprises. It looks like you got some support from the community; since there is no accepted answer yet, I will periodically check the question for any additional developments.

dreamstar-enterprises commented 2 months ago

Thank you.

For the above no matter what I did, I couldn't get it to work with co-routines, so I ended up creating a layer between the Server, and Controller, that converted the suspend functions into a Mono, and then changing all functions in my Controllers to a Mono : (

I do wish there was just ONE comprehensive guide that explained how to connect:

  1. Angular (User Agent)
  2. Spring Client Auth (BFF)
  3. Spring Auth Server (Stateless if possible, using Opaque Tokens)
  4. Spring Resource Server (Rest Statless, but with a caching strategy of the Authentication Objects, so the introspection endpoint isn't queried on every request)

And how to host the Spring Servers, where and how to use Spring Gateway or Spring Session / Redis

I've spent 6 weeks on this, but really do feel I haven't go very far : (

Thanks for the help so far though. Do you do consultancy work? I have a small budget.