How to login via Rest API using ReactiveUserDetailsService springboot

Question

I m using reactive spring security with springboot, my front-end is built with Angular 6, Everything is working fine if i use springboot default login form.

I want to login with rest api.

Rest login method:

@PostMapping(path = "/login", consumes = MediaType.APPLICATION_JSON_VALUE)
public Mono<UserDetails> login(@RequestBody User user) {
    Mono<UserDetails> isLoggedIn = Mono.empty();
    try{
        isLoggedIn = this.userDetailsService.findByUsername(user.getUsername());
    }catch (RuntimeException e){
        return isLoggedIn;
    }

    return isLoggedIn;
}

My SecurityConfig is following:

@Configuration
@EnableWebFluxSecurity 
public class SecurityConfig {

    @Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    http.authorizeExchange().pathMatchers("/login","/signup","/api/users/login","/ui/**","/webjars/**").permitAll()
            .anyExchange().authenticated()
            .and()
            .httpBasic().disable()
            .formLogin().disable()
            .csrf().disable()
            .logout().disable();
    return http.build();
   }
}

My ReactiveUserDetailService as following:

@Component
public class ServiceReactiveUserDetailsService implements ReactiveUserDetailsService {
     private UserRepo userRepo;

     public ServiceReactiveUserDetailsService(UserRepo userRepo) {
        this.userRepo = userRepo;
     }

     @Bean
     PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
     }

     @Override
     public Mono<UserDetails> findByUsername(String username) {
         return this.userRepo.findByUsername(username).map(CustomUser::new);
     }

    private class CustomUser extends User implements UserDetails {
        public CustomUser(User user) {
            super(user);
        }

       @Override
       public Collection<? extends GrantedAuthority> getAuthorities() {
          return AuthorityUtils.createAuthorityList("ROLE_USER");
       }

       @Override
       public boolean isAccountNonExpired() {
          return true;
       }

       @Override
       public boolean isAccountNonLocked() {
           return true;
       }

       @Override
       public boolean isCredentialsNonExpired() {
          return true;
       }

       @Override
       public boolean isEnabled() {
          return true;
       }
   }
}

I m new in spring world, Any help will be appreciated

Answer 1

Maybe try using formLogin.loginPage method to point to your login method instead of disabling formLogin. I think the problem is in your security config.

EDIT: these tutoials might help: https://dzone.com/articles/reactive-spring-security-for-webflux-rest-web-serv https://www.baeldung.com/spring-security-5-reactive