I m using reactive spring security with springboot, my front-end is built with Angular 6, Everything is working fine if i use springboot default login form.
I want to login with rest api.
Rest login method:
@PostMapping(path = "/login", consumes = MediaType.APPLICATION_JSON_VALUE)
public Mono<UserDetails> login(@RequestBody User user) {
Mono<UserDetails> isLoggedIn = Mono.empty();
try{
isLoggedIn = this.userDetailsService.findByUsername(user.getUsername());
}catch (RuntimeException e){
return isLoggedIn;
}
return isLoggedIn;
}
My SecurityConfig is following:
@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
@Bean
SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
http.authorizeExchange().pathMatchers("/login","/signup","/api/users/login","/ui/**","/webjars/**").permitAll()
.anyExchange().authenticated()
.and()
.httpBasic().disable()
.formLogin().disable()
.csrf().disable()
.logout().disable();
return http.build();
}
}
My ReactiveUserDetailService as following:
@Component
public class ServiceReactiveUserDetailsService implements ReactiveUserDetailsService {
private UserRepo userRepo;
public ServiceReactiveUserDetailsService(UserRepo userRepo) {
this.userRepo = userRepo;
}
@Bean
PasswordEncoder passwordEncoder() {
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Override
public Mono<UserDetails> findByUsername(String username) {
return this.userRepo.findByUsername(username).map(CustomUser::new);
}
private class CustomUser extends User implements UserDetails {
public CustomUser(User user) {
super(user);
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return AuthorityUtils.createAuthorityList("ROLE_USER");
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
}
I m new in spring world, Any help will be appreciated
Maybe try using formLogin.loginPage method to point to your login method instead of disabling formLogin. I think the problem is in your security config.
EDIT: these tutoials might help: https://dzone.com/articles/reactive-spring-security-for-webflux-rest-web-serv https://www.baeldung.com/spring-security-5-reactive
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.