return jwt to thymeleaf fragment

Question

I use spring boot with thymeleaf, spring security and spring cloud gateway.

User enter login/password and get a token. I search a way to get this tokin and put it in a cookie or in a hidden field in fragment. Need to to do some ajax call from thymeleaf page.

@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
public class WebFluxSecurityConfig {

    @Autowired
    private WebFluxAuthManager authManager;

    @Autowired
    private WebFluxSecurityContextRepository webFluxSecurityContextRepository;

    @Bean
    protected SecurityWebFilterChain securityFilterChange(ServerHttpSecurity http) throws Exception {
        http.csrf().disable()
                .securityContextRepository(webFluxSecurityContextRepository)
                .authorizeExchange()
                // URL that starts with / or /login/
                .pathMatchers("/", "/login", "/js/**", "/img/**", "/css/**").permitAll()
                .anyExchange().authenticated()
                .and().formLogin().loginPage("/login")
                .authenticationSuccessHandler(new RedirectServerAuthenticationSuccessHandler("/two")
                ).and().csrf().disable();

        http.authenticationManager(authManager);

        return http.build();

    }

}



@Component
public class WebFluxSecurityContextRepository implements ServerSecurityContextRepository {

    private final WebFluxAuthManager authManager;

    public WebFluxSecurityContextRepository(WebFluxAuthManager authManager) {
        this.authManager = authManager;
    }

    @Override
    public Mono<Void> save(ServerWebExchange exchange, SecurityContext context) {
        return Mono.empty();
    }

    @Override
    public Mono<SecurityContext> load(ServerWebExchange exchange) {
        ServerHttpRequest request = exchange.getRequest();

        String authHeader = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);

        if (authHeader != null && authHeader.startsWith("Bearer ")) {
            String authToken = authHeader.substring(7);
            Authentication auth = new UsernamePasswordAuthenticationToken(authToken, authToken);
            return this.authManager.authenticate(auth).map((authentication) -> {
                return new SecurityContextImpl(authentication);
            });
        } else {
            return Mono.empty();
        }
    }

}

@Component

public class WebFluxAuthManager implements ReactiveAuthenticationManager {

@Value("${gateway.url}")
private String gatewayUrl;

@Autowired
private WebClient webClient;

@Override
public Mono<Authentication> authenticate(Authentication authentication) {
    Mono<ResponseEntity<String>> mResponse = webClient.post()
            .uri("/auth/login")
            .acceptCharset(Charset.forName("UTF-8"))
            .body(Mono.just(loginRequest), LoginDto.class)
            .retrieve()
            .toEntity(String.class);
           ...
           ...
        return Mono.just(new UsernamePasswordAuthenticationToken(username, password, authorities));
}