'Spring Security 5 + OAuth2 + Webflux : authorization success listeners
In 'Spring Security Reference' page, section 5.11 Post Processing Configured Objects introduces the concept of an ObjectPostProcessor where we can configure a filterSecurityPublishAuthorizationSuccess property on FilterSecurityInterceptor.
@EnableWebSecurity
public class ResourceServerConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
public <O extends FilterSecurityInterceptor> O postProcess(O fsi) {
fsi.setPublishAuthorizationSuccess(true); //1 This requires JavaX Servlet API
return fsi;
}
});
. . .
}
In my case using this ObjectPostProcessor I'm able to log authorization success using an ApplicationListener.
package org.mycompany.security.reactive.logging;
public class AuthorizationSuccessListener implements ApplicationListener<AuthorizedEvent> {
@Override
public void onApplicationEvent(AuthorizedEvent event) {
// log journals
}
}
. . .
Right now I'm migrating my application to use Spring Webflux (Reactive) instead of RestTemplate (Java Servlet API).
The problem after migrating my code is: the code from Spring Security page requires the Servlet API (error: The type javax.servlet.Filter cannot be resolved. ) on the line with my comment: //1.
The client code is a simple @RestController + @GetMapping using Spring WebClient.
Has anyone been through a situation like this or know another approach?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|