What Does MapReactiveUserDetailsService Do in Spring Webflux Security Authentication?

Question

I'm trying to implement Spring Security authentication on Spring WebFlux app. I have implemented Spring Security authentication on Spring Web before.

When I read articles on how to implement it, I saw MapReactiveUserDetailsService bean but there is no explanation about this bean usage. I read the article from here and here.

the bean looks like this:

@Bean
public MapReactiveUserDetailsService userDetailsService() {
    UserDetails user = User
      .withUsername("user")
      .password(passwordEncoder().encode("password"))
      .roles("USER")
      .build();
    return new MapReactiveUserDetailsService(user);
}

is there anyone know what it does?

Answer 1

It creates a default in-memory user. That allows you to test your security. For production goals please change it to such example (kotlin):

@Service
class UserService(private val customerService: CustomerService) : ReactiveUserDetailsService {

    override fun findByUsername(username: String?): Mono<UserDetails> = mono {
        val customer: Customer = customerService.findByEmail(username!!)
            ?: throw BadCredentialsException("Invalid Credentials")

        val authorities: List<GrantedAuthority> = listOf(customer)

        org.springframework.security.core.userdetails.User(
            customer.email,
            customer.password,
            authorities
        )
    }
}