When using spring security with spring webflux, the authenticationmanager is called everytime. I am expecting spring security to use the session and authenticate only once as not using spring webflux : https://github.com/spring-projects/spring-security/issues/301
I am using springs security and webflux RC3.
Here is how I configure spring security : `@EnableWebFluxSecurity public class ApplicationConfig {
@Bean SecurityWebFilterChain httpSecurity(HttpSecurity http) throws Exception { return http.authorizeExchange() .pathMatchers("/myroute/**").authenticated() .anyExchange().permitAll() .and() .build(); }
@Bean public ReactiveAuthenticationManager authenticationManager() { return new MyAuthenticationManager(); }`
I first post this on stackoverlow : https://stackoverflow.com/questions/45463383/spring-webflux-security-and-session-authenticate-at-each-request
Comment From: adrienleroy
I manage to do what I want, by creating this quick and dirty AuthenticationWebFilter
Comment From: ghost
do you hava a demo about webflux and security? i need it very mouch! if you hava that,please help me!ok?
Comment From: eleftherias
I'm glad to hear you figured this out.
FYI HTTP Basic Authentication does not use the session in Reactive applications #4825