You cannot use `.block()` because it subscribes and does not have the security context as part of the subscriber context that is established by Spring Security's WebFilter.
If you believe this is a bug, please provide a complete and minimal sample (i.e. GitHub repository) of the problem with details on how to reproduce the issue, what you expect to happen, and what actually happens.
Originally posted by @rwinch in https://github.com/spring-projects/spring-security/issues/5207#issuecomment-603335544
I need to get the real token to pass it to minio. I have no idea how to achieve it.
more context:
I have sping-boot application with rest services written using Spring web flux.
For now I access minio using login/password authorizaton and it works fine.
For now I want to exchange application JWT token with STS minio token and I implemented method to test:
@PostMapping
public boolean test(JwtAuthenticationToken token) throws ServerException, InsufficientDataException, ErrorResponseException, IOException, NoSuchAlgorithmException, InvalidKeyException, InvalidResponseException, XmlParserException, InternalException {
MinioClient minioClient =
MinioClient.builder()
.region(...)
.endpoint(...)
.credentialsProvider(new WebIdentityProvider(
() -> new Jwt(token.getToken().getTokenValue(), 1000),
String.valueOf(...),
null,
null,
null,
null,
null))
.build();
return minioClient.bucketExists("mybucket").build());
}
This code successfully works and returns true because mybucket actually exists.
But it is only test and I need to move minioClient to the configuration. The issue here that I have to have credentials provider there.
So I've created folowing configuration:
@Bean
public MinioClient minioClient() {
return MinioClient.builder()
.region(...)
.endpoint(...)
.credentialsProvider(new WebIdentityProvider(
() -> {
String block = null;
try {
block = ReactiveSecurityContextHolder
.getContext()
.map(context -> {
return context
.getAuthentication()
.getPrincipal();
}
)
.cast(Jwt.class)
.map(Jwt::token)
.block();
} catch (Exception e) {
// it fails here <=======
System.out.println(e);
}
Jwt jwt = new Jwt(String.valueOf(block),
1000);
return jwt; },
String.valueOf(...),
null,
null,
null,
null,
null))
.build();
}
But unfortunately method block() fails with exception:
java.lang.IllegalStateException: block()/blockFirst()/blockLast() are blocking, which is not supported in thread reactor-http-nio-6
Any ideas how to fix it?
Comment From: jzheaux
Thanks for getting in touch! It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.
Comment From: gredwhite
Thanks for getting in touch! It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.
I have already asked it in stackoverflow: https://stackoverflow.com/questions/74875058/how-to-get-jwt-token-value-in-spring-webflux-to-exchange-it-with-minio-sts-tok
But I want to know if it is bug or not from developers of spring-security(who else could know better ?) and if it is not a bug you definitely will be able to help me with my issue.