https://kotlinlang.org logo
Join Slack
Powered by
Regarding <https://github.com/spring-projects/spri...
# spring
j
Regarding https://github.com/spring-projects/spring-fu/issues/16: We're trying to use the spring-security module but as we're using the functional approach using spring-fu there's no way to use @EnableWebFluxSecurity annotation. Is that correct? Is there a way support both, functional and annotation based processing? The functional approach worked great so far so it would be a real bummer if there's no way to make it work right now.
s
Currently there is no way out of the box
It is technically possible if using an annotation aware appContext I think
What feature of Spring Security do you need ?
j
that would be oauth2
s
I am deep in Coroutines support no no time for me to implement it right now, but if you want to dig into it, I can give you some hints to enable int manually. Also if you want using this hints contribute a first part of the DSL, feel free to do so via a PR.
You will see it just imports 
ServerHttpSecurityConfiguration
, 
WebFluxSecurityConfiguration.class
and 
ReactiveOAuth2ClientImportSelector
So what could be probably done
You should register one bean per 
@Bean
If you want to do it in a nice way
Create a 
security-adapter
similar to 
autoconfigure-adapter
to implement this logic.
Then add DSLs is Jafu/Kofu
Yiu can also do tat quick and dirty directly in your app if you don't have the time to contribute
But external contribution for that would be awesome 😉
On Kofu DSL side the idea is to express Spring Security DSL in a more Kotlin DSL way
j
alright, sounds like a project for this weekend, thanks for the information! Could you also give me one or two hints regarding your "annotation aware appContext"?
s
Awesome 🙂 I don't think you need "annotation aware appContext" if you do it that way, or if you do let me know that could be a bug on Security side.
j
got it. I'll report back when I made some progress 🙂
s
Let me just check something, we can maybe use Boot Security integration there
Boot mostly delegates Spring Security via https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/reactive/ReactiveSecurityAutoConfiguration.java and 
SecurityProperties
does not bring much added value so the way I suggested looks like ok. I you follow what I did in 
autoconfigure-adapter
as a pattern that should work IMO.
Thanks a lot for at least trying, I really appreciate.
j
s
Good question, seems not straightforward, I am going to ask to Spring Security team.
j
Thanks!
s
@Jonas Bark The issue has been fixed on Spring Security master, see https://github.com/spring-projects/spring-security/commit/5aacd0c9550e87360fde3ddd71f02c6d0029ff4f. Are you still interesting to work on the 
security { }
DSL?
j
I saw it, I'll try it soon 🙂 and yes, I'm still interested but I'm unsure about when I find the time for it are you at the Spring I/O conference in two weeks?
s
Yes, I will
j
I started work here: https://github.com/feilfeilundfeil/spring-fu/tree/spring-security it already works as a POC - I'll try to think of what configurations we can expose to the Kotlin DSL
we can have a small discussion at Spring I/O to push this forward 👍
👍 1
s
Joe Grandja from Spring Security will be there as well
On DSL side, feel free to expose an idiomatic Kotlin DSL. I think the Java DSL had to take some shortcut because it was design before lambdas
If you face issues mapping both please let me know
j
alright, will do!
s
Thanks a lot for you contribution, that's a really key topic to move forward.
6 Views
Open in Slack
PreviousNext
Powered by