6 Jan 2021 |
| fdutton (Gitter) joined the room. | 02:25:22 |
fdutton (Gitter) | Hi all, | 02:25:22 |
fdutton (Gitter) | I'm rewriting our Zuul-based gateway to use Spring Cloud Gateway and have encountered some difficulty. I understand that Spring Cloud Gateway is based on WebFlux instead of WebMVC. What I noticed is that my implementation of WebSecurityConfigurerAdapter is not getting invoked. Is there a WebFlux equivalent to WebSecurityConfigurerAdapter or am I looking in the wrong place? | 02:31:47 |
7 Jan 2021 |
| EightMonth (Gitter) left the room. | 02:09:30 |
8 Jan 2021 |
| lazyprophet joined the room. | 08:13:57 |
11 Jan 2021 |
| dsteegen (Gitter) left the room. | 12:39:18 |
| rchrd joined the room. | 15:01:47 |
12 Jan 2021 |
| kidfrom (Gitter) joined the room. | 07:21:15 |
kidfrom (Gitter) | Hi, do anyone here have bootcamp class for Spring WebSocket with Spring Security? | 07:21:16 |
13 Jan 2021 |
| Nick (Gitter) joined the room. | 10:24:11 |
Nick (Gitter) | Hi there, does anybody know what the plans are with spring-authorization-server? I'm in the process of building my own OAuth2 Authorization server, and I found that the current version of spring-authorization-server still has some limitations (RSA keys only, fixed JWT expiry, no custom claims, etc...) and was wondering what the best approach is right now. I heard the old @EnableAuthorizationServer has been deprecated, so what's the best way to build my service? | 10:24:11 |
James Howe (Gitter) | spring-security-oauth2 still works | 11:24:02 |
James Howe (Gitter) | (edited) ... still works => ... still works, spring-authorization-server isn't finished. Those are your options. | 11:24:24 |
James Howe (Gitter) | (edited) ... your options. => ... your options if you want a Spring auth server. | 11:24:33 |
Nick (Gitter) | @OrangeDog do you know when the first release of spring-authorization-server is planned for? | 12:10:59 |
James Howe (Gitter) | I haven't really been involved. "When it's done" I think. | 12:11:24 |
Nick (Gitter) | I see, thanks. It seems that my best option is to stick with the old spring-security-oauth2 for the time being | 12:12:11 |
14 Jan 2021 |
aaugusta (Gitter) | I've got a WebFlux/Netty RSocket-over-WebSocket setup. Is there any way to have the Authentication established at the time of the websocket connection be made available to my @MessageMapping method? | 14:17:37 |
| Pavel Grigorenko (Gitter) joined the room. | 14:17:45 |
Pavel Grigorenko (Gitter) | Hi, were you able to solve this? | 14:17:46 |
| Navid Ghahremani (Gitter) joined the room. | 14:55:38 |
Navid Ghahremani (Gitter) | Hey guys, I found a very critical bug in spring security rsocket, could anyone help me to understand why this is happening? spring-projects/spring-security#9345 | 14:55:38 |
| maxtorchio (Gitter) joined the room. | 19:01:57 |
maxtorchio (Gitter) | Hi people! I'm using "org.springframework.boot:spring-boot-starter-oauth2-client" (with gradle plugins 'org.springframework.boot' version '2.4.1' and 'io.spring.dependency-management' version '1.0.10.RELEASE') and i'm having an error "Caused by: org.springframework.security.oauth2.core.OAuth2AuthorizationException: [invalid_token_response] An error occurred parsing the Access Token response: Unexpected type of JSON object member with key "scope" ". It's supose it's fixed at "spring-security:5.4.2" (dependency i should have with spring-boot 4.2.1 ) but still doesn't work :( . Any help? | 19:01:57 |
maxtorchio (Gitter) | (edited) ... Any help? => ... Any help? | 19:34:23 |
maxtorchio (Gitter) | I'm using WebFlux and reactive configs | 19:34:24 |
15 Jan 2021 |
Navid Ghahremani (Gitter) | (edited) ... happening?
https://github.com/spring-projects/spring-security/issues/9345 => ... happening?
https://github.com/spring-projects/spring-security/issues/9345 | 03:07:56 |
Navid Ghahremani (Gitter) | I found a workaround | 03:07:56 |
Navid Ghahremani (Gitter) | (edited) I found a workaround => Hey guys, I found a very critical bug in spring security rsocket, could anyone help me to understand why this is happening?
https://github.com/spring-projects/spring-security/issues/9345 | 03:08:07 |
Navid Ghahremani (Gitter) | I have no idea why this is happening but I could fix it via using unicast. Here is my WebClient part. Have a look into using Flux.merge and Sinks.many().unicast().onBackpressureBuffer<ByteArray>() @MessageMapping("not-working")
fun notWorking(@Payload data: Flux<ByteArray>): Flux<Result> {
val sinks = Sinks.many().unicast().onBackpressureBuffer<ByteArray>()
return Flux.merge(
data
.doOnNext { result -> sinks.tryEmitNext(result) }
.doFinally { sinks.tryEmitComplete() }
.flatMap { Mono.empty<Result>() }
.log()
.subscribeOn(Schedulers.parallel()),
webClient
.post()
.uri(
UriComponentsBuilder
.fromUriString("http://localhost:9999/api/v2/uploads.json")
.queryParam("filename", "TestFileName")
.build(true)
.toUri()
)
.contentType(MediaType("application", "binary"))
.body(
sinks.asFlux(),
ByteArray::class.java
)
.retrieve()
.bodyToFlux()
)
}
So this works, but I am not sure this is the best solution as it is just a workaround. I think the framework should not throw that error. I let the spring security guys decide about it. | 03:08:07 |