BAEL-3338: A Guide to AuthenticationManagerResolver in Spring Security

spring-5-reactive-security/src/main/java/com/baeldung/reactive/authresolver/AuthResolverApplication.java

@@ -0,0 +1,15 @@
+package com.baeldung.reactive.authresolver;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.web.reactive.config.EnableWebFlux;
+
+@EnableWebFlux
+@SpringBootApplication
+public class AuthResolverApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(AuthResolverApplication.class, args);
+    }
+
+}

spring-5-reactive-security/src/main/java/com/baeldung/reactive/authresolver/AuthResolverController.java

@@ -0,0 +1,25 @@
+package com.baeldung.reactive.authresolver;
+
+import java.security.Principal;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+import reactor.core.publisher.Mono;
+
+@RestController
+public class AuthResolverController {
+
+    @GetMapping("/customer/welcome")
+    public Mono<String> sayWelcomeToCustomer(Mono<Principal> principal) {
+        return principal
+                .map(Principal::getName)
+                .map(name -> String.format("Welcome to our site, %s!", name));
+    }
+
+    @GetMapping("/employee/welcome")
+    public Mono<String> sayWelcomeToEmployee(Mono<Principal> principal) {
+        return principal
+                .map(Principal::getName)
+                .map(name -> String.format("Welcome to our company, %s!", name));
+    }
+
+}

spring-5-reactive-security/src/main/java/com/baeldung/reactive/authresolver/AuthResolverSecurityConfig.java

@@ -0,0 +1,86 @@
+package com.baeldung.reactive.authresolver;
+
+import java.util.Collections;
+import org.springframework.context.annotation.Bean;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.security.authentication.ReactiveAuthenticationManager;
+import org.springframework.security.authentication.ReactiveAuthenticationManagerResolver;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
+import reactor.core.publisher.Mono;
+
+@EnableWebFluxSecurity
+@EnableReactiveMethodSecurity
+public class AuthResolverSecurityConfig {
+
+    @Bean
+    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
+        return http
+          .authorizeExchange()
+          .pathMatchers("/**")
+          .authenticated()
+          .and()
+          .httpBasic()
+          .disable()
+          .addFilterAfter(authenticationWebFilter(), SecurityWebFiltersOrder.REACTOR_CONTEXT)
+          .build();
+    }
+
+    public AuthenticationWebFilter authenticationWebFilter() {
+        AuthenticationWebFilter filter = new AuthenticationWebFilter(authenticationManagerResolver());
+        return filter;
+    }
+
+    public ReactiveAuthenticationManagerResolver<ServerHttpRequest> authenticationManagerResolver() {
+        return request -> {
+            if (request
+              .getPath()
+              .subPath(0)
+              .value()
+              .startsWith("/employee")) return Mono.just(employeesAuthenticationManager());
+            return Mono.just(customersAuthenticationManager());
+        };
+    }
+
+    public ReactiveAuthenticationManager customersAuthenticationManager() {
+        return authentication -> customer(authentication)
+          .switchIfEmpty(Mono.error(new UsernameNotFoundException(authentication
+            .getPrincipal()
+            .toString())))
+          .map(b -> new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"))));
+    }
+
+    public ReactiveAuthenticationManager employeesAuthenticationManager() {
+        return authentication -> employee(authentication)
+          .switchIfEmpty(Mono.error(new UsernameNotFoundException(authentication
+            .getPrincipal()
+            .toString())))
+          .map(b -> new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"))));
+    }
+
+    public Mono<String> customer(Authentication authentication) {
+        return Mono.justOrEmpty(authentication
+          .getPrincipal()
+          .toString()
+          .startsWith("customer") ? authentication
+          .getPrincipal()
+          .toString() : null);
+    }
+
+    public Mono<String> employee(Authentication authentication) {
+        return Mono.justOrEmpty(authentication
+          .getPrincipal()
+          .toString()
+          .startsWith("employee") ? authentication
+          .getPrincipal()
+          .toString() : null);
+    }
+}

spring-5-reactive-security/src/test/java/com/baeldung/reactive/authresolver/AuthResolverIntegrationTest.java

@@ -0,0 +1,62 @@
+package com.baeldung.reactive.authresolver;
+
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.MethodSorters;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.reactive.server.WebTestClient;
+import org.springframework.util.Base64Utils;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = AuthResolverApplication.class)
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class AuthResolverIntegrationTest {
+    @Autowired private WebTestClient testClient;
+
+    @Test
+    public void givenCustomerCredential_whenWelcomeCustomer_thenExpectOk() {
+        testClient
+          .get()
+          .uri("/customer/welcome")
+          .header("Authorization", "Basic " + Base64Utils.encodeToString("customer1:pass1".getBytes()))
+          .exchange()
+          .expectStatus()
+          .isOk();
+    }
+
+    @Test
+    public void givenEmployeeCredential_whenWelcomeCustomer_thenExpect401Status() {
+        testClient
+          .get()
+          .uri("/customer/welcome")
+          .header("Authorization", "Basic " + Base64Utils.encodeToString("employee1:pass1".getBytes()))
+          .exchange()
+          .expectStatus()
+          .isUnauthorized();
+    }
+
+    @Test
+    public void givenEmployeeCredential_whenWelcomeEmployee_thenExpectOk() {
+        testClient
+          .get()
+          .uri("/employee/welcome")
+          .header("Authorization", "Basic " + Base64Utils.encodeToString("employee1:pass1".getBytes()))
+          .exchange()
+          .expectStatus()
+          .isOk();
+    }
+
+    @Test
+    public void givenCustomerCredential_whenWelcomeEmployee_thenExpect401Status() {
+        testClient
+          .get()
+          .uri("/employee/welcome")
+          .header("Authorization", "Basic " + Base64Utils.encodeToString("customer1:pass1".getBytes()))
+          .exchange()
+          .expectStatus()
+          .isUnauthorized();
+    }
+}