Simple REST API security
We will use the example that we created in Chapter 5, Integrating with Spring WebFlux (spring-boot-spring-webflux) and expand on it by doing the following:
- Bringing the JWT support to the already existing Spring WebFlux application secured using basic authentication.
- Creating a new controller (
path /auth/**
) that will have new endpoints, using which you can authenticate the user. - Using basic authentication or the auth REST endpoint, we will generate the JWT on the server and send it as a response to the client. Subsequent calls from the client to access secured REST APIs can be achieved by using the JWT supplied as a HTTP header (authorization, bearer token).
We won't be able to go into each and every detail of this project (we have a more important topic that we need to cover in this chapter within the stipulated page count). However, while going through the example, important code snippets will be listed down and explained in detail to some extent.