Skip to content

Multi-tenancy for Reactive Resource Server #6727

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jzheaux opened this issue Apr 1, 2019 · 4 comments · Fixed by #6861
Closed

Multi-tenancy for Reactive Resource Server #6727

jzheaux opened this issue Apr 1, 2019 · 4 comments · Fixed by #6861
Assignees
@jzheaux
Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
Milestone
5.2.0.M3

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Apr 1, 2019

Related to #5351.

Let's add the reactive equivalent of Resource Server's multi-tenancy support.
@jzheaux jzheaux added New Feature in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Apr 1, 2019
@jzheaux jzheaux added this to the 5.2.0.M2 milestone Apr 1, 2019
@jzheaux jzheaux added the status: ideal-for-contribution An issue that we actively are looking for someone to help us with label Apr 1, 2019
@jzheaux jzheaux mentioned this issue Apr 1, 2019
Closed
@rhamedy
Copy link
Contributor

rhamedy commented Apr 1, 2019

@jzheaux Can I work on this? ☺️

@jzheaux
Copy link
Contributor Author

jzheaux commented Apr 1, 2019

Yes, sir, it's yours!

@jzheaux jzheaux self-assigned this Apr 1, 2019
@jgrandja jgrandja modified the milestones: 5.2.0.M2, 5.2.0.RC1 Apr 15, 2019
@rhamedy
Copy link
Contributor

rhamedy commented Apr 22, 2019
edited
Loading

Hi @jzheaux

Started working on this and 6723 issues and it would be helpful to get some direction from your end. Looking through your PR PR 6563

  • Added
@FunctionalInterface
public interface ReactiveAuthenticationManagerResolver<C> {
	Mono<ReactiveAuthenticationManager> resolve(C context);
}

  • The Reactive equivalent of OAuth2ResourceServerConfigurer is ServerHttpSecurity.OAuth2ResourceServerSpec? Is that correct? Curious what is the design decision behind ServerHttpSecurity which contains many nested classes? 🤔

  • Declared the ReactiveAuthenticationManagerResolver in ServerHttpSecurity.OAuth2ResourceServerSpec parametrizing it with ServerHttpRequest and added the following

public OAuth2ResourceServerSpec reactiveAuthenticationManagerResolver(
		ReactiveAuthenticationManagerResolver<ServerHttpRequest> reactiveAuthenticationManagerResolver) {
	Assert.notNull(reactiveAuthenticationManagerResolver, "reactiveAuthenticationManagerResolver cannot be null");
	this.reactiveAuthenticationManagerResolver = reactiveAuthenticationManagerResolver;
	return this;
}

  • The changes to the configure method of ServerHttpSecurity.OAuth2ResourceServerSpec is a little tricky as I am struggling to understand the Reactive equivalent of BearerTokenAuthenticationFilter. Could be BearerTokenServerWebExchangeMatcher?

  • Your PR includes a sample boot oauth2-resourceservier-multitenancy. What is the requirement for the Reactive equivalent? Update existing/Add new one/Do nothing?🤔

I have read a few articles and Spring blogs on Reactive programming and I feel like I could use some more. Do you recommend any resource/tutorial/sample/article that could help me understand the Spring Reactive in deeper level?

Thank you for your usual support 🙂

Raf.

@jzheaux
Copy link
Contributor Author

jzheaux commented Apr 25, 2019

OAuth2ResourceServerSpec

Yes, that's correct. We haven't broken things out yet just because there hasn't yet been the need.

BearerTokenAuthenticationFilter equivalent

Actually, there isn't a special filter on the reactive side. The programming model is a bit more simplified on the reactive side. You can see the filter set up just as an AuthenticationWebFilter.

Reactive sample equivalent

Nothing for the time being - thanks for asking

articles

This may sound silly, but I'm a lot more of a learn-by-doing person, so I haven't read much more than the Project Reactor docs. But let me ask the team, and I'll get back to you.

@rwinch rwinch added type: enhancement A general enhancement and removed New Feature labels May 3, 2019
@rhamedy rhamedy mentioned this issue May 11, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) status: ideal-for-contribution An issue that we actively are looking for someone to help us with type: enhancement A general enhancement
Projects
None yet
Milestone
5.2.0.M3
Development

Successfully merging a pull request may close this issue.

Add Multi-tenancy support for Reactive Resource Server rhamedy/spring-security
4 participants
@rwinch @rhamedy @jzheaux @jgrandja