Reactive-Spring-Security-5.1.3.RELEASE, multiple authorizations

Question

We have some endpoints, that are secured and before to access them we\'re verifying that the jws is correctly. In order to do that, we\'ve defined a SecurityContext that act

Answer 1

You can expose more than one bean. I recommend specifying an order:

@Bean
@Order(1)
public SecurityWebFilterChain first(ServerHttpSecurity http) {
    http
        .securityMatcher(...)
        ...

    return http.build();
}

@Bean
@Order(2)
public SecurityWebFilterChain second(ServerHttpSecurity http) {
   http
       .securityMatcher(...)
       ...

   return http.build();
}

As a side note, Spring Security does ship with support for verifying JWS tokens reactively, and you might be able to remove some boilerplate by using it.