Spring Webflux API的自定义身份验证

经过大量搜索和尝试，我认为我找到了解决方案：

你需要一个

SecurityWebFilterChain

@Configurationpublic class SecurityConfiguration {    @Autowired    private AuthenticationManager authenticationManager;    @Autowired    private SecurityContextRepository securityContextRepository;    @Bean    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {        // Disable default security.        http.httpBasic().disable();        http.formLogin().disable();        http.csrf().disable();        http.logout().disable();        // Add custom security.        http.authenticationManager(this.authenticationManager);        http.securityContextRepository(this.securityContextRepository);        // Disable authentication for `/auth) ?  new JwtAuthenticationToken(...) : new GuestAuthenticationToken();        return new SecurityContextImpl(authentication);    }}

在负载中，我将根据中的标头检查

serverWebExchange