Originally published at https://www.baeldung.com
Spring WebFlux framework is part of Spring 5 and provides reactive programming support for web applications.
In this tutorial, we'll be creating a small reactive REST application using the reactive web components RestController and WebClient.
We will also be looking at how to secure our reactive endpoints using Spring Security.
Spring WebFlux internally uses Project Reactor and its publisher implementations – Flux and Mono.
The new framework supports two programming models:
Let's start with the spring-boot-starter-webflux dependency, which actually pulls in all other required dependencies:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-webflux</artifactId> <version>2.1.6.RELEASE</version> </dependency>
The latest spring-boot-starter-webflux can be downloaded from Maven Central.
We'll now build a very simple Reactive REST EmployeeManagement application – using Spring WebFlux:
Spring WebFlux supports the annotation-based configurations in the same way as Spring Web MVC framework.
To begin with, on the server side, we create an annotated controller that publishes our reactive streams of Employee.
Let's create our annotated EmployeeController:
@RestController @RequestMapping("/employees") public class EmployeeController { private final EmployeeRepository employeeRepository; // constructor... }
EmployeeRepository can be any data repository that supports non-blocking reactive streams.
Let's create an endpoint in our controller that publishes a single Employee resource:
@GetMapping("/{id}") private Mono<Employee> getEmployeeById(@PathVariable String id) { return employeeRepository.findEmployeeById(id); }
For a single Employee resource, we have used a Mono of type Employee because it will emit at most 1 element.
Let's also add an endpoint in our controller that publishes the collection resource of all Employees:
@GetMapping private Flux<Employee> getAllEmployees() { return employeeRepository.findAllEmployees(); }
For the collection resource, we have used Flux of type Employee – since that's the publisher focused on emitting 0..n elements.
WebClient introduced in Spring 5 is a non-blocking client with support for Reactive Streams.
On the client side, we use WebClient to retrieve data from our endpoints created in EmployeeController.
Let's create a simple EmployeeWebClient:
public class EmployeeWebClient { WebClient client = WebClient.create("http://localhost:8080"); // ... }
Here we have created a WebClient using its factory method create. It'll point to localhost:8080 for relative URLs.
To retrieve single resource of type Mono from endpoint /employee/{id}:
Mono<Employee> employeeMono = client.get() .uri("/employees/{id}", "1") .retrieve() .bodyToMono(Employee.class); employeeMono.subscribe(System.out::println);
Similarly, to retrieve a collection resource of type Flux from endpoint /employees:
Flux<Employee> employeeFlux = client.get() .uri("/employees") .retrieve() .bodyToFlux(Employee.class); employeeFlux.subscribe(System.out::println);
We can use Spring Security to secure our reactive endpoints.
Let's suppose we have a new endpoint in our EmployeeController. This endpoint updates Employee details and sends back the updated Employee.
Since this allows users to change existing employees, we want to restrict this endpoint to ADMIN role users only.
Let's add a new method to our EmployeeController:
@PostMapping("/update") private Mono<Employee> updateEmployee(@RequestBody Employee employee) { return employeeRepository.updateEmployee(employee); }
Now, to restrict access to this method let's create SecurityConfig and define some path-based rules to only allow ADMIN users:
@EnableWebFluxSecurity public class EmployeeWebSecurityConfig { // ... @Bean public SecurityWebFilterChain springSecurityFilterChain( ServerHttpSecurity http) { http.csrf().disable() .authorizeExchange() .pathMatchers(HttpMethod.POST, "/employees/update").hasRole("ADMIN") .pathMatchers("/**").permitAll() .and() .httpBasic(); return http.build(); } }
This configuration will restrict access to the endpoint /employees/update. Therefore only users having a role ADMIN will be able to access this endpoint and update an existing Employee.
Finally, the annotation @EnableWebFluxSecurity adds Spring Security WebFlux support with some default configurations.
In this article, we've explored how to create and work with reactive web components supported by Spring WebFlux framework by creating a small Reactive REST application.
We learned how to use RestController and WebClient to publish and consume reactive streams respectively.
We also looked into how to create a secured reactive endpoint with the help of Spring Security.
Other than Reactive RestController and WebClient, WebFlux framework also supports reactive WebSocket and corresponding WebSocketClient for socket style streaming of Reactive Streams.
Finally, the complete source code used in this tutorial is available over on Github.
Thanks for reading ❤
If you liked this post, share it with all of your programming buddies!
Follow us on Facebook | Twitter
☞ Spring & Hibernate for Beginners (includes Spring Boot)
☞ Spring Framework Master Class - Learn Spring the Modern Way!
☞ Master Microservices with Spring Boot and Spring Cloud
☞ Spring Boot and OAuth2: Getting the Authorization Code
☞ An Introduction to Spring Boot
☞ How to build GraphQL APIs with Kotlin, Spring Boot, and MongoDB?
☞ Build a Rest API with Spring Boot using MySQL and JPA
☞ Angular 8 + Spring Boot 2.2: Build a CRUD App Today!
☞ Spring Boot vs. Spring MVC vs. Spring: How Do They Compare?
☞ Top 4 Spring Annotations for Java Developer in 2019
#spring-boot #java