webflux oauth2ResourceServer don't support redisToken?

[CK110]

Summary

use webflux. is there any filter like OAuth2AuthenticationProcessingFilter in project spring-security-oauth？because i don't use JWT

Actual Behavior

Actual i use redis token。in my old project，zuul gateway is a resource server

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.tokenStore(tokenStore)
                .stateless(true)
                .authenticationEntryPoint(authenticationEntryPoint)
                .expressionHandler(expressionHandler)
                .accessDeniedHandler(oAuth2AccessDeniedHandler);
    }
   
   .....
}

but now i change the gateway to spring cloud gateway.

@Configuration
@EnableWebFluxSecurity
public class WebfluxResourceServerConfig {
    @Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {

        ServerBearerTokenAuthenticationConverter bearerTokenConverter = new ServerBearerTokenAuthenticationConverter();
        bearerTokenConverter.setAllowUriQueryParameter(true);
        http.authorizeExchange()
                .anyExchange().access(new HasScope());
                .and()
                .oauth2ResourceServer();
        return http.build();
}

the oauth2ResourceServer just support jwt in webflux , i cant use it like in spring-security-oauth。

i need to check token and get Authentication by SecurityContextHolder by some filter like OAuth2AuthenticationProcessingFilter 。

i need to write the filter by myself?

Expected Behavior

some filter like OAuth2AuthenticationProcessingFilter

Version

5.1.5

[jzheaux]

Spring Security 5.2 supports two ways of token verification. The first is JWT and the second is opaque tokens. In this case, it appears that you have an opaque token.

This can be customized by doing:

http
    .oauth2ResourceServer()
        .opaqueToken()
            .introspectionClient(new MyRedisIntrospectionClient())

Where your custom class would take the token string and return a Map of attributes.

Note that since 5.2 is not yet GA, the name of the introspection interface may change.