Introduction to Spring WebFlux

Reading Time: 3 minutes


Spring 5 includes Spring WebFlux, which provides reactive programming support for web applications

In this blog, we’ll create a small reactive REST application using the reactive web components RestController and WebClient.

We’ll also look at how to secure our reactive endpoints using Spring Security.

Spring WebFlux Framework

Spring WebFlux internally uses Project Reactor and its publisher implementations, Flux and Mono.

The new framework supports two programming models:

  • Annotation-based reactive components
  • Functional routing and handling


Let’s start with the spring-boot-starter-webflux dependency, which pulls in all other required dependencies:

  • spring-boot and spring-boot-starter for basic Spring Boot application setup
  • spring-webflux framework
  • reactor-core that we need for reactive streams and also reactor-netty

Reactive REST Application

Now we’ll build a very simple reactive REST EmployeeManagement application using Spring WebFlux:

  • Use a simple domain model – Employee with an id and a name field
  • Build a REST API with a RestController to publish Employee resources as a single resource and as a collection
  • Build a client with WebClient to retrieve the same resource
  • Create a secured reactive endpoint using WebFlux and Spring Security

Reactive RestController

Spring WebFlux supports annotation-based configurations in the same way as the Spring Web MVC framework.

To begin with, on the server, we create an annotated controller that publishes a reactive stream of the Employee resource.

Let’s create our annotated EmployeeController:

public class EmployeeController {

    private final EmployeeRepository employeeRepository;
    // constructor...

EmployeeRepository can be any data repository that supports non-blocking reactive streams.

Single Resource

Then let’s create an endpoint in our controller that publishes a single Employee resource:

private Mono<Employee> getEmployeeById(@PathVariable String id) {
    return employeeRepository.findEmployeeById(id);

We wrap a single Employee resource in a Mono because we return at most one employee.

Collection Resource

We also add an endpoint that publishes the collection resource of all Employees:

private Flux<Employee> getAllEmployees() {
    return employeeRepository.findAllEmployees();

For the collection resource, we use a Flux of type Employee since that’s the publisher for 0..n elements.

Reactive Web Client

WebClient, introduced in Spring 5, is a non-blocking client with support for reactive streams.

We can use WebClient to create a client to retrieve data from the endpoints provided by the EmployeeController.

Let’s create a simple EmployeeWebClient:

public class EmployeeWebClient {

    WebClient client = WebClient.create("http://localhost:8080");

    // ...

Here we have created a WebClient using its factory method create. It’ll point to localhost:8080, so we can use relative URLs for calls made by this client instance.

Retrieving a Single Resource

To retrieve a single resource of type Mono from endpoint /employee/{id}:

Mono<Employee> employeeMono = client.get()
  .uri("/employees/{id}", "1")


Retrieving a Collection Resource

Similarly, to retrieve a collection resource of type Flux from endpoint /employees:

Flux<Employee> employeeFlux = client.get()

Spring WebFlux Security

We can use Spring Security to secure our reactive endpoints.

Let’s suppose we have a new endpoint in our EmployeeController. This endpoint updates Employee details and sends back the updated Employee.

Since this allows users to change existing employees, we want to restrict this endpoint to ADMIN role users only.

As a result, let’s add a new method to our EmployeeController:

private Mono<Employee> updateEmployee(@RequestBody Employee employee) {
    return employeeRepository.updateEmployee(employee);

Now, to restrict access to this method, let’s create SecurityConfig and define some path-based rules to allow only ADMIN users:

public class EmployeeWebSecurityConfig {

    // ...

    public SecurityWebFilterChain springSecurityFilterChain(
      ServerHttpSecurity http) {
          .pathMatchers(HttpMethod.POST, "/employees/update").hasRole("ADMIN")

This configuration will restrict access to the endpoint /employees/update. Therefore, only users with a role ADMIN will be able to access this endpoint and update an existing Employee.

Finally, the annotation @EnableWebFluxSecurity adds Spring Security WebFlux support with some default configurations.


In this blog, we explored how to create and work with reactive web components as supported by the Spring WebFlux framework. As an example, we built a small Reactive REST application.

Then we learned how to use RestController and WebClient to publish and consume reactive streams.

We also looked into how to create a secured reactive endpoint with the help of Spring Security.

Other than Reactive RestController and WebClient, the WebFlux framework also supports reactive WebSocket and the corresponding WebSocketClient for socket style streaming of Reactive Streams.

Reference Link :-

Written by 

KRISHNA JAISWAL is Software Consultant Trainee at Knoldus. He is passionate about JAVA , MYSQL , having knowledge of C , C++ and much more. He is recognised as a good team player, a dedicated and responsible professional, and a technology enthusiast. He is a quick learner & curious to learn new technologies. His hobbies include reading Books , listening Music and playing Cricket .