From e95430fa36dad205880b87cf5759f62a5aed7304 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Mon, 30 Oct 2017 16:27:33 -0500
Subject: [PATCH] Polish Reactive Method Security reference

Issue gh-4757
---
 .../ReactiveSecurityContextHolderTests.java   | 19 ++++++++++++
 docs/manual/src/docs/asciidoc/index.adoc      | 29 ++++++++++++++++++-
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
index d19b5e6fcc..e1ddd16acd 100644
--- a/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
+++ b/core/src/test/java/org/springframework/security/core/context/ReactiveSecurityContextHolderTests.java
@@ -50,6 +50,25 @@ public class ReactiveSecurityContextHolderTests {
 			.verifyComplete();
 	}
 
+	@Test
+	public void demo() {
+		Authentication authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+
+		Mono<String> messageByUsername = ReactiveSecurityContextHolder.getContext()
+			.map(SecurityContext::getAuthentication)
+			.map(Authentication::getName)
+			.flatMap(this::findMessageByUsername)
+			.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+
+		StepVerifier.create(messageByUsername)
+			.expectNext("Hi user")
+			.verifyComplete();
+	}
+
+	private Mono<String> findMessageByUsername(String username) {
+		return Mono.just("Hi " + username);
+	}
+
 	@Test
 	public void setContextAndClearAndGetContextThenEmitsEmpty() {
 		SecurityContext expectedContext = new SecurityContextImpl(
diff --git a/docs/manual/src/docs/asciidoc/index.adoc b/docs/manual/src/docs/asciidoc/index.adoc
index 7c61c53a4c..cc9c5af5c6 100644
--- a/docs/manual/src/docs/asciidoc/index.adoc
+++ b/docs/manual/src/docs/asciidoc/index.adoc
@@ -1136,7 +1136,34 @@ For additional information about methods that can be overridden, refer to the `G
 [[jc-erms]
 ==== EnableReactiveMethodSecurity
 
-Spring Security supports method security using https://projectreactor.io/docs/core/release/reference/#context[Reactor's Context].
+Spring Security supports method security using https://projectreactor.io/docs/core/release/reference/#context[Reactor's Context] which is setup using `ReactiveSecurityContextHolder`.
+For example, this demonstrates how to retrieve the currently logged in user's message.
+
+[source,java]
+----
+Authentication authentication = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+
+Mono<String> messageByUsername = ReactiveSecurityContextHolder.getContext()
+	.map(SecurityContext::getAuthentication)
+	.map(Authentication::getName)
+	.flatMap(this::findMessageByUsername)
+	// In a WebFlux application the `subscriberContext` is automatically setup using `ReactorContextWebFilter`
+	.subscriberContext(ReactiveSecurityContextHolder.withAuthentication(authentication));
+
+StepVerifier.create(messageByUsername)
+	.expectNext("Hi user")
+	.verifyComplete();
+----
+
+with `this::findMessageByUsername` defined as:
+
+[source,java]
+----
+Mono<String> findMessageByUsername(String username) {
+	return Mono.just("Hi " + username);
+}
+----
+
 Below is a minimal method security configuration when using method security in reactive applications.
 
 [source,java]