One of the most vital parts of modern web applications is security. Since the early years of Spring Web, it has come with a companion module—the Spring Security module. This allows to set up a secure web application and naturally fit the existing Spring Web infrastructure by providing a Filter prior to any controller and web handler invocation. For many years, the Spring Security module was coupled with the Web MVC infrastructure and only used the Filter abstraction from the Servlet API.

Fortunately, with the introduction of the Reactive WebFlux module, everything has changed. In order to support reactive and non-blocking interaction between components and to provide access in a reactive fashion, Spring Security provides an implementation of a totally new reactive stack that uses the new WebFilter infrastructure and relies heavily on Project Reactor's Context feature.