As we saw earlier, in a WebFlux web application, Spring Security works based on WebFilter (similar to Servlet Filter in Spring MVC). If you would like to customize certain aspects in Spring Security, especially in request and response manipulation, implementing a custom WebFilter is one of the approaches that can be looked at.

Spring WebFlux offers two approaches to implement filters:

• Using WebFilter: Works for both annotation-based and functional-based (routerhandler)
• Using HandlerFilterFunction: Works only with functional-based