Add Spring WebFlux and reactive security support for SPNEGO authentication

[Copilot]

This PR adds comprehensive Spring WebFlux support to kerb4j, enabling Kerberos/SPNEGO authentication in reactive Spring applications.

What's Added

A new kerb4j-server-spring-webflux module that provides reactive equivalents of the existing Spring MVC components:

• SpnegoServerAuthenticationEntryPoint - Reactive equivalent of SpnegoEntryPoint that implements ServerAuthenticationEntryPoint for WebFlux applications
• SpnegoServerAuthenticationConverter - Parses SPNEGO Negotiate and basic authentication headers reactively using ServerAuthenticationConverter
• ReactiveAuthenticationManagerAdapter - Wraps existing blocking AuthenticationManager implementations for use in reactive streams
• SpnegoWebFluxConfigurer - Utility class providing helper methods for easy SPNEGO configuration in WebFlux applications

Key Features

• Full reactive support: Non-blocking, reactive streams-based authentication processing
• Reuses existing components: Authentication providers, ticket validators, and tokens from the WebMVC module are fully compatible
• Fallback support: Supports both SPNEGO and basic authentication fallback mechanisms
• Easy migration: Simple path to migrate from WebMVC to WebFlux with minimal configuration changes
• Comprehensive testing: Complete test coverage including integration scenarios

Usage Example

@Configuration
@EnableWebFluxSecurity
public class WebFluxSecurityConfig {
    @Bean
    public SecurityWebFilterChain securityFilterChain(ServerHttpSecurity http) {
        return http
                .exceptionHandling(e -> e.authenticationEntryPoint(spnegoServerAuthenticationEntryPoint()))
                .authorizeExchange(exchanges -> exchanges
                        .pathMatchers("/hello").hasRole("USER")
                        .anyExchange().permitAll())
                .addFilterBefore(spnegoAuthenticationWebFilter(), SecurityWebFiltersOrder.AUTHENTICATION)
                .build();
    }

    @Bean
    public AuthenticationWebFilter spnegoAuthenticationWebFilter() {
        return SpnegoWebFluxConfigurer.createSpnegoAuthenticationWebFilter(
                new ReactiveAuthenticationManagerAdapter(authManager()));
    }
    
    // Reuse existing authentication providers...
}

Backward Compatibility

This implementation maintains full backward compatibility:

• Existing WebMVC applications continue to work unchanged
• Core authentication logic is shared between WebMVC and WebFlux
• Both modules can be used side-by-side in the same application

Fixes #73.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• server.springsource.org
  • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java -jar /home/REDACTED/work/kerb4j/kerb4j/kerb4j-server/kerb4j-server-spring-security/target/surefire/surefirebooter-20250830094743481_24.jar /home/REDACTED/work/kerb4j/kerb4j/kerb4j-server/kerb4j-server-spring-security/target/surefire 2025-08-30T09-47-17_326-jvmRun1 surefire-20250830094743481_22tmp surefire_4-20250830094743481_23tmp (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.