I have a spring boot application that uses the MVC servlet mechanism. Few APIs use Mono and Flux: Reactive endpoints. The Spring Security used in the project is Servlet-based. The Security Context is set in the BearerTokenAuthenticationFilter.