That’s because I don’t use custom exception handling for unauthorized and forbidden response, then Spring add this WWW-Authenticate: Basic realm="Realm" to response header, and actually you can’t login via that form.

I just update the article, and you can check here https://github.com/ard333/spring-boot-webflux-jjwt/blob/master/src/main/java/com/ard333/springbootwebfluxjjwt/security/WebSecurityConfig.java#L31