DEVHIDE
Login Or Sign up

How to make the path public in RSocketSecurity(Spring)

102 Views Asked by At

I have config class for RSocketSecurity Something like that

@Configuration
@EnableRSocketSecurity
@EnableReactiveMethodSecurity
class RSocketAuthConfiguration {

and authorization for it (allows only authenticated users to subscribe )

     security.addPayloadInterceptor(interceptor).authorizePayload {
        it.setup().authenticated().anyRequest().permitAll()
    }

I want to set some routes with public access, but most of them should be with authorization. What is the best way to achieve that?

spring kotlin rsocket spring-rsocket
Original Q&A
2

There are 2 best solutions below

0
On BEST ANSWER

Spring Security Rsocket configures the setup and route respectively.

The following is an example of the configuration part.

@Bean
public PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
        return rsocket
                .authorizePayload(
                        authorize -> {
                            authorize
                                    // must have ROLE_SETUP to make connection
                                    .setup().hasRole("SETUP")
                                    // must have ROLE_ADMIN for routes starting with "greet."
                                    .route("greet*").hasRole("ADMIN")
                                    // any other request must be authenticated for
                                    .anyRequest().authenticated();
                        }
                )
                .basicAuthentication(Customizer.withDefaults())
                .build();
    }

Get the complete example from my Github.

0
On

Something along the following lines should work:

@Configuration
@EnableRSocketSecurity
@EnableReactiveMethodSecurity
class RSocketSecurityConfiguration(val authenticationService: AuthenticationService) {

    @Bean
    fun authorization(security: RSocketSecurity): PayloadSocketAcceptorInterceptor {
        return security
                .authorizePayload {
                    it.route("route-A").hasRole("role-A")
                        .route("route-B").permitAll()
                }
                .simpleAuthentication(Customizer.withDefaults())
                .authenticationManager(authenticationService)
                .build()
    }
}

route-A is authenticated and requires role-A while route-B is publicly available.

Related Questions in SPRING

Related Questions in KOTLIN

Related Questions in RSOCKET

Related Questions in SPRING-RSOCKET

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.