Package org.springframework.security.config.annotation.rsocket

Class RSocketSecurity

java.lang.Object

org.springframework.security.config.annotation.rsocket.RSocketSecurity

public class RSocketSecurity
extends java.lang.Object

Allows configuring RSocket based security. A minimal example can be found below:

 @EnableRSocketSecurity
 public class SecurityConfig {
     @Bean
     PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
         rsocket
             .authorizePayload((authorize) ->
                 authorize
                     .anyRequest().authenticated()
             );
         return rsocket.build();
     }

     @Bean
     public MapReactiveUserDetailsService userDetailsService() {
          UserDetails user = User.withDefaultPasswordEncoder()
               .username("user")
               .password("password")
               .roles("USER")
               .build();
          return new MapReactiveUserDetailsService(user);
     }
 }
 

A more advanced configuration can be seen below:

 @EnableRSocketSecurity
 public class SecurityConfig {
     @Bean
     PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
         rsocket
             .authorizePayload((authorize) ->
                 authorize
                     // must have ROLE_SETUP to make connection
                     .setup().hasRole("SETUP")
                      // must have ROLE_ADMIN for routes starting with "admin."
                     .route("admin.*").hasRole("ADMIN")
                     // any other request must be authenticated for
                     .anyRequest().authenticated()
             );
         return rsocket.build();
     }
 }
 

Since:

5.2

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	RSocketSecurity.AuthorizePayloadsSpec
class	RSocketSecurity.BasicAuthenticationSpec
class	RSocketSecurity.JwtSpec
class	RSocketSecurity.SimpleAuthenticationSpec

Constructor Summary

Constructors

Constructor	Description
RSocketSecurity()

Method Summary

Modifier and Type	Method	Description
RSocketSecurity	addPayloadInterceptor(org.springframework.security.rsocket.api.PayloadInterceptor interceptor)	Adds a PayloadInterceptor to be used.
RSocketSecurity	authenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager authenticationManager)
RSocketSecurity	authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec> authorize)
RSocketSecurity	basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec> basic)	Deprecated. Use simpleAuthentication(Customizer)
org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor	build()
RSocketSecurity	jwt(Customizer<RSocketSecurity.JwtSpec> jwt)
protected void	setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
RSocketSecurity	simpleAuthentication(Customizer<RSocketSecurity.SimpleAuthenticationSpec> simple)	Adds support for validating a username and password using Simple Authentication

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RSocketSecurity

public RSocketSecurity()

Method Detail

addPayloadInterceptor

public RSocketSecurity addPayloadInterceptor(org.springframework.security.rsocket.api.PayloadInterceptor interceptor)

Adds a PayloadInterceptor to be used. This is typically only used when using the DSL does not meet a users needs. In order to ensure the PayloadInterceptor is done in the proper order the PayloadInterceptor should either implement Ordered or be annotated with Order.

Parameters:

interceptor -

Returns:

the builder for additional customizations

See Also:

PayloadInterceptorOrder

authenticationManager

public RSocketSecurity authenticationManager(org.springframework.security.authentication.ReactiveAuthenticationManager authenticationManager)

simpleAuthentication

public RSocketSecurity simpleAuthentication(Customizer<RSocketSecurity.SimpleAuthenticationSpec> simple)

Adds support for validating a username and password using Simple Authentication

Parameters:

simple - a customizer

Returns:

RSocketSecurity for additional configuration

Since:

5.3

basicAuthentication

@Deprecated
public RSocketSecurity basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec> basic)

Deprecated.

Use simpleAuthentication(Customizer)

Adds authentication with BasicAuthenticationPayloadExchangeConverter.

Parameters:

basic -

Returns:

this instance

jwt

public RSocketSecurity jwt(Customizer<RSocketSecurity.JwtSpec> jwt)

authorizePayload

public RSocketSecurity authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec> authorize)

build

public org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor build()

setApplicationContext

protected void setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
                              throws org.springframework.beans.BeansException

Throws:

org.springframework.beans.BeansException