Class RSocketSecurity

java.lang.Object

org.springframework.security.config.annotation.rsocket.RSocketSecurity

public class RSocketSecurity
extends Object

Allows configuring RSocket based security. A minimal example can be found below:

@Configuration
@EnableRSocketSecurity
public class SecurityConfig {
    @Bean
    PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
        rsocket
            .authorizePayload((authorize) ->
                authorize
                    .anyRequest().authenticated()
            );
        return rsocket.build();
    }

    @Bean
    public MapReactiveUserDetailsService userDetailsService() {
         UserDetails user = User.withDefaultPasswordEncoder()
              .username("user")
              .password("password")
              .roles("USER")
              .build();
         return new MapReactiveUserDetailsService(user);
    }
}

A more advanced configuration can be seen below:

@Configuration
@EnableRSocketSecurity
public class SecurityConfig {
    @Bean
    PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
        rsocket
            .authorizePayload((authorize) ->
                authorize
                    // must have ROLE_SETUP to make connection
                    .setup().hasRole("SETUP")
                     // must have ROLE_ADMIN for routes starting with "admin."
                    .route("admin.*").hasRole("ADMIN")
                    // any other request must be authenticated for
                    .anyRequest().authenticated()
            );
        return rsocket.build();
    }
}

Since:

5.2

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
final class	RSocketSecurity.AnonymousAuthenticationSpec
class	RSocketSecurity.AuthorizePayloadsSpec
final class	RSocketSecurity.BasicAuthenticationSpec
final class	RSocketSecurity.JwtSpec
final class	RSocketSecurity.SimpleAuthenticationSpec

Constructor Summary

Constructors

Constructor	Description
RSocketSecurity()

Method Summary

Modifier and Type	Method	Description
RSocketSecurity	addPayloadInterceptor(PayloadInterceptor interceptor)	Adds a PayloadInterceptor to be used.
RSocketSecurity	anonymous(Customizer<RSocketSecurity.AnonymousAuthenticationSpec> anonymous)	Adds anonymous authentication
RSocketSecurity	authenticationManager(ReactiveAuthenticationManager authenticationManager)
RSocketSecurity	authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec> authorize)
RSocketSecurity	basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec> basic)	Deprecated. Use simpleAuthentication(Customizer)
PayloadSocketAcceptorInterceptor	build()
RSocketSecurity	jwt(Customizer<RSocketSecurity.JwtSpec> jwt)
protected void	setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
RSocketSecurity	simpleAuthentication(Customizer<RSocketSecurity.SimpleAuthenticationSpec> simple)	Adds support for validating a username and password using Simple Authentication

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RSocketSecurity

public RSocketSecurity()

Method Details

addPayloadInterceptor

public RSocketSecurity addPayloadInterceptor(PayloadInterceptor interceptor)

Adds a PayloadInterceptor to be used. This is typically only used when using the DSL does not meet a users needs. In order to ensure the PayloadInterceptor is done in the proper order the PayloadInterceptor should either implement Ordered or be annotated with Order.

Parameters:

interceptor -

Returns:

the builder for additional customizations

See Also:

• PayloadInterceptorOrder

authenticationManager

public RSocketSecurity authenticationManager(ReactiveAuthenticationManager authenticationManager)

simpleAuthentication

public RSocketSecurity simpleAuthentication(Customizer<RSocketSecurity.SimpleAuthenticationSpec> simple)

Adds support for validating a username and password using Simple Authentication

Parameters:

simple - a customizer

Returns:

RSocketSecurity for additional configuration

Since:

5.3

anonymous

public RSocketSecurity anonymous(Customizer<RSocketSecurity.AnonymousAuthenticationSpec> anonymous)

Adds anonymous authentication

Parameters:

anonymous - a customizer

Returns:

this instance

Since:

7.0

basicAuthentication

@Deprecated
public RSocketSecurity basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec> basic)

Deprecated.

Use simpleAuthentication(Customizer)

Adds authentication with BasicAuthenticationPayloadExchangeConverter.

Parameters:

basic -

Returns:

this instance

jwt

public RSocketSecurity jwt(Customizer<RSocketSecurity.JwtSpec> jwt)

authorizePayload

public RSocketSecurity authorizePayload(Customizer<RSocketSecurity.AuthorizePayloadsSpec> authorize)

build

public PayloadSocketAcceptorInterceptor build()

setApplicationContext

protected void setApplicationContext(org.springframework.context.ApplicationContext applicationContext)
                              throws org.springframework.beans.BeansException

Throws:

org.springframework.beans.BeansException