Ability to disable anonymous authentication in RSocketSecurity #17132
Labels
in: config
An issue in spring-security-config
status: ideal-for-contribution
An issue that we actively are looking for someone to help us with
type: enhancement
A general enhancement
Comments
Aaur1s
added
status: waiting-for-triage
|
Thanks for the suggestion, @Aaur1s. Are you able to submit a PR to add this? I think just the ability to disable will be fine for the time being since there are no other configurable aspects of |
jzheaux
added
in: config
therepanic
added a commit
to therepanic/spring-security
that referenced
this issue
May 22, 2025
…pring-projects#17132) Signed-off-by: Andrey Litvitski <[email protected]>
therepanic
added a commit
to therepanic/spring-security
that referenced
this issue
May 22, 2025
…pring-projects#17132) Signed-off-by: Andrey Litvitski <[email protected]>
jzheaux
pushed a commit
to therepanic/spring-security
that referenced
this issue
May 22, 2025
…pring-projects#17132) Signed-off-by: Andrey Litvitski <[email protected]>
|
Hey, I didn't able to answer in time, sorry. Thank you for your work! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected Behavior
RSocketSecurity dsl should have ability to disable anonymous auth interceptor
Current Behavior
RSocketSecurity has hardcode in private method that adds anonymous interceptor no matter what
Context
I'm doing method-level security and rely on @PreAuthorize("authenticated"), my global security config has just permitAll. So anonymous authentication ruining my rsocket experience, for http security i can just disable it.
As workaround i constructed PayloadSocketAcceptorInterceptor entirely by hand, but this process is quite tedious, it would be nice to be able to disable it in RSocketSecurity dsl like in http.
The text was updated successfully, but these errors were encountered: