Add hasAnyAuthority method in AuthorizePayloadsSpec.Access

See Fixes gh-7437 Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
2025-03-04 04:19:09 +00:00 · 2019-09-18 20:55:03 -05:00 · 2019-09-18 20:55:03 -05:00 · 3a66191756
commit 3a66191756
parent 3425db6d16
2 changed files with 30 additions and 1 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@ -104,6 +104,7 @@ import java.util.List;
 * }
 * </pre>
 * @author Rob Winch
+ * @author Ebert Toribio
 * @since 5.2
 */
 public class RSocketSecurity {
@ -320,6 +321,10 @@ public class RSocketSecurity {
 						.just(new AuthorizationDecision(true)));
 			}

+			public AuthorizePayloadsSpec hasAnyAuthority(String... authorities) {
+				return access(AuthorityReactiveAuthorizationManager.hasAnyAuthority(authorities));
+			}
+
 			public AuthorizePayloadsSpec access(
 					ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext> authorization) {
 				AuthorizePayloadsSpec.this.authzBuilder.add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization));
--- a/config/src/test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@ -51,6 +51,7 @@ import static org.assertj.core.api.Assertions.assertThatCode;

 /**
 * @author Rob Winch
+ * @author Ebert Toribio
 */
@ContextConfiguration
@RunWith(SpringRunner.class)
@ -167,6 +168,23 @@ public class RSocketMessageHandlerConnectionITests {
 //			.isInstanceOf(RejectedSetupException.class);
 	}

+	@Test
+	public void connectWithAnyAuthority() {
+		UsernamePasswordMetadata credentials =
+				new UsernamePasswordMetadata("ebert", "ebert");
+		this.requester = requester()
+				.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+				.block();
+
+		String hiEbert = this.requester.route("management.users")
+				.data("ebert")
+				.retrieveMono(String.class)
+				.block();
+
+		assertThat(hiEbert).isEqualTo("Hi ebert");
+	}
+
 	private RSocketRequester.Builder requester() {
 		return RSocketRequester.builder()
 				.rsocketStrategies(this.handler.getRSocketStrategies());
@ -208,13 +226,18 @@ public class RSocketMessageHandlerConnectionITests {
 					.password("password")
 					.roles("USER", "SETUP")
 					.build();
+			UserDetails manager = User.withDefaultPasswordEncoder()
+					.username("ebert")
+					.password("ebert")
+					.roles("SETUP", "MANAGER")
+					.build();

 			UserDetails evil = User.withDefaultPasswordEncoder()
 					.username("evil")
 					.password("password")
 					.roles("EVIL")
 					.build();
-			return new MapReactiveUserDetailsService(admin, user, evil);
+			return new MapReactiveUserDetailsService(admin, user, manager, evil);
 		}

 		@Bean
@ -225,6 +248,7 @@ public class RSocketMessageHandlerConnectionITests {
 						.setup().hasRole("SETUP")
 						.route("secure.admin.*").hasRole("ADMIN")
 						.route("secure.**").hasRole("USER")
+						.route("management.*").hasAnyAuthority("ROLE_MANAGER")
 						.anyRequest().permitAll()
 				)
 				.basicAuthentication(Customizer.withDefaults());