Skip to content

Ability to disable anonymous authentication in RSocketSecurity #17132

New issue
New issue
Open
#17159
Open
Ability to disable anonymous authentication in RSocketSecurity#17132
#17159
Labels
in: configAn issue in spring-security-configstatus: ideal-for-contributionAn issue that we actively are looking for someone to help us withtype: enhancementA general enhancement
@Aaur1s

Description

@Aaur1s
Aaur1s
opened on May 18, 2025

Expected Behavior

RSocketSecurity dsl should have ability to disable anonymous auth interceptor

Current Behavior

RSocketSecurity has hardcode in private method that adds anonymous interceptor no matter what

Context

I'm doing method-level security and rely on @PreAuthorize("authenticated"), my global security config has just permitAll. So anonymous authentication ruining my rsocket experience, for http security i can just disable it.
As workaround i constructed PayloadSocketAcceptorInterceptor entirely by hand, but this process is quite tedious, it would be nice to be able to disable it in RSocketSecurity dsl like in http.

Activity

Aaur1s
added
status: waiting-for-triageAn issue we've not yet triaged
type: enhancementA general enhancement
on May 18, 2025
jzheaux

jzheaux commented on May 21, 2025

@jzheaux
jzheaux
on May 21, 2025
Contributor

Thanks for the suggestion, @Aaur1s. Are you able to submit a PR to add this? I think just the ability to disable will be fine for the time being since there are no other configurable aspects of AnonymousPayloadInterceptor.

jzheaux
added
in: configAn issue in spring-security-config
status: ideal-for-contributionAn issue that we actively are looking for someone to help us with
and removed
status: waiting-for-triageAn issue we've not yet triaged
on May 21, 2025
therepanic
added 2 commits that reference this issue on May 22, 2025

add option to disable anonymous authentication in `RSocketSecurity` (s…

53cc13f

add option to disable anonymous authentication in `RSocketSecurity` (s…

356d2ff
therepanic
linked a pull request that will close this issue on May 22, 2025
jzheaux
added a commit that references this issue on May 22, 2025

add option to disable anonymous authentication in `RSocketSecurity` (s…

2feef7a
Aaur1s

Aaur1s commented on May 24, 2025

@Aaur1s
Aaur1s
on May 24, 2025
Author

Hey, I didn't able to answer in time, sorry. Thank you for your work!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: configAn issue in spring-security-configstatus: ideal-for-contributionAn issue that we actively are looking for someone to help us withtype: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @jzheaux@Aaur1s

      Issue actions
        Ability to disable anonymous authentication in RSocketSecurity · Issue #17132 · spring-projects/spring-security