Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ReactiveAuthorizationManager + Reactive Method Security #9401

Closed
1 task done
jzheaux opened this issue Feb 2, 2021 · 6 comments · Fixed by #9867
Closed
1 task done

ReactiveAuthorizationManager + Reactive Method Security #9401

jzheaux opened this issue Feb 2, 2021 · 6 comments · Fixed by #9867
Assignees
@evgeniycheban
Labels
type: enhancement A general enhancement
Milestone
5.8.x

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Feb 2, 2021
edited by rwinch
Loading

We should provide an implementation of Reactive Method Security that leverages ReactiveAuthorizationManager similar to gh-9289 The implementation should support:

For full support this may require updates to SpEL support to support Reactor (i.e. it likely needs to support lambdas) but beans can easily return reactive types that would be supported by SpEL.

Related to #9289, #5249, and #4841

Once #9289 is addressed, we could consider applying the same model to reactive method security.
@jzheaux jzheaux added the type: enhancement A general enhancement label Feb 2, 2021
This was referenced Feb 2, 2021
Open
Closed
@jzheaux jzheaux mentioned this issue Mar 12, 2021
Closed
@evgeniycheban
Copy link
Contributor

@jzheaux I can take this.

@jzheaux
Copy link
Contributor Author

jzheaux commented May 3, 2021

Great, @evgeniycheban! It's yours. I'd recommend waiting until #9630 is merged before proceeding.

@rwinch rwinch changed the title Consider ReactiveAuthorizationManager for Reactive Method Security ReactiveAuthorizationManager + Reactive Method Security May 13, 2021
@rwinch rwinch mentioned this issue May 13, 2021
Closed
@rwinch
Copy link
Member

rwinch commented May 13, 2021

@evgeniycheban Thanks for volunteering to work on this issue. I've updated the description to include more detailed requirements. I think you can start on this issue before we merge the mentioned PR, but base it off the branch with gh-9630

@evgeniycheban evgeniycheban mentioned this issue Jun 4, 2021
Merged
@jzheaux jzheaux mentioned this issue Mar 31, 2022
Closed
@mkrzywanski
Copy link

What is the status of this ticket?

@evgeniycheban
Copy link
Contributor

What is the status of this ticket?

Waiting for review.

@rwinch rwinch added this to the 5.8.x milestone Jun 6, 2022
This was referenced Jun 7, 2022
Closed
Closed
evgeniycheban added a commit to evgeniycheban/spring-security that referenced this issue Aug 16, 2022
@evgeniycheban
ReactiveAuthorizationManager + Reactive Method Security
0039cca 
Closes spring-projectsgh-9401
jzheaux added a commit that referenced this issue Aug 25, 2022
@jzheaux
Add MockMethodInvocation Constructor
6fd23d2 
Issue gh-9401
jzheaux added a commit that referenced this issue Aug 25, 2022
@jzheaux
Polish ReactiveMethodSecurity Support
e990174 
- Changed annotation property to useAuthorizationManager
to match related XML support
- Moved support found in bean post-processors back into
interceptors directly. This reduces the number of components to
maintain and simplifies ongoing support
- Added @deprecated annotation to indicate that applications
should use AuthorizationManagerBeforeReactiveMethodInterceptor and
AuthorizationManagerAfterReactiveMethodInterceptor instead. While
true that the new support does not support coroutines, the existing
coroutine support is problematic since it cannot be reliably paired
with other method interceptors
- Moved expression handler configuration to the constructors
- Constrain all method security interceptors to require publisher types
- Use ReactiveAdapter to check for single-value types as well

Issue gh-9401

Polish
jzheaux added a commit that referenced this issue Aug 25, 2022
@jzheaux
Document ReactiveMethodSecurity improvements
070dce1 
Issue gh-9401
jzheaux added a commit that referenced this issue Aug 25, 2022
@jzheaux
Add @configuration
210693e 
Issue gh-6613
Issue gh-9401
@rrrship
Copy link

rrrship commented Nov 30, 2023

In the docs it says that adding Kotlin coroutines support for the reactive method security is blocked by spring-projects/spring-framework#22462, which seems to be done now, so are there any new tickets to follow for the development of this?

@jzheaux jzheaux mentioned this issue Feb 22, 2024
Closed
@bskorka bskorka mentioned this issue Jun 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@evgeniycheban evgeniycheban

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
5.8.x
Development

Successfully merging a pull request may close this issue.

ReactiveAuthorizationManager + Reactive Method Security evgeniycheban/spring-security
5 participants
@rwinch @jzheaux @evgeniycheban @mkrzywanski @rrrship