Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718

Closed
aahlenst opened this issue Aug 20, 2023 · 1 comment
Closed

Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing #13718

aahlenst opened this issue Aug 20, 2023 · 1 comment
Assignees
@jzheaux
Labels
in: docs An issue in Documentation or samples type: bug A general bug
Milestone
5.8.9

Comments

@aahlenst
Copy link

The phrasing in the section Adding SecuritySocketAcceptorInterceptor of the Spring Security documentation is confusing. It says:

In a Spring Boot application, you can do this automatically by using RSocketSecurityAutoConfiguration with the following code.

As I understand it, I have to add the snippet

spring-security/docs/modules/ROOT/pages/reactive/integrations/rsocket.adoc

Lines 73 to 76 in 47acdc7

@Bean
RSocketServerCustomizer springSecurityRSocketSecurity(SecuritySocketAcceptorInterceptor interceptor) {
return (server) -> server.interceptors((registry) -> registry.forSocketAcceptor(interceptor));
}

to a Spring Boot application to get it to work. However, this breaks the autoconfiguration as the same code is already applied by Spring Boot's autoconfiguration.

I'm not familiar with using RSocket without Spring Boot's autoconfiguration, therefore I do not feel qualified to suggest a better wording. If you need a sample to reproduce the problem, please let me know.
@aahlenst aahlenst added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Aug 20, 2023
@jzheaux jzheaux added this to the 5.8.9 milestone Oct 16, 2023
@jzheaux
Copy link
Contributor

jzheaux commented Oct 16, 2023

Thanks for the feedback @aahlenst. I agree that it's confusing.

I think this:

In a Spring Boot application, you can do this automatically by using RSocketSecurityAutoConfiguration with the following code.

(snippet)

Should instead be this:

Spring Boot registers it automatically in RScoketSecurityAutoConfiguration when you include {gh-samples-url}/reactive/rsocket/hello-security/build.gradle[the correct dependencies].

Or, if you are not using Boot's auto-configuration, you can register it manually in the following way:

(snippet)

To customize the interceptor itself, use RSocketSecurity to add <<rsocket-authentication,authentication>> and <<rsocket-authorization,authorization>>.

I'll schedule this for the next batch of releases.

@jzheaux jzheaux added in: docs An issue in Documentation or samples and removed status: waiting-for-triage An issue we've not yet triaged labels Oct 16, 2023
@jzheaux jzheaux mentioned this issue Dec 18, 2023
Closed
@jzheaux jzheaux self-assigned this Dec 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: docs An issue in Documentation or samples type: bug A general bug
Projects
Spring Security Team
Status: Done
Milestone
5.8.9
Development

No branches or pull requests
2 participants
@aahlenst @jzheaux