Merge Add hasAnyAuthority method in AuthorizePayloadsSpec.Access

Author: rwinch

config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java

@@ -104,12 +104,10 @@
  * }
  * </pre>
  * @author Rob Winch
-<<<<<<< HEAD
  * @author Jesús Ascama Arias
  * @author Luis Felipe Vega
-=======
  * @author Manuel Tejeda
->>>>>>> 9926ad68b8f4e465f6c5243a8ff993fbf9d1b7a2
+ * @author Ebert Toribio
  * @since 5.2
  */
 public class RSocketSecurity {
@@ -334,6 +332,10 @@ public AuthorizePayloadsSpec permitAll() {
 						.just(new AuthorizationDecision(true)));
 			}
 
+			public AuthorizePayloadsSpec hasAnyAuthority(String... authorities) {
+				return access(AuthorityReactiveAuthorizationManager.hasAnyAuthority(authorities));
+			}
+
 			public AuthorizePayloadsSpec access(
 					ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext> authorization) {
 				AuthorizePayloadsSpec.this.authzBuilder.add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization));

config/src/test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java

@@ -54,6 +54,7 @@
  * @author Luis Felipe Vega
  * @author Jesús Ascama Arias
  * @author Manuel Tejeda
+ * @author Ebert Toribio
  */
 @ContextConfiguration
 @RunWith(SpringRunner.class)
@@ -219,6 +220,23 @@ public void connectWithAnyRole() {
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
+	@Test
+	public void connectWithAnyAuthority() {
+		UsernamePasswordMetadata credentials =
+				new UsernamePasswordMetadata("admin", "password");
+		this.requester = requester()
+				.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+				.block();
+
+		String hiEbert = this.requester.route("management.users")
+				.data("admin")
+				.retrieveMono(String.class)
+				.block();
+
+		assertThat(hiEbert).isEqualTo("Hi admin");
+	}
+
 	private RSocketRequester.Builder requester() {
 		return RSocketRequester.builder()
 				.rsocketStrategies(this.handler.getRSocketStrategies());
@@ -278,6 +296,7 @@ PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
 						.route("secure.admin.*").hasRole("ADMIN")
 						.route("secure.**").hasRole("USER")
 						.route("secure.authority.*").hasAuthority("ROLE_USER")
+						.route("management.*").hasAnyAuthority("ROLE_ADMIN")
 						.route("prohibit").denyAll()
 						.anyRequest().permitAll()
 				)