Add denyAll method in AuthorizePayloadsSpec.Access

jascama · eddumelendez · jascama · commit daf6b53e3a94 · 2019-09-17T20:17:10.000-05:00
See gh-7437 Co-authored-by: Eddú Meléndez <eddu.melendez@gmail.com>
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@@ -104,6 +104,7 @@
  * }
  * </pre>
  * @author Rob Winch
+ * @author Jesús Ascama Arias
  * @since 5.2
  */
 public class RSocketSecurity {
@@ -325,6 +326,11 @@ public AuthorizePayloadsSpec access(
 				AuthorizePayloadsSpec.this.authzBuilder.add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization));
 				return AuthorizePayloadsSpec.this;
 			}
+
+			public AuthorizePayloadsSpec denyAll() {
+				return access((a, ctx) -> Mono
+						.just(new AuthorizationDecision(false)));
+			}
 		}
 	}
 
diff --git a/config/src/test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/config/src/test/java/org/springframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@@ -51,6 +51,7 @@
 
 /**
  * @author Rob Winch
+ * @author Jesús Ascama Arias
  */
 @ContextConfiguration
 @RunWith(SpringRunner.class)
@@ -167,6 +168,21 @@ public void connectWhenNotAuthorized() {
 //			.isInstanceOf(RejectedSetupException.class);
 	}
 
+	@Test
+	public void connectionDenied() {
+		UsernamePasswordMetadata credentials = new UsernamePasswordMetadata("user", "password");
+		this.requester = requester()
+				.setupMetadata(credentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+				.block();
+
+		assertThatCode(() -> this.requester.route("prohibit")
+				.data("data")
+				.retrieveMono(String.class)
+				.block())
+				.isInstanceOf(ApplicationErrorException.class);
+	}
+
 	private RSocketRequester.Builder requester() {
 		return RSocketRequester.builder()
 				.rsocketStrategies(this.handler.getRSocketStrategies());
@@ -225,6 +241,7 @@ PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
 						.setup().hasRole("SETUP")
 						.route("secure.admin.*").hasRole("ADMIN")
 						.route("secure.**").hasRole("USER")
+						.route("prohibit").denyAll()
 						.anyRequest().permitAll()
 				)
 				.basicAuthentication(Customizer.withDefaults());

Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,7 @@`
`104`	`104`	`* }`
`105`	`105`	`* </pre>`
`106`	`106`	`* @author Rob Winch`
	`107`	`+ * @author Jesús Ascama Arias`
`107`	`108`	`* @since 5.2`
`108`	`109`	`*/`
`109`	`110`	`public class RSocketSecurity {`
`@@ -325,6 +326,11 @@ public AuthorizePayloadsSpec access(`
`325`	`326`	`AuthorizePayloadsSpec.this.authzBuilder.add(new PayloadExchangeMatcherEntry<>(this.matcher, authorization));`
`326`	`327`	`return AuthorizePayloadsSpec.this;`
`327`	`328`	`}`
	`329`	`+`
	`330`	`+ public AuthorizePayloadsSpec denyAll() {`
	`331`	`+ return access((a, ctx) -> Mono`
	`332`	`+ .just(new AuthorizationDecision(false)));`
	`333`	`+ }`
`328`	`334`	`}`
`329`	`335`	`}`
`330`	`336`