spring-projects · rwinch · Sep 27, 2019 · Sep 26, 2019
diff --git a/...src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/...src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@@ -105,6 +105,7 @@
  * </pre>
  * @author Rob Winch
  * @author Jesús Ascama Arias
+ * @author Luis Felipe Vega
  * @since 5.2
  */
 public class RSocketSecurity {
@@ -312,6 +313,10 @@ public AuthorizePayloadsSpec authenticated() {
 				return access(AuthenticatedReactiveAuthorizationManager.authenticated());
 			}
 
+			public AuthorizePayloadsSpec hasAuthority(String authority) {
+				return access(AuthorityReactiveAuthorizationManager.hasAuthority(authority));
+			}
+
 			public AuthorizePayloadsSpec hasRole(String role) {
 				return access(AuthorityReactiveAuthorizationManager.hasRole(role));
 			}

diff --git a/...ngframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java b/...ngframework/security/config/annotation/rsocket/RSocketMessageHandlerConnectionITests.java
@@ -51,6 +51,7 @@
 
 /**
  * @author Rob Winch
+ * @author Luis Felipe Vega
  */
 @ContextConfiguration
 @RunWith(SpringRunner.class)
@@ -135,6 +136,23 @@ public void routeWhenStreamCredentialsAuthorized() {
 		assertThat(hiRob).isEqualTo("Hi rob");
 	}
 
+	@Test
+	public void routeWhenStreamCredentialsHaveAuthority() {
+		UsernamePasswordMetadata connectCredentials = new UsernamePasswordMetadata("user", "password");
+		this.requester = requester()
+				.setupMetadata(connectCredentials, UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.connectTcp(this.server.address().getHostName(), this.server.address().getPort())
+				.block();
+
+		String hiUser = this.requester.route("secure.authority.retrieve-mono")
+				.metadata(new UsernamePasswordMetadata("admin", "password"), UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE)
+				.data("Felipe")
+				.retrieveMono(String.class)
+				.block();
+
+		assertThat(hiUser).isEqualTo("Hi Felipe");
+	}
+
 	@Test
 	public void connectWhenNotAuthenticated() {
 		this.requester = requester()
@@ -225,6 +243,7 @@ PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
 						.setup().hasRole("SETUP")
 						.route("secure.admin.*").hasRole("ADMIN")
 						.route("secure.**").hasRole("USER")
+						.route("secure.authority.*").hasAuthority("ROLE_USER")
 						.anyRequest().permitAll()
 				)
 				.basicAuthentication(Customizer.withDefaults());