spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard
verified publisher icon spring-projects

Extend AuthorizationChannelInterceptor for postReceive() implementation

Open artembilan opened this issue 3 years ago • 2 comments

Expected Behavior

The AuthorizationChannelInterceptor implements a similar to the preSend() in the postReceive() contract which is applicable for the PollableChannel implementations.

Current Behavior

The AuthorizationChannelInterceptor currently implements only preSend() for decision to put a Message<?> onto the MessageChannel or not.

Context

Not all MessageChannel implementations are just SubscribableChannel, there is a PollableChannel which is implemented in Spring Integration as a QueueChannel. With this channel there is no direct connection between producer and consumer. A QueueChannel is polled by the TaskScheduler. So, we need to be secured on that receiving side against messages we poll from the channel. This will lead to a proper messaging security support in Spring Integration applications.

artembilan avatar Sep 28 '22 16:09 artembilan

Any news on this? Will it make in time for upcoming RC release cycle in a couple weeks? Or should I start looking into this as an interim home-made solution?

Thank you!

artembilan avatar Oct 06 '22 15:10 artembilan

See the fix I propose for Spring Integration for current situation: https://github.com/spring-projects/spring-integration/pull/3915.

It looks like the ExpressionBasedAuthorizationManager has to be promoted to the top-level class as well.

artembilan avatar Oct 14 '22 14:10 artembilan