I’m mirroring a question asked directly on GitHub here.
I’m up to the point where if I authorize("/subscriptions",permitAll) while configuring my SecurityWebFilterChain then I can successfully use my subscription queries. However, that removes all the security. I would have liked to do: authorize("/subscriptions",hasAuthority("access"))
Anyway, now I need to make sur that the user is properly authenticated and authorized. I use ReactiveMetodSecurity with @PreAuthorize("hasAuthority('read')") or hasPermission(#id, 'entity', 'read:restricted') directly on the @DgsSubscription method.
This works in a way: hasAuthority is triggered although it responds with false. As far as I know that’s because the Authentication object has not been initialized with the token.
It’s most likely because there is no default behavior to intercept the connection_init message that contains the token.
Thus I’m wondering: how can I fetch that connection_init message and set the Authentication so that it’s picked up by spring ?
Thanks
