Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Unknown
Description
You can currently define route policies as follows:
@Bean(RolePolicy.ADMIN) public AuthorizationPolicy authorizationPolicyAdmin(AuthenticationManager authenticationManager) { SpringSecurityAuthorizationPolicy authorizationPolicy = new SpringSecurityAuthorizationPolicy(); authorizationPolicy.setAuthenticationManager(authenticationManager); authorizationPolicy.setSpringSecurityAccessPolicy(new SpringSecurityAccessPolicy("ROLE_ADMIN")); authorizationPolicy.setAccessDecisionManager(new AffirmativeBased(Collections.singletonList(new RoleVoter()))); return authorizationPolicy; }
This is however using deprecated classes that will disappear in spring security 7, and is leveraging the deprecated AccessDecisionManager concept instead of the new AuthorizationManager.
See the following references and discussions for details:
- https://docs.spring.io/spring-security/reference/5.8/migration/servlet/authorization.html
- https://docs.spring.io/spring-security/reference/servlet/authorization/architecture.html#authz-access-decision-manager
- https://camel.zulipchat.com/#narrow/stream/257301-camel-spring-boot/topic/Route.20Policies.20and.20Spring.20Security.206
Attachments
Issue Links
- links to