Spring Security Spring Security RSocket PayloadSocketAcceptorInterceptor bean not working with Spring Boot

I wrote a post on RSocket Server Authentication/Authorization using Spring Security which is available here.

I found a problem with Spring Boot 2.2 and Spring Security RSocket Starter working together. When spring.rsocket.server.port property is used in the Server end and a SecurityConfig similar to following is specified. The PayloadSocketAcceptorInterceptor is not being injected into the RSocketServer as a Socket Acceptor Plugin thus no protection is added.

`@Configuration @EnableRSocketSecurity public class SecurityConfig {

@Bean
public PayloadSocketAcceptorInterceptor rsocketInterceptor(RSocketSecurity rsocket) {
    rsocket.authorizePayload(authorize -> {
        authorize
                // must have ROLE_SETUP to make connection
                .setup().hasRole("SETUP")
                // must have ROLE_ADMIN for routes starting with "taxis."
                .route("taxis*").hasRole("ADMIN")
                // any other request must be authenticated for
                .anyRequest().authenticated();
    })                
    .basicAuthentication(Customizer.withDefaults());

    return rsocket.build();
}

@Bean
public MapReactiveUserDetailsService userDetailsService() {
    UserDetails adminUser = User.withDefaultPasswordEncoder().username("shazin").password("sha123").roles("ADMIN").build();

    UserDetails setupUser = User.withDefaultPasswordEncoder().username("setup").password("sha123").roles("SETUP").build();

    return new MapReactiveUserDetailsService(adminUser, setupUser);
}

} `

The RSocketFactory needs to be customized manually to inject the PayloadSocketAcceptorInterceptor bean. I don't think this should be the case. This change needs to be made either in RSocketServerAutoConfiguration or in Spring Security end. Please advice.

Comment From: jzheaux

I don't believe this is an issue any longer. The Spring Security RSocket sample appears to work.

SecuritySocketAcceptorInterceptorConfiguration is the class that picks up a published PayloadSocketAcceptorInterceptor and publishes a SocketAcceptorInterceptor. Boot's RSocketSecurityAutoConfiguration picks this up and registers the appropriate RSocketServerCustomizer.

I'm going to close this issue, given the above. If you are still having trouble, please post a new sample (the link appears outdated), and we can take another look.