Spring Security Extend AuthorizationChannelInterceptor for postReceive() implementation

Expected Behavior

The AuthorizationChannelInterceptor implements a similar to the preSend() in the postReceive() contract which is applicable for the PollableChannel implementations.

Current Behavior

The AuthorizationChannelInterceptor currently implements only preSend() for decision to put a Message<?> onto the MessageChannel or not.

Context

Not all MessageChannel implementations are just SubscribableChannel, there is a PollableChannel which is implemented in Spring Integration as a QueueChannel. With this channel there is no direct connection between producer and consumer. A QueueChannel is polled by the TaskScheduler. So, we need to be secured on that receiving side against messages we poll from the channel. This will lead to a proper messaging security support in Spring Integration applications.

Comment From: artembilan

Any news on this? Will it make in time for upcoming RC release cycle in a couple weeks? Or should I start looking into this as an interim home-made solution?

Thank you!

Comment From: artembilan

See the fix I propose for Spring Integration for current situation: https://github.com/spring-projects/spring-integration/pull/3915.

It looks like the ExpressionBasedAuthorizationManager has to be promoted to the top-level class as well.