Skip to content

Add MessageExpressionAuthorizationManager#18813

Merged
jzheaux merged 1 commit intospring-projects:mainfrom
wonderfulrosemari:gh-12650-message-expression-authz-manager
Mar 4, 2026
Merged

Add MessageExpressionAuthorizationManager#18813
jzheaux merged 1 commit intospring-projects:mainfrom
wonderfulrosemari:gh-12650-message-expression-authz-manager

Conversation

@wonderfulrosemari
Copy link
Contributor

@wonderfulrosemari wonderfulrosemari commented Feb 27, 2026

Closes gh-12650

This PR promotes expression-based message authorization to a public API by
introducing MessageExpressionAuthorizationManager in the messaging module.

Changes include:

  • adding MessageExpressionAuthorizationManager and unit tests
  • updating the WebSocket XML parser to use the new public manager instead of
    the private inner class
  • updating WebSocket migration docs to reference the built-in manager

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Feb 27, 2026
jzheaux
jzheaux requested changes Mar 3, 2026
View reviewed changes
Copy link
Contributor

@jzheaux jzheaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, @wonderfulrosemari! Thanks for this PR. I've left some feedback inline.

@jzheaux jzheaux self-assigned this Mar 3, 2026
@jzheaux jzheaux added in: messaging An issue in spring-security-messaging type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 3, 2026
@wonderfulrosemari
Copy link
Contributor Author

wonderfulrosemari commented Mar 4, 2026

Thanks for the feedback. I removed the deprecated setter and replaced the public (expressionHandler, expression) constructor with a builder-style API using withSecurityExpressionHandler(...).expression(...), and updated the WebSocket XML parser and tests accordingly.

@jzheaux jzheaux changed the title Expose message expression authz manager Add MessageExpressionAuthorizationManager Mar 4, 2026
@jzheaux
Copy link
Contributor

jzheaux commented Mar 4, 2026

Thanks for the updates, @wonderfulrosemari. In preparation for merging, will you please squash your commits and change the title of your new commit to "Add MessageExpressionAuthorizationManager"?

@jzheaux jzheaux added this to the 7.1.0-M3 milestone Mar 4, 2026
@wonderfulrosemari wonderfulrosemari force-pushed the gh-12650-message-expression-authz-manager branch from 2dd8978 to e23822e Compare March 4, 2026 01:14
@jzheaux jzheaux enabled auto-merge (rebase) March 4, 2026 01:20
@jzheaux
Copy link
Contributor

jzheaux commented Mar 4, 2026

Thanks, @wonderfulrosemari! Sorry for a miscommunication, it is still helpful to have the Closes gh-12650 in the commit message. So, like this:

Add MessageExpressionAuthorizationManager

Closes gh-12650

Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>

This helps with future research when trying to track down why a specific change to the codebase was made. Will you please change your commit message to include the above?

@jzheaux jzheaux disabled auto-merge March 4, 2026 01:25
@jzheaux jzheaux added the status: waiting-for-feedback We need additional information before we can continue label Mar 4, 2026
@wonderfulrosemari
Add MessageExpressionAuthorizationManager
56ab9da 
Closes spring-projectsgh-12650

Signed-off-by: wonderfulrosemari <whwlsgur1419@naver.com>
@wonderfulrosemari wonderfulrosemari force-pushed the gh-12650-message-expression-authz-manager branch from e23822e to 56ab9da Compare March 4, 2026 01:37
@wonderfulrosemari
Copy link
Contributor Author

wonderfulrosemari commented Mar 4, 2026

Updated the commit message to include "Closes gh-12650". Thanks!

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Mar 4, 2026
@jzheaux jzheaux removed the status: feedback-provided Feedback has been provided label Mar 4, 2026
@jzheaux jzheaux merged commit 07297e7 into spring-projects:main Mar 4, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jzheaux jzheaux jzheaux requested changes

Assignees

@jzheaux jzheaux

Labels

in: messaging An issue in spring-security-messaging type: enhancement A general enhancement

Projects

None yet

Milestone

7.1.0-M3

Development

Successfully merging this pull request may close these issues.

Programmatic way to use expression-based authorization manager for websockets

3 participants

@wonderfulrosemari @jzheaux @spring-projects-issues