Springboot Method Level Security not working with GRPC

[binaradarsha]

I setup a Springboot (SSL) application with GRPC, including few REST controllers too.
Method Level Security not working in GRPC controllers, neither inside invoked service layer and jpa layer methods too.
Still works well in REST controllers.

Status{code=UNKNOWN, description=null, cause=null} is retrieved when invoke a GRPC service method with @PreAuthorize("hasAuthority('ROLE')"). I checked with debug that SecurityContextHolder does not have an Authentication object.

In maven pom.xml, dependencies are presented as below.

        <groupId>net.devh</groupId>
        <artifactId>grpc-server-spring-boot-starter</artifactId>
        <version>1.2.0.RELEASE</version>

        <groupId>net.devh</groupId>
        <artifactId>grpc-client-spring-boot-starter</artifactId>
        <version>1.2.0.RELEASE</version>

Is this a configuration issue with this dependency, or seems I am missing something?

Should I do some JWK configuration?

[ST-DDT]

For me the following worked:

• Implemented an authenticating interceptor similar to: https://github.com/revinate/grpc-spring-security-demo/blob/master/src/main/java/com/revinate/grpcspringsecurity/grpc/interceptor/BasicAuthenticationInterceptor.java
  (If you don't do this you will always get AuthenticationExceptions)
• an exception handler/mapper interceptor
  (if you don't do this you will get RuntimeStatusException with internal error status codes)
• Enable @EnableGlobalMethodSecurity(securedEnabled = true, proxyTargetClass = true)
  (if you don't do this you get RuntimeStatusException with unimplemented status codes. You will get a warning in the logs, though: see Issues with SpringSecurity - AOP final issue vs missing interface proxying grpc/grpc-java#4970)

[ST-DDT]

See also: pagrus7/grpc-spring-boot-starter@15ab3c0

[binaradarsha]

Hi, thanks for comments, I will check on them.

[ST-DDT]

If all goes well I might be able to PR some more features such as Security auto configuration to this project. Since that is work related I have to check with the company first.

[ST-DDT]

@yidongnan Would you merge a corresponding contribution (from me), or do you want to keep the library as slim as possible?