Documentation about configuring SecuritySocketAcceptorInterceptor in Spring Boot is confusing

[aahlenst]

The phrasing in the section Adding SecuritySocketAcceptorInterceptor of the Spring Security documentation is confusing. It says:

In a Spring Boot application, you can do this automatically by using RSocketSecurityAutoConfiguration with the following code.

As I understand it, I have to add the snippet

spring-security/docs/modules/ROOT/pages/reactive/integrations/rsocket.adoc

Lines 73 to 76 in 47acdc7

	@Bean
	RSocketServerCustomizer springSecurityRSocketSecurity(SecuritySocketAcceptorInterceptor interceptor) {
	return (server) -> server.interceptors((registry) -> registry.forSocketAcceptor(interceptor));
	}

to a Spring Boot application to get it to work. However, this breaks the autoconfiguration as the same code is already applied by Spring Boot's autoconfiguration.

I'm not familiar with using RSocket without Spring Boot's autoconfiguration, therefore I do not feel qualified to suggest a better wording. If you need a sample to reproduce the problem, please let me know.

[jzheaux]

Thanks for the feedback @aahlenst. I agree that it's confusing.

I think this:

In a Spring Boot application, you can do this automatically by using RSocketSecurityAutoConfiguration with the following code.

(snippet)

Should instead be this:

Spring Boot registers it automatically in RScoketSecurityAutoConfiguration when you include {gh-samples-url}/reactive/rsocket/hello-security/build.gradle[the correct dependencies].

Or, if you are not using Boot's auto-configuration, you can register it manually in the following way:

(snippet)

To customize the interceptor itself, use RSocketSecurity to add <<rsocket-authentication,authentication>> and <<rsocket-authorization,authorization>>.

I'll schedule this for the next batch of releases.