spring-projects · dsyer · Sep 1, 2025 · Aug 31, 2025
diff --git a/.../main/java/org/springframework/grpc/server/security/AuthenticationProcessInterceptor.java b/.../main/java/org/springframework/grpc/server/security/AuthenticationProcessInterceptor.java
@@ -66,7 +66,7 @@ public AuthenticationProcessInterceptor(AuthenticationManager authenticationMana
 	public <ReqT, RespT> Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> call, Metadata headers,
 			ServerCallHandler<ReqT, RespT> next) {
 		SecurityContext securityContext = SecurityContextHolder.getContext();
-		Authentication user = this.extractor.extract(headers, call.getAttributes());
+		Authentication user = this.extractor.extract(headers, call.getAttributes(), call.getMethodDescriptor());
 		if (user != null) {
 			user = this.authenticationManager.authenticate(user);
 			securityContext.setAuthentication(user);

diff --git a/...ain/java/org/springframework/grpc/server/security/BearerTokenAuthenticationExtractor.java b/...ain/java/org/springframework/grpc/server/security/BearerTokenAuthenticationExtractor.java
@@ -23,6 +23,7 @@
 
 import io.grpc.Attributes;
 import io.grpc.Metadata;
+import io.grpc.MethodDescriptor;
 
 /**
  * Extracts the HTTP Basic authentication credentials from the gRPC request headers. If
@@ -36,7 +37,7 @@
 public class BearerTokenAuthenticationExtractor implements GrpcAuthenticationExtractor {
 
 	@Override
-	public Authentication extract(Metadata headers, Attributes attributes) {
+	public Authentication extract(Metadata headers, Attributes attributes, MethodDescriptor<?, ?> method) {
 		String auth = headers.get(GrpcSecurity.AUTHORIZATION_KEY);
 		if (auth == null) {
 			return null;

diff --git a/...e/src/main/java/org/springframework/grpc/server/security/GrpcAuthenticationExtractor.java b/...e/src/main/java/org/springframework/grpc/server/security/GrpcAuthenticationExtractor.java
@@ -19,9 +19,10 @@
 
 import io.grpc.Attributes;
 import io.grpc.Metadata;
+import io.grpc.MethodDescriptor;
 
 public interface GrpcAuthenticationExtractor {
 
-	Authentication extract(Metadata headers, Attributes attributes);
+	Authentication extract(Metadata headers, Attributes attributes, MethodDescriptor<?, ?> method);
 
 }
diff --git a/spring-grpc-core/src/main/java/org/springframework/grpc/server/security/GrpcSecurity.java b/spring-grpc-core/src/main/java/org/springframework/grpc/server/security/GrpcSecurity.java
@@ -35,6 +35,7 @@
 
 import io.grpc.Attributes;
 import io.grpc.Metadata;
+import io.grpc.MethodDescriptor;
 import io.micrometer.observation.ObservationRegistry;
 
 /**
@@ -196,9 +197,9 @@ private static class CompositeAuthenticationExtractor implements GrpcAuthenticat
 		}
 
 		@Override
-		public Authentication extract(Metadata headers, Attributes attributes) {
+		public Authentication extract(Metadata headers, Attributes attributes, MethodDescriptor<?, ?> method) {
 			for (GrpcAuthenticationExtractor extractor : this.extractors) {
-				Authentication authentication = extractor.extract(headers, attributes);
+				Authentication authentication = extractor.extract(headers, attributes, method);
 				if (authentication != null) {
 					return authentication;
 				}

diff --git a/.../main/java/org/springframework/grpc/server/security/HttpBasicAuthenticationExtractor.java b/.../main/java/org/springframework/grpc/server/security/HttpBasicAuthenticationExtractor.java
@@ -24,6 +24,7 @@
 
 import io.grpc.Attributes;
 import io.grpc.Metadata;
+import io.grpc.MethodDescriptor;
 
 /**
  * Extracts the HTTP Basic authentication credentials from the gRPC request headers. If
@@ -37,7 +38,7 @@
 public class HttpBasicAuthenticationExtractor implements GrpcAuthenticationExtractor {
 
 	@Override
-	public Authentication extract(Metadata headers, Attributes attributes) {
+	public Authentication extract(Metadata headers, Attributes attributes, MethodDescriptor<?, ?> method) {
 		String auth = headers.get(GrpcSecurity.AUTHORIZATION_KEY);
 		if (auth == null) {
 			return null;

diff --git a/...n/java/org/springframework/grpc/server/security/SslContextPreAuthenticationExtractor.java b/...n/java/org/springframework/grpc/server/security/SslContextPreAuthenticationExtractor.java
@@ -31,6 +31,7 @@
 import io.grpc.Attributes;
 import io.grpc.Grpc;
 import io.grpc.Metadata;
+import io.grpc.MethodDescriptor;
 
 public class SslContextPreAuthenticationExtractor implements GrpcAuthenticationExtractor {
 
@@ -45,7 +46,7 @@ public SslContextPreAuthenticationExtractor(X509PrincipalExtractor principalExtr
 	}
 
 	@Override
-	public Authentication extract(Metadata headers, Attributes attributes) {
+	public Authentication extract(Metadata headers, Attributes attributes, MethodDescriptor<?, ?> method) {
 		SSLSession session = attributes.get(Grpc.TRANSPORT_ATTR_SSL_SESSION);
 		if (session != null) {
 			X509Certificate[] certificates = initCertificates(session);