Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-2704: Separation of inbound/outbound authorization rules #2929

Closed
spring-issuemaster opened this issue Aug 18, 2014 · 1 comment
Closed

SEC-2704: Separation of inbound/outbound authorization rules #2929

spring-issuemaster opened this issue Aug 18, 2014 · 1 comment
Assignees
Milestone

Comments

@spring-issuemaster
Copy link

@spring-issuemaster spring-issuemaster commented Aug 18, 2014

Rob Winch (Migrated from SEC-2704) said:

Currently Spring Security attempts to match on all outbound messages. This can have a significant performance overhead. What is the right way to solve this?

Rossen Mentions:

[8/18/14, 2:31:42 PM] Rossen Stoyanchev: i have a test that sends 2000 messages to a topic with 500 subscribers
[8/18/14, 2:31:57 PM] Rossen Stoyanchev: that's 1 million messages in processed in about 50 seconds
[8/18/14, 2:32:07 PM] Rossen Stoyanchev: i.e. it's quite easy to get to such numbers in a short span of time

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented Sep 19, 2014

Rob Winch said:

Now there are two distinct methods to override. For example:

@Configuration
public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {

    @Override
    protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
        ...
    }

    @Override
    protected void configureOutbound(MessageSecurityMetadataSourceRegistry messages) {
        ...
    }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.