Nice to have: hasAnyAuthority() and hasAnyRole() in AuthorizeExchangeSpec

[andysworkshop]

Summary

Non-reactive spring security provides hasAnyAuthority() and hasAnyRole() for allowing access if the user has any of the provided authorities/roles. It would be great to see this supported in the reactive API as well.

Actual Behavior

The named methods do not exist on org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec

Expected Behavior

The named methods would be provided.

Configuration

Not applicable.

Version

5.1.2

Sample

Not applicable.

[rwinch]

@andysworkshop Thanks for the report! Would you be interested in submitting a PR?

[rmartinus]

I'm happy to give this one a try

[andysworkshop]

Hi @rmartinus, go for it mate 👍

For reference the method signatures in imperative spring security are in the SecurityExpressionRoot class.