From 2feef7a2607789d5f6fc7b220a770a69d958f4b3 Mon Sep 17 00:00:00 2001
From: Andrey Litvitski <andrey1010102008@gmail.com>
Date: Thu, 22 May 2025 20:02:49 +0300
Subject: [PATCH] add option to disable anonymous authentication in
 `RSocketSecurity` (#17132)

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
---
 .../annotation/rsocket/RSocketSecurity.java    | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
index c868b29ba33..5cbc392537a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2024 the original author or authors.
+ * Copyright 2019-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -109,6 +109,7 @@
  * @author Manuel Tejeda
  * @author Ebert Toribio
  * @author Ngoc Nhan
+ * @author Andrey Litvitski
  * @since 5.2
  */
 public class RSocketSecurity {
@@ -119,6 +120,8 @@ public class RSocketSecurity {
 
 	private SimpleAuthenticationSpec simpleAuthSpec;
 
+	private boolean disableAnonymous;
+
 	private JwtSpec jwtSpec;
 
 	private AuthorizePayloadsSpec authorizePayload;
@@ -179,6 +182,15 @@ public RSocketSecurity basicAuthentication(Customizer<BasicAuthenticationSpec> b
 		return this;
 	}
 
+	/**
+	 * Disables anonymous authentication.
+	 * @return the builder for additional customizations
+	 */
+	public RSocketSecurity disableAnonymous() {
+		this.disableAnonymous = true;
+		return this;
+	}
+
 	public RSocketSecurity jwt(Customizer<JwtSpec> jwt) {
 		if (this.jwtSpec == null) {
 			this.jwtSpec = new JwtSpec();
@@ -214,7 +226,9 @@ private List<PayloadInterceptor> payloadInterceptors() {
 		if (this.jwtSpec != null) {
 			result.addAll(this.jwtSpec.build());
 		}
-		result.add(anonymous());
+		if (!this.disableAnonymous) {
+			result.add(anonymous());
+		}
 		if (this.authorizePayload != null) {
 			result.add(this.authorizePayload.build());
 		}