I have read much documentation about Spring Security and the use with RSocket. It is possible to authenticate the client at Setup Time if the client sends authentication metadata along with the SETUP frame. It seems that Spring Security (server side) then generates an access token which gets send back to the client for later authentication (at least that is what I assume). If you then do any request with the RSocketRequester against endpoints which require authentication, you will automatically be authenticated.
The problem I am facing is the following: I want to authorize the client at some point in time, when a connection is already established. Also, I don't want to send the username and password (I am using the SimpleAuthentication) with each request I send to the server. My question is: How can I trigger the authentication procedure of Spring Security after the SETUP frame without reopening a new connection and passing the credentials in the setupMetadata?
UsernamePasswordMetadata user = new UsernamePasswordMetadata("username", "password");
MimeType simpleAuth = MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString());
RSocketRequester.Builder builder = ...;
RSocketRequest rSocketRequester = builder.rsocketStrategies(
strategyBuilder -> strategyBuilder.encoder(new SimpleAuthenticationEncoder())
).setupMetadata(user, simpleAuth)
The following uses authentication at setup time (which I don't want): https://spring.io/blog/2020/06/17/getting-started-with-rsocket-spring-security