mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-06-01 09:42:13 +00:00
SEC-2827: Clean up MessageMatcher Ambiguities
This commit is contained in:
parent
b97a5d3b53
commit
414f98bee0
@ -57,13 +57,23 @@ public class MessageSecurityMetadataSourceRegistry {
|
|||||||
return matchers(MessageMatcher.ANY_MESSAGE);
|
return matchers(MessageMatcher.ANY_MESSAGE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Maps any {@link Message} that has a null SimpMessageHeaderAccessor destination header (i.e. CONNECT,
|
||||||
|
* CONNECT_ACK, HEARTBEAT, UNSUBSCRIBE, DISCONNECT, DISCONNECT_ACK, OTHER)
|
||||||
|
*
|
||||||
|
* @return the Expression to associate
|
||||||
|
*/
|
||||||
|
public Constraint nullDestMatcher() {
|
||||||
|
return matchers(SimpDestinationMessageMatcher.NULL_DESTINATION_MATCHER);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances.
|
* Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances.
|
||||||
*
|
*
|
||||||
* @param typesToMatch the {@link SimpMessageType} instance to match on
|
* @param typesToMatch the {@link SimpMessageType} instance to match on
|
||||||
* @return the {@link Constraint} associated to the matchers.
|
* @return the {@link Constraint} associated to the matchers.
|
||||||
*/
|
*/
|
||||||
public Constraint typeMatchers(SimpMessageType... typesToMatch) {
|
public Constraint simpTypeMatchers(SimpMessageType... typesToMatch) {
|
||||||
MessageMatcher<?>[] typeMatchers = new MessageMatcher<?>[typesToMatch.length];
|
MessageMatcher<?>[] typeMatchers = new MessageMatcher<?>[typesToMatch.length];
|
||||||
for (int i = 0; i < typesToMatch.length; i++) {
|
for (int i = 0; i < typesToMatch.length; i++) {
|
||||||
SimpMessageType typeToMatch = typesToMatch[i];
|
SimpMessageType typeToMatch = typesToMatch[i];
|
||||||
@ -81,15 +91,45 @@ public class MessageSecurityMetadataSourceRegistry {
|
|||||||
* the patterns to create
|
* the patterns to create
|
||||||
* {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
|
* {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
|
||||||
* from. Uses
|
* from. Uses
|
||||||
* {@link MessageSecurityMetadataSourceRegistry#pathMatcher(PathMatcher)}
|
* {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
|
||||||
* .
|
* .
|
||||||
*
|
*
|
||||||
* @return the {@link Constraint} that is associated to the
|
* @return the {@link Constraint} that is associated to the
|
||||||
* {@link MessageMatcher}
|
* {@link MessageMatcher}
|
||||||
* @see {@link MessageSecurityMetadataSourceRegistry#pathMatcher(PathMatcher)}
|
* @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
|
||||||
*/
|
*/
|
||||||
public Constraint antMatchers(String... patterns) {
|
public Constraint simpDestMatchers(String... patterns) {
|
||||||
return antMatchers(null, patterns);
|
return simpDestMatchers(null, patterns);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances that match on {@code SimpMessageType.MESSAGE}.
|
||||||
|
* If no destination is found on the Message, then the Matcher returns
|
||||||
|
* false.
|
||||||
|
*
|
||||||
|
* @param patterns the patterns to create {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
|
||||||
|
* from. Uses {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}.
|
||||||
|
*
|
||||||
|
* @return the {@link Constraint} that is associated to the {@link MessageMatcher}
|
||||||
|
* @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
|
||||||
|
*/
|
||||||
|
public Constraint simpDestMessageMatchers(String... patterns) {
|
||||||
|
return simpDestMatchers(SimpMessageType.MESSAGE, patterns);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances that match on {@code SimpMessageType.SUBSCRIBE}.
|
||||||
|
* If no destination is found on the Message, then the Matcher returns
|
||||||
|
* false.
|
||||||
|
*
|
||||||
|
* @param patterns the patterns to create {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
|
||||||
|
* from. Uses {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}.
|
||||||
|
*
|
||||||
|
* @return the {@link Constraint} that is associated to the {@link MessageMatcher}
|
||||||
|
* @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
|
||||||
|
*/
|
||||||
|
public Constraint simpDestSubscribeMatchers(String... patterns) {
|
||||||
|
return simpDestMatchers(SimpMessageType.SUBSCRIBE, patterns);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -99,12 +139,12 @@ public class MessageSecurityMetadataSourceRegistry {
|
|||||||
*
|
*
|
||||||
* @param type the {@link SimpMessageType} to match on. If null, the {@link SimpMessageType} is not considered for matching.
|
* @param type the {@link SimpMessageType} to match on. If null, the {@link SimpMessageType} is not considered for matching.
|
||||||
* @param patterns the patterns to create {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
|
* @param patterns the patterns to create {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
|
||||||
* from. Uses {@link MessageSecurityMetadataSourceRegistry#pathMatcher(PathMatcher)}.
|
* from. Uses {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}.
|
||||||
*
|
*
|
||||||
* @return the {@link Constraint} that is associated to the {@link MessageMatcher}
|
* @return the {@link Constraint} that is associated to the {@link MessageMatcher}
|
||||||
* @see {@link MessageSecurityMetadataSourceRegistry#pathMatcher(PathMatcher)}
|
* @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
|
||||||
*/
|
*/
|
||||||
public Constraint antMatchers(SimpMessageType type, String... patterns) {
|
private Constraint simpDestMatchers(SimpMessageType type, String... patterns) {
|
||||||
List<MatcherBuilder> matchers = new ArrayList<MatcherBuilder>(patterns.length);
|
List<MatcherBuilder> matchers = new ArrayList<MatcherBuilder>(patterns.length);
|
||||||
for(String pattern : patterns) {
|
for(String pattern : patterns) {
|
||||||
matchers.add(new PathMatcherMessageMatcherBuilder(pattern, type));
|
matchers.add(new PathMatcherMessageMatcherBuilder(pattern, type));
|
||||||
@ -113,13 +153,13 @@ public class MessageSecurityMetadataSourceRegistry {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The {@link PathMatcher} to be used with the {@link MessageSecurityMetadataSourceRegistry#antMatchers(String...)}.
|
* The {@link PathMatcher} to be used with the {@link MessageSecurityMetadataSourceRegistry#simpDestMatchers(String...)}.
|
||||||
* The default is to use the default constructor of {@link AntPathMatcher}.
|
* The default is to use the default constructor of {@link AntPathMatcher}.
|
||||||
*
|
*
|
||||||
* @param pathMatcher the {@link PathMatcher} to use. Cannot be null.
|
* @param pathMatcher the {@link PathMatcher} to use. Cannot be null.
|
||||||
* @return the {@link MessageSecurityMetadataSourceRegistry} for further customization.
|
* @return the {@link MessageSecurityMetadataSourceRegistry} for further customization.
|
||||||
*/
|
*/
|
||||||
public MessageSecurityMetadataSourceRegistry pathMatcher(PathMatcher pathMatcher) {
|
public MessageSecurityMetadataSourceRegistry simpDestPathMatcher(PathMatcher pathMatcher) {
|
||||||
Assert.notNull(pathMatcher, "pathMatcher cannot be null");
|
Assert.notNull(pathMatcher, "pathMatcher cannot be null");
|
||||||
this.pathMatcher = pathMatcher;
|
this.pathMatcher = pathMatcher;
|
||||||
return this;
|
return this;
|
||||||
@ -344,7 +384,14 @@ public class MessageSecurityMetadataSourceRegistry {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public MessageMatcher<?> build() {
|
public MessageMatcher<?> build() {
|
||||||
return new SimpDestinationMessageMatcher(pattern, type, pathMatcher);
|
if(type == null) {
|
||||||
|
return new SimpDestinationMessageMatcher(pattern, pathMatcher);
|
||||||
|
} else if(SimpMessageType.MESSAGE == type) {
|
||||||
|
return SimpDestinationMessageMatcher.createMessageMatcher(pattern, pathMatcher);
|
||||||
|
} else if(SimpMessageType.SUBSCRIBE == type) {
|
||||||
|
return SimpDestinationMessageMatcher.createSubscribeMatcher(pattern, pathMatcher);
|
||||||
|
}
|
||||||
|
throw new IllegalStateException(type + " is not supported since it does not have a destination");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -22,6 +22,7 @@ import org.mockito.Mock;
|
|||||||
import org.mockito.runners.MockitoJUnitRunner;
|
import org.mockito.runners.MockitoJUnitRunner;
|
||||||
import org.springframework.messaging.Message;
|
import org.springframework.messaging.Message;
|
||||||
import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
|
import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
|
||||||
|
import org.springframework.messaging.simp.SimpMessageType;
|
||||||
import org.springframework.messaging.support.MessageBuilder;
|
import org.springframework.messaging.support.MessageBuilder;
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
import org.springframework.security.messaging.access.intercept.MessageSecurityMetadataSource;
|
import org.springframework.security.messaging.access.intercept.MessageSecurityMetadataSource;
|
||||||
@ -48,20 +49,21 @@ public class MessageSecurityMetadataSourceRegistryTests {
|
|||||||
message = MessageBuilder
|
message = MessageBuilder
|
||||||
.withPayload("Hi")
|
.withPayload("Hi")
|
||||||
.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "location")
|
.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "location")
|
||||||
.build();
|
.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE)
|
||||||
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
// See https://github.com/spring-projects/spring-security/commit/3f30529039c76facf335d6ca69d18d8ae287f3f9#commitcomment-7412712
|
// See https://github.com/spring-projects/spring-security/commit/3f30529039c76facf335d6ca69d18d8ae287f3f9#commitcomment-7412712
|
||||||
// https://jira.spring.io/browse/SPR-11660
|
// https://jira.spring.io/browse/SPR-11660
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherCustom() {
|
public void simpDestMatchersCustom() {
|
||||||
message = MessageBuilder
|
message = MessageBuilder
|
||||||
.withPayload("Hi")
|
.withPayload("Hi")
|
||||||
.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
|
.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
|
||||||
.build();
|
.build();
|
||||||
messages
|
messages
|
||||||
.pathMatcher(new AntPathMatcher("."))
|
.simpDestPathMatcher(new AntPathMatcher("."))
|
||||||
.antMatchers("price.stock.*").permitAll();
|
.simpDestMatchers("price.stock.*").permitAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isNull();
|
assertThat(getAttribute()).isNull();
|
||||||
|
|
||||||
@ -70,21 +72,21 @@ public class MessageSecurityMetadataSourceRegistryTests {
|
|||||||
.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
|
.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
|
||||||
.build();
|
.build();
|
||||||
messages
|
messages
|
||||||
.pathMatcher(new AntPathMatcher("."))
|
.simpDestPathMatcher(new AntPathMatcher("."))
|
||||||
.antMatchers("price.stock.**").permitAll();
|
.simpDestMatchers("price.stock.**").permitAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("permitAll");
|
assertThat(getAttribute()).isEqualTo("permitAll");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherCustomSetAfterMatchersDoesNotMatter() {
|
public void simpDestMatchersCustomSetAfterMatchersDoesNotMatter() {
|
||||||
message = MessageBuilder
|
message = MessageBuilder
|
||||||
.withPayload("Hi")
|
.withPayload("Hi")
|
||||||
.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
|
.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
|
||||||
.build();
|
.build();
|
||||||
messages
|
messages
|
||||||
.antMatchers("price.stock.*").permitAll()
|
.simpDestMatchers("price.stock.*").permitAll()
|
||||||
.pathMatcher(new AntPathMatcher("."));
|
.simpDestPathMatcher(new AntPathMatcher("."));
|
||||||
|
|
||||||
assertThat(getAttribute()).isNull();
|
assertThat(getAttribute()).isNull();
|
||||||
|
|
||||||
@ -93,14 +95,15 @@ public class MessageSecurityMetadataSourceRegistryTests {
|
|||||||
.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
|
.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2")
|
||||||
.build();
|
.build();
|
||||||
messages
|
messages
|
||||||
.antMatchers("price.stock.**").permitAll()
|
.simpDestMatchers("price.stock.**").permitAll()
|
||||||
.pathMatcher(new AntPathMatcher("."));
|
.simpDestPathMatcher(new AntPathMatcher("."));
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("permitAll");
|
assertThat(getAttribute()).isEqualTo("permitAll");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test(expected = IllegalArgumentException.class)
|
@Test(expected = IllegalArgumentException.class)
|
||||||
public void pathMatcherNull() {
|
public void pathMatcherNull() {
|
||||||
messages.pathMatcher(null);
|
messages.simpDestPathMatcher(null);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@ -121,104 +124,203 @@ public class MessageSecurityMetadataSourceRegistryTests {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherExact() {
|
public void simpDestMatchersExact() {
|
||||||
messages
|
messages
|
||||||
.antMatchers("location").permitAll();
|
.simpDestMatchers("location").permitAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("permitAll");
|
assertThat(getAttribute()).isEqualTo("permitAll");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherMulti() {
|
public void simpDestMatchersMulti() {
|
||||||
messages
|
messages
|
||||||
.antMatchers("admin/**","api/**").hasRole("ADMIN")
|
.simpDestMatchers("admin/**","api/**").hasRole("ADMIN")
|
||||||
.antMatchers("location").permitAll();
|
.simpDestMatchers("location").permitAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("permitAll");
|
assertThat(getAttribute()).isEqualTo("permitAll");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherRole() {
|
public void simpDestMatchersRole() {
|
||||||
messages
|
messages
|
||||||
.antMatchers("admin/**","location/**").hasRole("ADMIN")
|
.simpDestMatchers("admin/**","location/**").hasRole("ADMIN")
|
||||||
.anyMessage().denyAll();
|
.anyMessage().denyAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("hasRole('ROLE_ADMIN')");
|
assertThat(getAttribute()).isEqualTo("hasRole('ROLE_ADMIN')");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherAnyRole() {
|
public void simpDestMatchersAnyRole() {
|
||||||
messages
|
messages
|
||||||
.antMatchers("admin/**","location/**").hasAnyRole("ADMIN", "ROOT")
|
.simpDestMatchers("admin/**","location/**").hasAnyRole("ADMIN", "ROOT")
|
||||||
.anyMessage().denyAll();
|
.anyMessage().denyAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("hasAnyRole('ROLE_ADMIN','ROLE_ROOT')");
|
assertThat(getAttribute()).isEqualTo("hasAnyRole('ROLE_ADMIN','ROLE_ROOT')");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherAuthority() {
|
public void simpDestMatchersAuthority() {
|
||||||
messages
|
messages
|
||||||
.antMatchers("admin/**","location/**").hasAuthority("ROLE_ADMIN")
|
.simpDestMatchers("admin/**","location/**").hasAuthority("ROLE_ADMIN")
|
||||||
.anyMessage().fullyAuthenticated();
|
.anyMessage().fullyAuthenticated();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("hasAuthority('ROLE_ADMIN')");
|
assertThat(getAttribute()).isEqualTo("hasAuthority('ROLE_ADMIN')");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherAccess() {
|
public void simpDestMatchersAccess() {
|
||||||
String expected = "hasRole('ROLE_ADMIN') and fullyAuthenticated";
|
String expected = "hasRole('ROLE_ADMIN') and fullyAuthenticated";
|
||||||
messages
|
messages
|
||||||
.antMatchers("admin/**","location/**").access(expected)
|
.simpDestMatchers("admin/**","location/**").access(expected)
|
||||||
.anyMessage().denyAll();
|
.anyMessage().denyAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo(expected);
|
assertThat(getAttribute()).isEqualTo(expected);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherAnyAuthority() {
|
public void simpDestMatchersAnyAuthority() {
|
||||||
messages
|
messages
|
||||||
.antMatchers("admin/**","location/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT")
|
.simpDestMatchers("admin/**","location/**").hasAnyAuthority("ROLE_ADMIN", "ROLE_ROOT")
|
||||||
.anyMessage().denyAll();
|
.anyMessage().denyAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("hasAnyAuthority('ROLE_ADMIN','ROLE_ROOT')");
|
assertThat(getAttribute()).isEqualTo("hasAnyAuthority('ROLE_ADMIN','ROLE_ROOT')");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherRememberMe() {
|
public void simpDestMatchersRememberMe() {
|
||||||
messages
|
messages
|
||||||
.antMatchers("admin/**","location/**").rememberMe()
|
.simpDestMatchers("admin/**","location/**").rememberMe()
|
||||||
.anyMessage().denyAll();
|
.anyMessage().denyAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("rememberMe");
|
assertThat(getAttribute()).isEqualTo("rememberMe");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherAnonymous() {
|
public void simpDestMatchersAnonymous() {
|
||||||
messages
|
messages
|
||||||
.antMatchers("admin/**","location/**").anonymous()
|
.simpDestMatchers("admin/**","location/**").anonymous()
|
||||||
.anyMessage().denyAll();
|
.anyMessage().denyAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("anonymous");
|
assertThat(getAttribute()).isEqualTo("anonymous");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherFullyAuthenticated() {
|
public void simpDestMatchersFullyAuthenticated() {
|
||||||
messages
|
messages
|
||||||
.antMatchers("admin/**","location/**").fullyAuthenticated()
|
.simpDestMatchers("admin/**","location/**").fullyAuthenticated()
|
||||||
.anyMessage().denyAll();
|
.anyMessage().denyAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("fullyAuthenticated");
|
assertThat(getAttribute()).isEqualTo("fullyAuthenticated");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void destinationMatcherDenyAll() {
|
public void simpDestMatchersDenyAll() {
|
||||||
messages
|
messages
|
||||||
.antMatchers("admin/**","location/**").denyAll()
|
.simpDestMatchers("admin/**","location/**").denyAll()
|
||||||
.anyMessage().permitAll();
|
.anyMessage().permitAll();
|
||||||
|
|
||||||
assertThat(getAttribute()).isEqualTo("denyAll");
|
assertThat(getAttribute()).isEqualTo("denyAll");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void simpDestMessageMatchersNotMatch() {
|
||||||
|
messages
|
||||||
|
.simpDestMessageMatchers("admin/**").denyAll()
|
||||||
|
.anyMessage().permitAll();
|
||||||
|
|
||||||
|
assertThat(getAttribute()).isEqualTo("permitAll");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void simpDestMessageMatchersMatch() {
|
||||||
|
messages
|
||||||
|
.simpDestMessageMatchers("location/**").denyAll()
|
||||||
|
.anyMessage().permitAll();
|
||||||
|
|
||||||
|
assertThat(getAttribute()).isEqualTo("denyAll");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void simpDestSubscribeMatchersNotMatch() {
|
||||||
|
messages
|
||||||
|
.simpDestSubscribeMatchers("location/**").denyAll()
|
||||||
|
.anyMessage().permitAll();
|
||||||
|
|
||||||
|
assertThat(getAttribute()).isEqualTo("permitAll");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void simpDestSubscribeMatchersMatch() {
|
||||||
|
message = MessageBuilder.fromMessage(message)
|
||||||
|
.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
messages
|
||||||
|
.simpDestSubscribeMatchers("location/**").denyAll()
|
||||||
|
.anyMessage().permitAll();
|
||||||
|
|
||||||
|
assertThat(getAttribute()).isEqualTo("denyAll");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void nullDestMatcherNotMatches() {
|
||||||
|
messages
|
||||||
|
.nullDestMatcher().denyAll()
|
||||||
|
.anyMessage().permitAll();
|
||||||
|
|
||||||
|
assertThat(getAttribute()).isEqualTo("permitAll");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void nullDestMatcherMatch() {
|
||||||
|
message = MessageBuilder
|
||||||
|
.withPayload("Hi")
|
||||||
|
.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
messages
|
||||||
|
.nullDestMatcher().denyAll()
|
||||||
|
.anyMessage().permitAll();
|
||||||
|
|
||||||
|
assertThat(getAttribute()).isEqualTo("denyAll");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void simpTypeMatchersMatch() {
|
||||||
|
messages
|
||||||
|
.simpTypeMatchers(SimpMessageType.MESSAGE).denyAll()
|
||||||
|
.anyMessage().permitAll();
|
||||||
|
|
||||||
|
assertThat(getAttribute()).isEqualTo("denyAll");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void simpTypeMatchersMatchMulti() {
|
||||||
|
messages
|
||||||
|
.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.MESSAGE).denyAll()
|
||||||
|
.anyMessage().permitAll();
|
||||||
|
|
||||||
|
assertThat(getAttribute()).isEqualTo("denyAll");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void simpTypeMatchersNotMatch() {
|
||||||
|
messages
|
||||||
|
.simpTypeMatchers(SimpMessageType.CONNECT).denyAll()
|
||||||
|
.anyMessage().permitAll();
|
||||||
|
|
||||||
|
assertThat(getAttribute()).isEqualTo("permitAll");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void simpTypeMatchersNotMatchMulti() {
|
||||||
|
messages
|
||||||
|
.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.DISCONNECT).denyAll()
|
||||||
|
.anyMessage().permitAll();
|
||||||
|
|
||||||
|
assertThat(getAttribute()).isEqualTo("permitAll");
|
||||||
|
}
|
||||||
|
|
||||||
private String getAttribute() {
|
private String getAttribute() {
|
||||||
MessageSecurityMetadataSource source = messages.createMetadataSource();
|
MessageSecurityMetadataSource source = messages.createMetadataSource();
|
||||||
Collection<ConfigAttribute> attrs = source.getAttributes(message);
|
Collection<ConfigAttribute> attrs = source.getAttributes(message);
|
||||||
|
@ -33,7 +33,15 @@ import org.springframework.util.PathMatcher;
|
|||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
*/
|
*/
|
||||||
public final class SimpDestinationMessageMatcher implements MessageMatcher<Object> {
|
public final class SimpDestinationMessageMatcher implements MessageMatcher<Object> {
|
||||||
|
public static final MessageMatcher<Object> NULL_DESTINATION_MATCHER = new MessageMatcher<Object>() {
|
||||||
|
public boolean matches(Message<? extends Object> message) {
|
||||||
|
String destination = SimpMessageHeaderAccessor.getDestination(message.getHeaders());
|
||||||
|
return destination == null;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
private final PathMatcher matcher;
|
private final PathMatcher matcher;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The {@link MessageMatcher} that determines if the type matches. If the
|
* The {@link MessageMatcher} that determines if the type matches. If the
|
||||||
* type was null, this matcher will match every Message.
|
* type was null, this matcher will match every Message.
|
||||||
@ -76,19 +84,16 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
|
|||||||
this(pattern, null);
|
this(pattern, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
* Creates a new instance with the specified pattern and a {@link AntPathMatcher} created from the default
|
* Creates a new instance with the specified pattern and {@link PathMatcher}.
|
||||||
* constructor.
|
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @param pattern the pattern to use
|
* @param pattern the pattern to use
|
||||||
* @param type the {@link SimpMessageType} to match on or null if any {@link SimpMessageType} should be matched.
|
|
||||||
* @param pathMatcher the {@link PathMatcher} to use.
|
* @param pathMatcher the {@link PathMatcher} to use.
|
||||||
*/
|
*/
|
||||||
public SimpDestinationMessageMatcher(String pattern, SimpMessageType type) {
|
public SimpDestinationMessageMatcher(String pattern, PathMatcher pathMatcher) {
|
||||||
this(pattern, type, new AntPathMatcher());
|
this(pattern, null, pathMatcher);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -100,9 +105,13 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
|
|||||||
* @param type the {@link SimpMessageType} to match on or null if any {@link SimpMessageType} should be matched.
|
* @param type the {@link SimpMessageType} to match on or null if any {@link SimpMessageType} should be matched.
|
||||||
* @param pathMatcher the {@link PathMatcher} to use.
|
* @param pathMatcher the {@link PathMatcher} to use.
|
||||||
*/
|
*/
|
||||||
public SimpDestinationMessageMatcher(String pattern, SimpMessageType type, PathMatcher pathMatcher) {
|
private SimpDestinationMessageMatcher(String pattern, SimpMessageType type, PathMatcher pathMatcher) {
|
||||||
Assert.notNull(pattern, "pattern cannot be null");
|
Assert.notNull(pattern, "pattern cannot be null");
|
||||||
Assert.notNull(pathMatcher, "pathMatcher cannot be null");
|
Assert.notNull(pathMatcher, "pathMatcher cannot be null");
|
||||||
|
if(!isTypeWithDestination(type)) {
|
||||||
|
throw new IllegalArgumentException("SimpMessageType " + type + " does not contain a destination and so cannot be matched on.");
|
||||||
|
}
|
||||||
|
|
||||||
this.matcher = pathMatcher;
|
this.matcher = pathMatcher;
|
||||||
this.messageTypeMatcher = type == null ? ANY_MESSAGE : new SimpMessageTypeMatcher(type);
|
this.messageTypeMatcher = type == null ? ANY_MESSAGE : new SimpMessageTypeMatcher(type);
|
||||||
this.pattern = pattern;
|
this.pattern = pattern;
|
||||||
@ -117,16 +126,45 @@ public final class SimpDestinationMessageMatcher implements MessageMatcher<Objec
|
|||||||
return destination != null && matcher.match(pattern, destination);
|
return destination != null && matcher.match(pattern, destination);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public MessageMatcher<Object> getMessageTypeMatcher() {
|
public MessageMatcher<Object> getMessageTypeMatcher() {
|
||||||
return messageTypeMatcher;
|
return messageTypeMatcher;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String toString() {
|
public String toString() {
|
||||||
return "SimpDestinationMessageMatcher [matcher=" + matcher
|
return "SimpDestinationMessageMatcher [matcher=" + matcher
|
||||||
+ ", messageTypeMatcher=" + messageTypeMatcher + ", pattern="
|
+ ", messageTypeMatcher=" + messageTypeMatcher + ", pattern="
|
||||||
+ pattern + "]";
|
+ pattern + "]";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private boolean isTypeWithDestination(SimpMessageType type) {
|
||||||
|
if(type == null) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return SimpMessageType.MESSAGE.equals(type) || SimpMessageType.SUBSCRIBE.equals(type);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <p>
|
||||||
|
* Creates a new instance with the specified pattern, {@code SimpMessageType.SUBSCRIBE}, and {@link PathMatcher}.
|
||||||
|
* </p>
|
||||||
|
*
|
||||||
|
* @param pattern the pattern to use
|
||||||
|
* @param pathMatcher the {@link PathMatcher} to use.
|
||||||
|
*/
|
||||||
|
public static SimpDestinationMessageMatcher createSubscribeMatcher(String pattern, PathMatcher matcher) {
|
||||||
|
return new SimpDestinationMessageMatcher(pattern, SimpMessageType.SUBSCRIBE, matcher);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* <p>
|
||||||
|
* Creates a new instance with the specified pattern, {@code SimpMessageType.MESSAGE}, and {@link PathMatcher}.
|
||||||
|
* </p>
|
||||||
|
*
|
||||||
|
* @param pattern the pattern to use
|
||||||
|
* @param pathMatcher the {@link PathMatcher} to use.
|
||||||
|
*/
|
||||||
|
public static SimpDestinationMessageMatcher createMessageMatcher(String pattern, PathMatcher matcher) {
|
||||||
|
return new SimpDestinationMessageMatcher(pattern, SimpMessageType.MESSAGE, matcher);
|
||||||
|
}
|
||||||
}
|
}
|
@ -22,6 +22,8 @@ import org.junit.Test;
|
|||||||
import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
|
import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
|
||||||
import org.springframework.messaging.simp.SimpMessageType;
|
import org.springframework.messaging.simp.SimpMessageType;
|
||||||
import org.springframework.messaging.support.MessageBuilder;
|
import org.springframework.messaging.support.MessageBuilder;
|
||||||
|
import org.springframework.util.AntPathMatcher;
|
||||||
|
import org.springframework.util.PathMatcher;
|
||||||
|
|
||||||
|
|
||||||
public class SimpDestinationMessageMatcherTests {
|
public class SimpDestinationMessageMatcherTests {
|
||||||
@ -29,10 +31,13 @@ public class SimpDestinationMessageMatcherTests {
|
|||||||
|
|
||||||
SimpDestinationMessageMatcher matcher;
|
SimpDestinationMessageMatcher matcher;
|
||||||
|
|
||||||
|
PathMatcher pathMatcher;
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void setup() {
|
public void setup() {
|
||||||
messageBuilder = MessageBuilder.withPayload("M");
|
messageBuilder = MessageBuilder.withPayload("M");
|
||||||
matcher = new SimpDestinationMessageMatcher("/**");
|
matcher = new SimpDestinationMessageMatcher("/**");
|
||||||
|
pathMatcher = new AntPathMatcher();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test(expected = IllegalArgumentException.class)
|
@Test(expected = IllegalArgumentException.class)
|
||||||
@ -72,7 +77,7 @@ public class SimpDestinationMessageMatcherTests {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void matchesFalseMessageTypeNotDisconnectType() throws Exception {
|
public void matchesFalseMessageTypeNotDisconnectType() throws Exception {
|
||||||
matcher = new SimpDestinationMessageMatcher("/match", SimpMessageType.MESSAGE);
|
matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", pathMatcher);
|
||||||
|
|
||||||
messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.DISCONNECT);
|
messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.DISCONNECT);
|
||||||
|
|
||||||
@ -81,7 +86,7 @@ public class SimpDestinationMessageMatcherTests {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void matchesTrueMessageType() throws Exception {
|
public void matchesTrueMessageType() throws Exception {
|
||||||
matcher = new SimpDestinationMessageMatcher("/match", SimpMessageType.MESSAGE);
|
matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", pathMatcher);
|
||||||
|
|
||||||
messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,"/match");
|
messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,"/match");
|
||||||
messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
|
messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
|
||||||
@ -89,9 +94,19 @@ public class SimpDestinationMessageMatcherTests {
|
|||||||
assertThat(matcher.matches(messageBuilder.build())).isTrue();
|
assertThat(matcher.matches(messageBuilder.build())).isTrue();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void matchesTrueSubscribeType() throws Exception {
|
||||||
|
matcher = SimpDestinationMessageMatcher.createSubscribeMatcher("/match", pathMatcher);
|
||||||
|
|
||||||
|
messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,"/match");
|
||||||
|
messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE);
|
||||||
|
|
||||||
|
assertThat(matcher.matches(messageBuilder.build())).isTrue();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void matchesNullMessageType() throws Exception {
|
public void matchesNullMessageType() throws Exception {
|
||||||
matcher = new SimpDestinationMessageMatcher("/match", null);
|
matcher = new SimpDestinationMessageMatcher("/match");
|
||||||
|
|
||||||
messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,"/match");
|
messageBuilder.setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER,"/match");
|
||||||
messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
|
messageBuilder.setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.MESSAGE);
|
||||||
@ -101,11 +116,11 @@ public class SimpDestinationMessageMatcherTests {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void typeConstructorParameterIsTransmitted() throws Exception {
|
public void typeConstructorParameterIsTransmitted() throws Exception {
|
||||||
matcher = new SimpDestinationMessageMatcher("/match", SimpMessageType.MESSAGE);
|
matcher = SimpDestinationMessageMatcher.createMessageMatcher("/match", pathMatcher);
|
||||||
|
|
||||||
MessageMatcher<Object> expectedTypeMatcher = new SimpMessageTypeMatcher(SimpMessageType.MESSAGE);
|
MessageMatcher<Object> expectedTypeMatcher = new SimpMessageTypeMatcher(SimpMessageType.MESSAGE);
|
||||||
|
|
||||||
assertThat(matcher.getMessageTypeMatcher()).isEqualTo(expectedTypeMatcher);
|
assertThat(matcher.getMessageTypeMatcher()).isEqualTo(expectedTypeMatcher);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user