Fix NPE in WebSocketMessageBrokerSecurityBeanDefinitionParser

Fixes gh-4112 Closes gh-4194
2025-11-04 00:28:54 +00:00 · 2017-01-31 09:40:46 +01:00 · 2017-01-31 09:40:46 +01:00 · 546d44d6e7
commit 546d44d6e7
parent 901a4e183a
2 changed files with 42 additions and 8 deletions
--- a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
@ -255,8 +255,8 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 			for (String beanName : beanNames) {
 				BeanDefinition bd = registry.getBeanDefinition(beanName);
 				String beanClassName = bd.getBeanClassName();
-				if (beanClassName.equals(SimpAnnotationMethodMessageHandler.class
+				if (SimpAnnotationMethodMessageHandler.class.getName().equals(beanClassName) ||
-						.getName()) || beanClassName.equals(WEB_SOCKET_AMMH_CLASS_NAME)) {
+						WEB_SOCKET_AMMH_CLASS_NAME.equals(beanClassName)) {
 					PropertyValue current = bd.getPropertyValues().getPropertyValue(
 							CUSTOM_ARG_RESOLVERS_PROP);
 					ManagedList<Object> argResolvers = new ManagedList<Object>();
@ -275,16 +275,16 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 						}
 					}
 				}
-				else if (beanClassName
+				else if ("org.springframework.web.socket.server.support.WebSocketHttpRequestHandler"
-						.equals("org.springframework.web.socket.server.support.WebSocketHttpRequestHandler")) {
+						.equals(beanClassName)) {
 					addCsrfTokenHandshakeInterceptor(bd);
 				}
-				else if (beanClassName
+				else if ("org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService"
-						.equals("org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService")) {
+						.equals(beanClassName)) {
 					addCsrfTokenHandshakeInterceptor(bd);
 				}
-				else if (beanClassName
+				else if ("org.springframework.web.socket.sockjs.transport.handler.DefaultSockJsService"
-						.equals("org.springframework.web.socket.sockjs.transport.handler.DefaultSockJsService")) {
+						.equals(beanClassName)) {
 					addCsrfTokenHandshakeInterceptor(bd);
 				}
 			}
--- a/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTest.java
+++ b/config/src/test/java/org/springframework/security/config/websocket/MessageSecurityPostProcessorTest.java
@ -0,0 +1,34 @@
 /*
 * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.springframework.security.config.websocket;
 import org.junit.Test;
 import org.springframework.beans.factory.support.BeanDefinitionRegistry;
 import org.springframework.beans.factory.support.GenericBeanDefinition;
 import org.springframework.beans.factory.support.SimpleBeanDefinitionRegistry;
 public class MessageSecurityPostProcessorTest {
 	private WebSocketMessageBrokerSecurityBeanDefinitionParser.MessageSecurityPostProcessor postProcessor =
 		new WebSocketMessageBrokerSecurityBeanDefinitionParser.MessageSecurityPostProcessor("id", false);
 	@Test
 	public void handlesBeansWithoutClass() {
 		BeanDefinitionRegistry registry = new SimpleBeanDefinitionRegistry();
 		registry.registerBeanDefinition("beanWithoutClass", new GenericBeanDefinition());
 		postProcessor.postProcessBeanDefinitionRegistry(registry);
 	}
 }