SEC-2833: Rossen's feedback on WebSocket

2015-02-04 10:42:34 -06:00 · 2015-02-04 10:42:34 -06:00 · 9b5f76f3d6
parent 72e256b95a
commit 9b5f76f3d6
4 changed files with 19 additions and 10 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
@ -113,7 +113,7 @@ public class MessageSecurityMetadataSourceRegistry {
     * @return the {@link Constraint}  that is associated to the {@link MessageMatcher}
     * @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
     */
-    public Constraint simpDestMessageMatchers(String... patterns) {
+    public Constraint simpMessageDestMatchers(String... patterns) {
        return simpDestMatchers(SimpMessageType.MESSAGE, patterns);
    }

@ -128,7 +128,7 @@ public class MessageSecurityMetadataSourceRegistry {
     * @return the {@link Constraint}  that is associated to the {@link MessageMatcher}
     * @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
     */
-    public Constraint simpDestSubscribeMatchers(String... patterns) {
+    public Constraint simpSubscribeDestMatchers(String... patterns) {
        return simpDestMatchers(SimpMessageType.SUBSCRIBE, patterns);
    }

--- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
@ -46,8 +46,8 @@ import java.util.List;
 *   @Override
 *   protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
 *     messages
- *       .antMatchers("/user/queue/errors").permitAll()
- *       .antMatchers("/admin/**").hasRole("ADMIN")
+ *       .simpDestMatchers("/user/queue/errors").permitAll()
+ *       .simpDestMatchers("/admin/**").hasRole("ADMIN")
 *       .anyMessage().authenticated();
 *   }
 * }
@ -61,7 +61,7 @@ import java.util.List;
 public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends AbstractWebSocketMessageBrokerConfigurer {
    private final WebSocketMessageSecurityMetadataSourceRegistry inboundRegistry = new WebSocketMessageSecurityMetadataSourceRegistry();

-    public final void registerStompEndpoints(StompEndpointRegistry registry) {}
+    public void registerStompEndpoints(StompEndpointRegistry registry) {}

    @Override
    public void addArgumentResolvers(
@ -76,6 +76,15 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
        if(inboundRegistry.containsMapping()) {
            registration.setInterceptors(securityContextChannelInterceptor(),inboundChannelSecurity);
        }
+        customizeClientInboundChannel(registration);
+    }
+
+    /**
+     * Allows subclasses to customize the configuration of the {@link ChannelRegistration}.
+     *
+     * @param registration the {@link ChannelRegistration} to customize
+     */
+    protected void customizeClientInboundChannel(ChannelRegistration registration) {
    }

    @Bean
--- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
@ -225,7 +225,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
    @Test
    public void simpDestMessageMatchersNotMatch() {
        messages
-                .simpDestMessageMatchers("admin/**").denyAll()
+                .simpMessageDestMatchers("admin/**").denyAll()
                .anyMessage().permitAll();

        assertThat(getAttribute()).isEqualTo("permitAll");
@ -234,7 +234,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
    @Test
    public void simpDestMessageMatchersMatch() {
        messages
-                .simpDestMessageMatchers("location/**").denyAll()
+                .simpMessageDestMatchers("location/**").denyAll()
                .anyMessage().permitAll();

        assertThat(getAttribute()).isEqualTo("denyAll");
@ -243,7 +243,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
    @Test
    public void simpDestSubscribeMatchersNotMatch() {
        messages
-                .simpDestSubscribeMatchers("location/**").denyAll()
+                .simpSubscribeDestMatchers("location/**").denyAll()
                .anyMessage().permitAll();

        assertThat(getAttribute()).isEqualTo("permitAll");
@ -256,7 +256,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
                    .build();

        messages
-                .simpDestSubscribeMatchers("location/**").denyAll()
+                .simpSubscribeDestMatchers("location/**").denyAll()
                .anyMessage().permitAll();

        assertThat(getAttribute()).isEqualTo("denyAll");
--- a/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java
+++ b/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java
@ -30,7 +30,7 @@ import org.springframework.security.core.Authentication;
 * @author Rob Winch
 * @since 4.0
 *
- * @see AuthenticationPrincipalArgumentResolver
+ * @see org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
 */
@Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE })
@Retention(RetentionPolicy.RUNTIME)