From 9b5f76f3d6513be11bf2df3046eb40c7fbc7a001 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@gopivotal.com>
Date: Wed, 4 Feb 2015 10:42:34 -0600
Subject: [PATCH] SEC-2833: Rossen's feedback on WebSocket

---
 .../MessageSecurityMetadataSourceRegistry.java    |  4 ++--
 ...tSecurityWebSocketMessageBrokerConfigurer.java | 15 ++++++++++++---
 ...essageSecurityMetadataSourceRegistryTests.java |  8 ++++----
 .../core/annotation/AuthenticationPrincipal.java  |  2 +-
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
index aea24e8317..efb52345bb 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java
@@ -113,7 +113,7 @@ public class MessageSecurityMetadataSourceRegistry {
      * @return the {@link Constraint}  that is associated to the {@link MessageMatcher}
      * @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
      */
-    public Constraint simpDestMessageMatchers(String... patterns) {
+    public Constraint simpMessageDestMatchers(String... patterns) {
         return simpDestMatchers(SimpMessageType.MESSAGE, patterns);
     }
 
@@ -128,7 +128,7 @@ public class MessageSecurityMetadataSourceRegistry {
      * @return the {@link Constraint}  that is associated to the {@link MessageMatcher}
      * @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
      */
-    public Constraint simpDestSubscribeMatchers(String... patterns) {
+    public Constraint simpSubscribeDestMatchers(String... patterns) {
         return simpDestMatchers(SimpMessageType.SUBSCRIBE, patterns);
     }
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
index efbcc60d50..d50beffa1c 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
@@ -46,8 +46,8 @@ import java.util.List;
  *   @Override
  *   protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
  *     messages
- *       .antMatchers("/user/queue/errors").permitAll()
- *       .antMatchers("/admin/**").hasRole("ADMIN")
+ *       .simpDestMatchers("/user/queue/errors").permitAll()
+ *       .simpDestMatchers("/admin/**").hasRole("ADMIN")
  *       .anyMessage().authenticated();
  *   }
  * }
@@ -61,7 +61,7 @@ import java.util.List;
 public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends AbstractWebSocketMessageBrokerConfigurer {
     private final WebSocketMessageSecurityMetadataSourceRegistry inboundRegistry = new WebSocketMessageSecurityMetadataSourceRegistry();
 
-    public final void registerStompEndpoints(StompEndpointRegistry registry) {}
+    public void registerStompEndpoints(StompEndpointRegistry registry) {}
 
     @Override
     public void addArgumentResolvers(
@@ -76,6 +76,15 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
         if(inboundRegistry.containsMapping()) {
             registration.setInterceptors(securityContextChannelInterceptor(),inboundChannelSecurity);
         }
+        customizeClientInboundChannel(registration);
+    }
+
+    /**
+     * Allows subclasses to customize the configuration of the {@link ChannelRegistration}.
+     *
+     * @param registration the {@link ChannelRegistration} to customize
+     */
+    protected void customizeClientInboundChannel(ChannelRegistration registration) {
     }
 
     @Bean
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
index 77352d6cba..ab14622986 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java
@@ -225,7 +225,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
     @Test
     public void simpDestMessageMatchersNotMatch() {
         messages
-                .simpDestMessageMatchers("admin/**").denyAll()
+                .simpMessageDestMatchers("admin/**").denyAll()
                 .anyMessage().permitAll();
 
         assertThat(getAttribute()).isEqualTo("permitAll");
@@ -234,7 +234,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
     @Test
     public void simpDestMessageMatchersMatch() {
         messages
-                .simpDestMessageMatchers("location/**").denyAll()
+                .simpMessageDestMatchers("location/**").denyAll()
                 .anyMessage().permitAll();
 
         assertThat(getAttribute()).isEqualTo("denyAll");
@@ -243,7 +243,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
     @Test
     public void simpDestSubscribeMatchersNotMatch() {
         messages
-                .simpDestSubscribeMatchers("location/**").denyAll()
+                .simpSubscribeDestMatchers("location/**").denyAll()
                 .anyMessage().permitAll();
 
         assertThat(getAttribute()).isEqualTo("permitAll");
@@ -256,7 +256,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
                     .build();
 
         messages
-                .simpDestSubscribeMatchers("location/**").denyAll()
+                .simpSubscribeDestMatchers("location/**").denyAll()
                 .anyMessage().permitAll();
 
         assertThat(getAttribute()).isEqualTo("denyAll");
diff --git a/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java b/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java
index 53b2319bd2..3bcec67120 100644
--- a/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java
+++ b/core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java
@@ -30,7 +30,7 @@ import org.springframework.security.core.Authentication;
  * @author Rob Winch
  * @since 4.0
  *
- * @see AuthenticationPrincipalArgumentResolver
+ * @see org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
  */
 @Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE })
 @Retention(RetentionPolicy.RUNTIME)