mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-05-15 17:55:04 +00:00
WebSocketMessageBrokerConfigTests groovy->java
Of note is that this commit unrolls three Spock @Unroll-parameterized tests into a separate test for each parameter. Issue: gh-4939
This commit is contained in:
Josh Cummings
Rob Winch
parent
3c07d99b0a
commit
ec46b7dbe1
@ -1,560 +0,0 @@
|
||||
package org.springframework.security.config.websocket
|
||||
|
||||
import static org.mockito.Mockito.*
|
||||
|
||||
import org.springframework.beans.BeansException
|
||||
import org.springframework.beans.factory.config.BeanDefinition
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory
|
||||
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException
|
||||
import org.springframework.beans.factory.support.BeanDefinitionRegistry
|
||||
import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition
|
||||
import org.springframework.core.MethodParameter
|
||||
import org.springframework.core.task.SyncTaskExecutor
|
||||
import org.springframework.http.server.ServerHttpRequest
|
||||
import org.springframework.http.server.ServerHttpResponse
|
||||
import org.springframework.messaging.Message
|
||||
import org.springframework.messaging.MessageDeliveryException
|
||||
import org.springframework.messaging.handler.annotation.MessageMapping
|
||||
import org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver
|
||||
import org.springframework.messaging.simp.SimpMessageHeaderAccessor
|
||||
import org.springframework.messaging.simp.SimpMessageType
|
||||
import org.springframework.messaging.simp.annotation.support.SimpAnnotationMethodMessageHandler
|
||||
import org.springframework.messaging.support.ChannelInterceptor
|
||||
import org.springframework.messaging.support.GenericMessage
|
||||
import org.springframework.mock.web.MockHttpServletRequest
|
||||
import org.springframework.mock.web.MockHttpServletResponse
|
||||
import org.springframework.security.access.AccessDeniedException
|
||||
import org.springframework.security.access.expression.SecurityExpressionOperations;
|
||||
import org.springframework.security.authentication.TestingAuthenticationToken
|
||||
import org.springframework.security.config.AbstractXmlConfigTests
|
||||
import org.springframework.security.core.Authentication
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal
|
||||
import org.springframework.security.core.context.SecurityContextHolder
|
||||
import org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler;
|
||||
import org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot;
|
||||
import org.springframework.security.web.csrf.CsrfToken
|
||||
import org.springframework.security.web.csrf.DefaultCsrfToken
|
||||
import org.springframework.security.web.csrf.InvalidCsrfTokenException
|
||||
import org.springframework.stereotype.Controller
|
||||
import org.springframework.util.AntPathMatcher
|
||||
import org.springframework.web.servlet.HandlerMapping
|
||||
import org.springframework.web.socket.WebSocketHandler
|
||||
import org.springframework.web.socket.server.HandshakeFailureException
|
||||
import org.springframework.web.socket.server.HandshakeHandler
|
||||
import org.springframework.web.socket.server.support.HttpSessionHandshakeInterceptor
|
||||
import org.springframework.web.socket.server.support.WebSocketHttpRequestHandler
|
||||
import org.springframework.web.socket.sockjs.support.SockJsHttpRequestHandler
|
||||
import org.springframework.web.socket.sockjs.transport.handler.SockJsWebSocketHandler
|
||||
|
||||
import spock.lang.Unroll
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Rob Winch
|
||||
*/
|
||||
class WebSocketMessageBrokerConfigTests extends AbstractXmlConfigTests {
|
||||
Authentication messageUser = new TestingAuthenticationToken('user','pass','ROLE_USER')
|
||||
boolean useSockJS = false
|
||||
CsrfToken csrfToken = new DefaultCsrfToken('headerName', 'paramName', 'token')
|
||||
|
||||
def cleanup() {
|
||||
SecurityContextHolder.clearContext()
|
||||
}
|
||||
|
||||
def 'websocket with no id automatically integrates with clientInboundChannel'() {
|
||||
setup:
|
||||
websocket {
|
||||
'intercept-message'(pattern:'/permitAll',access:'permitAll')
|
||||
'intercept-message'(pattern:'/denyAll',access:'denyAll')
|
||||
}
|
||||
|
||||
|
||||
when: 'message is sent to the denyAll endpoint'
|
||||
clientInboundChannel.send(message('/denyAll'))
|
||||
|
||||
then: 'access is denied to the denyAll endpoint'
|
||||
def e = thrown(MessageDeliveryException)
|
||||
e.cause instanceof AccessDeniedException
|
||||
|
||||
and: 'access is granted to the permitAll endpoint'
|
||||
clientInboundChannel.send(message('/permitAll'))
|
||||
}
|
||||
|
||||
def 'anonymous authentication supported'() {
|
||||
setup:
|
||||
websocket {
|
||||
'intercept-message'(pattern:'/permitAll',access:'permitAll')
|
||||
'intercept-message'(pattern:'/denyAll',access:'denyAll')
|
||||
}
|
||||
messageUser = null
|
||||
|
||||
when: 'message is sent to the permitAll endpoint with no user'
|
||||
clientInboundChannel.send(message('/permitAll'))
|
||||
|
||||
then: 'access is granted'
|
||||
noExceptionThrown()
|
||||
}
|
||||
|
||||
@Unroll
|
||||
def "message type - #type"(SimpMessageType type) {
|
||||
setup:
|
||||
websocket {
|
||||
'intercept-message'('type': type.toString(), access:'permitAll')
|
||||
'intercept-message'(pattern:'/**', access:'denyAll')
|
||||
}
|
||||
messageUser = null
|
||||
SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(type)
|
||||
if(SimpMessageType.CONNECT == type) {
|
||||
headers.setNativeHeader(csrfToken.headerName, csrfToken.token)
|
||||
}
|
||||
Message message = message(headers, '/permitAll')
|
||||
|
||||
when: 'message is sent to the permitAll endpoint with no user'
|
||||
clientInboundChannel.send(message)
|
||||
|
||||
then: 'access is granted'
|
||||
noExceptionThrown()
|
||||
|
||||
where:
|
||||
type << SimpMessageType.values()
|
||||
}
|
||||
|
||||
@Unroll
|
||||
def "pattern and message type - #type"(SimpMessageType type) {
|
||||
setup:
|
||||
websocket {
|
||||
'intercept-message'(pattern: '/permitAll', 'type': type.toString(), access:'permitAll')
|
||||
'intercept-message'(pattern:'/**', access:'denyAll')
|
||||
}
|
||||
|
||||
when: 'message is sent to the permitAll endpoint with no user'
|
||||
clientInboundChannel.send(message('/permitAll', type))
|
||||
|
||||
then: 'access is granted'
|
||||
noExceptionThrown()
|
||||
|
||||
when: 'message sent to other message type'
|
||||
clientInboundChannel.send(message('/permitAll', SimpMessageType.UNSUBSCRIBE))
|
||||
|
||||
then: 'does not match'
|
||||
MessageDeliveryException e = thrown()
|
||||
e.cause instanceof AccessDeniedException
|
||||
|
||||
when: 'message is sent to other pattern'
|
||||
clientInboundChannel.send(message('/other', type))
|
||||
|
||||
then: 'does not match'
|
||||
MessageDeliveryException eOther = thrown()
|
||||
eOther.cause instanceof AccessDeniedException
|
||||
|
||||
where:
|
||||
type << [SimpMessageType.MESSAGE, SimpMessageType.SUBSCRIBE]
|
||||
}
|
||||
|
||||
@Unroll
|
||||
def "intercept-message with invalid type and pattern - #type"(SimpMessageType type) {
|
||||
when:
|
||||
websocket {
|
||||
'intercept-message'(pattern : '/**', 'type': type.toString(), access:'permitAll')
|
||||
}
|
||||
then:
|
||||
thrown(BeanDefinitionParsingException)
|
||||
|
||||
where:
|
||||
type << [SimpMessageType.CONNECT, SimpMessageType.CONNECT_ACK, SimpMessageType.DISCONNECT, SimpMessageType.DISCONNECT_ACK, SimpMessageType.HEARTBEAT, SimpMessageType.OTHER, SimpMessageType.UNSUBSCRIBE ]
|
||||
}
|
||||
|
||||
def 'messages with no id automatically adds Authentication argument resolver'() {
|
||||
setup:
|
||||
def id = 'authenticationController'
|
||||
bean(id,MyController)
|
||||
bean('inPostProcessor',InboundExecutorPostProcessor)
|
||||
websocket {
|
||||
'intercept-message'(pattern:'/**',access:'permitAll')
|
||||
}
|
||||
|
||||
when: 'message is sent to the authentication endpoint'
|
||||
clientInboundChannel.send(message('/authentication'))
|
||||
|
||||
then: 'the AuthenticationPrincipal is resolved'
|
||||
def controller = appContext.getBean(id)
|
||||
controller.authenticationPrincipal == messageUser.name
|
||||
}
|
||||
|
||||
def 'messages of type CONNECT use CsrfTokenHandshakeInterceptor'() {
|
||||
setup:
|
||||
def id = 'authenticationController'
|
||||
bean(id,MyController)
|
||||
bean('inPostProcessor',InboundExecutorPostProcessor)
|
||||
websocket {
|
||||
'intercept-message'(pattern:'/**',access:'permitAll')
|
||||
}
|
||||
|
||||
SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT)
|
||||
Message<?> message = message(headers,'/authentication')
|
||||
WebSocketHttpRequestHandler handler = appContext.getBean(WebSocketHttpRequestHandler)
|
||||
MockHttpServletRequest request = new MockHttpServletRequest()
|
||||
String sessionAttr = "sessionAttr"
|
||||
request.getSession().setAttribute(sessionAttr,"sessionValue")
|
||||
|
||||
CsrfToken token = new DefaultCsrfToken("header", "param", "token")
|
||||
request.setAttribute(CsrfToken.name, token)
|
||||
|
||||
when:
|
||||
handler.handleRequest(request , new MockHttpServletResponse())
|
||||
TestHandshakeHandler handshakeHandler = appContext.getBean(TestHandshakeHandler)
|
||||
|
||||
then: 'CsrfToken is populated'
|
||||
handshakeHandler.attributes.get(CsrfToken.name) == token
|
||||
|
||||
and: 'Explicitly listed HandshakeInterceptor are not overridden'
|
||||
handshakeHandler.attributes.get(sessionAttr) == request.getSession().getAttribute(sessionAttr)
|
||||
}
|
||||
|
||||
def 'messages of type CONNECT use CsrfTokenHandshakeInterceptor with SockJS'() {
|
||||
setup:
|
||||
useSockJS = true
|
||||
def id = 'authenticationController'
|
||||
bean(id,MyController)
|
||||
bean('inPostProcessor',InboundExecutorPostProcessor)
|
||||
websocket {
|
||||
'intercept-message'(pattern:'/**',access:'permitAll')
|
||||
}
|
||||
|
||||
SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT)
|
||||
Message<?> message = message(headers,'/authentication')
|
||||
SockJsHttpRequestHandler handler = appContext.getBean(SockJsHttpRequestHandler)
|
||||
MockHttpServletRequest request = new MockHttpServletRequest()
|
||||
String sessionAttr = "sessionAttr"
|
||||
request.getSession().setAttribute(sessionAttr,"sessionValue")
|
||||
|
||||
CsrfToken token = new DefaultCsrfToken("header", "param", "token")
|
||||
request.setAttribute(CsrfToken.name, token)
|
||||
|
||||
request.setMethod("GET")
|
||||
request.setAttribute(HandlerMapping.PATH_WITHIN_HANDLER_MAPPING_ATTRIBUTE, "/289/tpyx6mde/websocket")
|
||||
|
||||
when:
|
||||
handler.handleRequest(request , new MockHttpServletResponse())
|
||||
TestHandshakeHandler handshakeHandler = appContext.getBean(TestHandshakeHandler)
|
||||
|
||||
then: 'CsrfToken is populated'
|
||||
handshakeHandler.attributes?.get(CsrfToken.name) == token
|
||||
|
||||
and: 'Explicitly listed HandshakeInterceptor are not overridden'
|
||||
handshakeHandler.attributes?.get(sessionAttr) == request.getSession().getAttribute(sessionAttr)
|
||||
}
|
||||
|
||||
def 'messages of type CONNECT require valid CsrfToken'() {
|
||||
setup:
|
||||
def id = 'authenticationController'
|
||||
bean(id,MyController)
|
||||
bean('inPostProcessor',InboundExecutorPostProcessor)
|
||||
websocket {
|
||||
'intercept-message'(pattern:'/**',access:'permitAll')
|
||||
}
|
||||
|
||||
when: 'websocket of type CONNECTION is sent without CsrfTOken'
|
||||
SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT)
|
||||
Message<?> message = message(headers,'/authentication')
|
||||
clientInboundChannel.send(message)
|
||||
|
||||
then: 'CSRF Protection blocks the Message'
|
||||
MessageDeliveryException expected = thrown()
|
||||
expected.cause instanceof InvalidCsrfTokenException
|
||||
}
|
||||
|
||||
def 'messages of type CONNECT disabled valid CsrfToken'() {
|
||||
setup:
|
||||
def id = 'authenticationController'
|
||||
bean(id,MyController)
|
||||
bean('inPostProcessor',InboundExecutorPostProcessor)
|
||||
websocket('same-origin-disabled':true) {
|
||||
'intercept-message'(pattern:'/**',access:'permitAll')
|
||||
}
|
||||
|
||||
when: 'websocket of type CONNECTION is sent without CsrfTOken'
|
||||
SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT)
|
||||
Message<?> message = message(headers,'/authentication')
|
||||
clientInboundChannel.send(message)
|
||||
|
||||
then: 'CSRF Protection blocks the Message'
|
||||
noExceptionThrown()
|
||||
}
|
||||
|
||||
def 'websocket with no id does not override customArgumentResolvers'() {
|
||||
setup:
|
||||
def id = 'authenticationController'
|
||||
bean(id,MyController)
|
||||
bean('inPostProcessor',InboundExecutorPostProcessor)
|
||||
bean('mcar', MyCustomArgumentResolver)
|
||||
xml.'websocket:message-broker' {
|
||||
'websocket:transport' {}
|
||||
'websocket:stomp-endpoint'(path:'/app') {
|
||||
'websocket:handshake-handler'(ref:'testHandler') {}
|
||||
}
|
||||
'websocket:simple-broker'(prefix:"/queue, /topic"){}
|
||||
'websocket:argument-resolvers' {
|
||||
'b:ref'(bean:'mcar')
|
||||
}
|
||||
}
|
||||
websocket {
|
||||
'intercept-message'(pattern:'/**',access:'permitAll')
|
||||
}
|
||||
|
||||
when: 'websocket is sent to the myCustom endpoint'
|
||||
clientInboundChannel.send(message('/myCustom'))
|
||||
|
||||
then: 'myCustomArgument is resolved'
|
||||
def controller = appContext.getBean(id)
|
||||
controller.myCustomArgument!= null
|
||||
}
|
||||
|
||||
def 'websocket defaults pathMatcher'() {
|
||||
setup:
|
||||
bean('pathMatcher',AntPathMatcher.name,['.'])
|
||||
bean('testHandler', TestHandshakeHandler)
|
||||
xml.'websocket:message-broker'('path-matcher':'pathMatcher') {
|
||||
'websocket:transport' {}
|
||||
'websocket:stomp-endpoint'(path:'/app') {
|
||||
'websocket:handshake-handler'(ref:'testHandler') {}
|
||||
}
|
||||
'websocket:simple-broker'(prefix:"/queue, /topic"){}
|
||||
}
|
||||
xml.'websocket-message-broker' {
|
||||
'intercept-message'(pattern:'/denyAll.*',access:'denyAll')
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
when: 'sent to denyAll.a'
|
||||
appContext.getBean(SimpAnnotationMethodMessageHandler)
|
||||
clientInboundChannel.send(message('/denyAll.a'))
|
||||
|
||||
then: 'access is denied'
|
||||
MessageDeliveryException expected = thrown()
|
||||
expected.cause instanceof AccessDeniedException
|
||||
|
||||
when: 'sent to denyAll.a.b'
|
||||
clientInboundChannel.send(message('/denyAll.a.b'))
|
||||
|
||||
then: 'access is allowed'
|
||||
noExceptionThrown()
|
||||
}
|
||||
|
||||
def 'websocket with id does not integrate with clientInboundChannel'() {
|
||||
setup:
|
||||
websocket([id:'inCsi']) {
|
||||
'intercept-message'(pattern:'/**',access:'denyAll')
|
||||
}
|
||||
|
||||
when:
|
||||
def success = clientInboundChannel.send(message('/denyAll'))
|
||||
|
||||
then:
|
||||
success
|
||||
|
||||
}
|
||||
|
||||
def 'websocket with id can be explicitly integrated with clientInboundChannel'() {
|
||||
setup: 'websocket security explicitly setup'
|
||||
xml.'websocket:message-broker' {
|
||||
'websocket:transport' {}
|
||||
'websocket:stomp-endpoint'(path:'/app') {
|
||||
'websocket:sockjs' {}
|
||||
}
|
||||
'websocket:simple-broker'(prefix:"/queue, /topic"){}
|
||||
'websocket:client-inbound-channel' {
|
||||
'websocket:interceptors' {
|
||||
'b:bean'(class:'org.springframework.security.messaging.context.SecurityContextChannelInterceptor'){}
|
||||
'b:ref'(bean:'inCsi'){}
|
||||
}
|
||||
}
|
||||
}
|
||||
xml.'websocket-message-broker'(id:'inCsi') {
|
||||
'intercept-message'(pattern:'/**',access:'denyAll')
|
||||
}
|
||||
createAppContext()
|
||||
|
||||
when:
|
||||
clientInboundChannel.send(message('/denyAll'))
|
||||
|
||||
then:
|
||||
def e = thrown(MessageDeliveryException)
|
||||
e.cause instanceof AccessDeniedException
|
||||
|
||||
}
|
||||
|
||||
def 'automatic integration with clientInboundChannel does not override exisiting websocket:interceptors'() {
|
||||
setup:
|
||||
mockBean(ChannelInterceptor,'mci')
|
||||
xml.'websocket:message-broker'('application-destination-prefix':'/app',
|
||||
'user-destination-prefix':'/user') {
|
||||
'websocket:transport' {}
|
||||
'websocket:stomp-endpoint'(path:'/foo') {
|
||||
'websocket:sockjs' {}
|
||||
}
|
||||
'websocket:simple-broker'(prefix:"/queue, /topic"){}
|
||||
'websocket:client-inbound-channel' {
|
||||
'websocket:interceptors' {
|
||||
'b:ref'(bean:'mci'){}
|
||||
}
|
||||
}
|
||||
}
|
||||
xml.'websocket-message-broker' {
|
||||
'intercept-message'(pattern:'/denyAll',access:'denyAll')
|
||||
'intercept-message'(pattern:'/permitAll',access:'permitAll')
|
||||
}
|
||||
createAppContext()
|
||||
ChannelInterceptor mci = appContext.getBean('mci')
|
||||
when:
|
||||
Message<?> message = message('/permitAll')
|
||||
clientInboundChannel.send(message)
|
||||
|
||||
then:
|
||||
verify(mci).preSend(message, clientInboundChannel) || true
|
||||
|
||||
}
|
||||
|
||||
def websocket(Map<String,Object> attrs=[:], Closure c) {
|
||||
bean('testHandler', TestHandshakeHandler)
|
||||
xml.'websocket:message-broker' {
|
||||
'websocket:transport' {}
|
||||
'websocket:stomp-endpoint'(path:'/app') {
|
||||
'websocket:handshake-handler'(ref:'testHandler') {}
|
||||
'websocket:handshake-interceptors' {
|
||||
'b:bean'('class':HttpSessionHandshakeInterceptor.name) {}
|
||||
}
|
||||
if(useSockJS) {
|
||||
'websocket:sockjs' {}
|
||||
}
|
||||
}
|
||||
'websocket:simple-broker'(prefix:"/queue, /topic"){}
|
||||
}
|
||||
xml.'websocket-message-broker'(attrs, c)
|
||||
createAppContext()
|
||||
}
|
||||
|
||||
def 'custom expressions'() {
|
||||
setup:
|
||||
bean('expressionHandler', DenyRobMessageSecurityExpressionHandler)
|
||||
websocket {
|
||||
'expression-handler' (ref: 'expressionHandler') {}
|
||||
'intercept-message'(pattern:'/**',access:'denyRob()')
|
||||
}
|
||||
|
||||
when: 'message is sent with user'
|
||||
clientInboundChannel.send(message('/message'))
|
||||
|
||||
then: 'access is allowed to custom expression'
|
||||
noExceptionThrown()
|
||||
|
||||
when:
|
||||
messageUser = new TestingAuthenticationToken('rob', 'pass', 'ROLE_USER')
|
||||
clientInboundChannel.send(message('/message'))
|
||||
|
||||
then:
|
||||
def e = thrown(MessageDeliveryException)
|
||||
e.cause instanceof AccessDeniedException
|
||||
}
|
||||
|
||||
def getClientInboundChannel() {
|
||||
appContext.getBean("clientInboundChannel")
|
||||
}
|
||||
|
||||
def message(String destination, SimpMessageType type=SimpMessageType.MESSAGE) {
|
||||
SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(type)
|
||||
message(headers, destination)
|
||||
}
|
||||
|
||||
def message(SimpMessageHeaderAccessor headers, String destination) {
|
||||
headers.sessionId = '123'
|
||||
headers.sessionAttributes = [:]
|
||||
headers.destination = destination
|
||||
if(messageUser != null) {
|
||||
headers.user = messageUser
|
||||
}
|
||||
if(csrfToken != null) {
|
||||
headers.sessionAttributes[CsrfToken.name] = csrfToken
|
||||
}
|
||||
new GenericMessage<String>("hi",headers.messageHeaders)
|
||||
}
|
||||
|
||||
@Controller
|
||||
static class MyController {
|
||||
String authenticationPrincipal
|
||||
MyCustomArgument myCustomArgument
|
||||
|
||||
@MessageMapping('/authentication')
|
||||
public void authentication(@AuthenticationPrincipal String un) {
|
||||
this.authenticationPrincipal = un
|
||||
}
|
||||
|
||||
@MessageMapping('/myCustom')
|
||||
public void myCustom(MyCustomArgument myCustomArgument) {
|
||||
this.myCustomArgument = myCustomArgument
|
||||
}
|
||||
}
|
||||
|
||||
static class MyCustomArgument {
|
||||
MyCustomArgument(String notDefaultConstr) {}
|
||||
}
|
||||
|
||||
static class MyCustomArgumentResolver implements HandlerMethodArgumentResolver {
|
||||
|
||||
@Override
|
||||
boolean supportsParameter(MethodParameter parameter) {
|
||||
parameter.parameterType.isAssignableFrom(MyCustomArgument)
|
||||
}
|
||||
|
||||
@Override
|
||||
Object resolveArgument(MethodParameter parameter, Message<?> message) throws Exception {
|
||||
new MyCustomArgument("")
|
||||
}
|
||||
}
|
||||
|
||||
static class TestHandshakeHandler implements HandshakeHandler {
|
||||
Map<String, Object> attributes;
|
||||
|
||||
boolean doHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String, Object> attributes) throws HandshakeFailureException {
|
||||
this.attributes = attributes
|
||||
if(wsHandler instanceof SockJsWebSocketHandler) {
|
||||
// work around SPR-12716
|
||||
SockJsWebSocketHandler sockJs = (SockJsWebSocketHandler) wsHandler;
|
||||
this.attributes = sockJs.sockJsSession.attributes
|
||||
}
|
||||
true
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Changes the clientInboundChannel Executor to be synchronous
|
||||
*/
|
||||
static class InboundExecutorPostProcessor implements BeanDefinitionRegistryPostProcessor {
|
||||
|
||||
@Override
|
||||
void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
|
||||
BeanDefinition inbound = registry.getBeanDefinition("clientInboundChannel")
|
||||
inbound.getConstructorArgumentValues().addIndexedArgumentValue(0, new RootBeanDefinition(SyncTaskExecutor));
|
||||
}
|
||||
|
||||
@Override
|
||||
void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
static class DenyRobMessageSecurityExpressionHandler extends DefaultMessageSecurityExpressionHandler<Object> {
|
||||
@Override
|
||||
protected SecurityExpressionOperations createSecurityExpressionRoot(
|
||||
Authentication authentication,
|
||||
Message<Object> invocation) {
|
||||
return new MessageSecurityExpressionRoot(authentication, invocation) {
|
||||
public boolean denyRob() {
|
||||
Authentication auth = getAuthentication();
|
||||
return auth != null && !"rob".equals(auth.getName());
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,547 @@
|
||||
/*
|
||||
* Copyright 2002-2018 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.security.config.websocket;
|
||||
|
||||
import org.assertj.core.api.ThrowableAssert;
|
||||
import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||
import org.springframework.beans.factory.parsing.BeanDefinitionParsingException;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor;
|
||||
import org.springframework.beans.factory.support.RootBeanDefinition;
|
||||
import org.springframework.core.MethodParameter;
|
||||
import org.springframework.core.task.SyncTaskExecutor;
|
||||
import org.springframework.http.server.ServerHttpRequest;
|
||||
import org.springframework.messaging.Message;
|
||||
import org.springframework.messaging.MessageChannel;
|
||||
import org.springframework.messaging.handler.annotation.MessageMapping;
|
||||
import org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver;
|
||||
import org.springframework.messaging.simp.SimpMessageHeaderAccessor;
|
||||
import org.springframework.messaging.simp.SimpMessageType;
|
||||
import org.springframework.messaging.support.ChannelInterceptorAdapter;
|
||||
import org.springframework.messaging.support.GenericMessage;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.access.expression.SecurityExpressionOperations;
|
||||
import org.springframework.security.config.test.SpringTestRule;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.annotation.AuthenticationPrincipal;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler;
|
||||
import org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot;
|
||||
import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners;
|
||||
import org.springframework.security.test.context.support.WithMockUser;
|
||||
import org.springframework.security.web.csrf.CsrfToken;
|
||||
import org.springframework.security.web.csrf.DefaultCsrfToken;
|
||||
import org.springframework.security.web.csrf.InvalidCsrfTokenException;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.MvcResult;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
import org.springframework.web.socket.WebSocketHandler;
|
||||
import org.springframework.web.socket.server.HandshakeFailureException;
|
||||
import org.springframework.web.socket.server.HandshakeHandler;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.assertj.core.api.Assertions.*;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
|
||||
/**
|
||||
* @author Rob Winch
|
||||
* @author Josh Cummings
|
||||
*/
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
@SecurityTestExecutionListeners
|
||||
public class WebSocketMessageBrokerConfigTests {
|
||||
private static final String CONFIG_LOCATION_PREFIX =
|
||||
"classpath:org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests";
|
||||
|
||||
@Rule
|
||||
public final SpringTestRule spring = new SpringTestRule();
|
||||
|
||||
@Autowired(required = false)
|
||||
private MessageChannel clientInboundChannel;
|
||||
|
||||
@Autowired(required = false)
|
||||
private MessageController messageController;
|
||||
|
||||
@Autowired(required = false)
|
||||
private MessageWithArgumentController messageWithArgumentController;
|
||||
|
||||
@Autowired(required = false)
|
||||
private TestHandshakeHandler testHandshakeHandler;
|
||||
|
||||
private CsrfToken token = new DefaultCsrfToken("header", "param", "token");
|
||||
|
||||
@Test
|
||||
public void sendWhenNoIdSpecifiedThenIntegratesWithClientInboundChannel() {
|
||||
this.spring.configLocations(xml("NoIdConfig")).autowire();
|
||||
|
||||
this.clientInboundChannel.send(message("/permitAll"));
|
||||
|
||||
assertThatThrownBy(() -> this.clientInboundChannel.send(message("/denyAll")))
|
||||
.hasCauseInstanceOf(AccessDeniedException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenAnonymousMessageWithConnectMessageTypeThenPermitted() {
|
||||
this.spring.configLocations(xml("NoIdConfig")).autowire();
|
||||
|
||||
SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(SimpMessageType.CONNECT);
|
||||
headers.setNativeHeader(this.token.getHeaderName(), this.token.getToken());
|
||||
|
||||
assertThatCode(() -> this.clientInboundChannel.send(message("/permitAll", headers)))
|
||||
.doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenAnonymousMessageWithConnectAckMessageTypeThenPermitted() {
|
||||
this.spring.configLocations(xml("NoIdConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/permitAll", SimpMessageType.CONNECT_ACK);
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenAnonymousMessageWithDisconnectMessageTypeThenPermitted() {
|
||||
this.spring.configLocations(xml("NoIdConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/permitAll", SimpMessageType.DISCONNECT);
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenAnonymousMessageWithDisconnectAckMessageTypeThenPermitted() {
|
||||
this.spring.configLocations(xml("NoIdConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/permitAll", SimpMessageType.DISCONNECT_ACK);
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenAnonymousMessageWithHeartbeatMessageTypeThenPermitted() {
|
||||
this.spring.configLocations(xml("NoIdConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/permitAll", SimpMessageType.HEARTBEAT);
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenAnonymousMessageWithMessageMessageTypeThenPermitted() {
|
||||
this.spring.configLocations(xml("NoIdConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/permitAll", SimpMessageType.MESSAGE);
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenAnonymousMessageWithOtherMessageTypeThenPermitted() {
|
||||
this.spring.configLocations(xml("NoIdConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/permitAll", SimpMessageType.OTHER);
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenAnonymousMessageWithSubscribeMessageTypeThenPermitted() {
|
||||
this.spring.configLocations(xml("NoIdConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/permitAll", SimpMessageType.SUBSCRIBE);
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenAnonymousMessageWithUnsubscribeMessageTypeThenPermitted() {
|
||||
this.spring.configLocations(xml("NoIdConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/permitAll", SimpMessageType.UNSUBSCRIBE);
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenConnectWithoutCsrfTokenThenDenied() {
|
||||
this.spring.configLocations(xml("SyncConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/message", SimpMessageType.CONNECT);
|
||||
|
||||
assertThatThrownBy(send(message)).hasCauseInstanceOf(InvalidCsrfTokenException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenConnectWithSameOriginDisabledThenCsrfTokenNotRequired() {
|
||||
this.spring.configLocations(xml("SyncSameOriginDisabledConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/message", SimpMessageType.CONNECT);
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenInterceptWiredForMessageTypeThenDeniesOnTypeMismatch() {
|
||||
this.spring.configLocations(xml("MessageInterceptTypeConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/permitAll", SimpMessageType.MESSAGE);
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
|
||||
message = message("/permitAll", SimpMessageType.UNSUBSCRIBE);
|
||||
|
||||
assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
|
||||
|
||||
message = message("/anyOther", SimpMessageType.MESSAGE);
|
||||
|
||||
assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenInterceptWiredForSubscribeTypeThenDeniesOnTypeMismatch() {
|
||||
this.spring.configLocations(xml("SubscribeInterceptTypeConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/permitAll", SimpMessageType.SUBSCRIBE);
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
|
||||
message = message("/permitAll", SimpMessageType.UNSUBSCRIBE);
|
||||
|
||||
assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
|
||||
|
||||
message = message("/anyOther", SimpMessageType.SUBSCRIBE);
|
||||
|
||||
assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
|
||||
}
|
||||
|
||||
// -- invalid intercept types -- //
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingConnectMessageTypeThenAutowireFails() {
|
||||
ThrowingCallable bad = () ->
|
||||
this.spring.configLocations(xml("ConnectInterceptTypeConfig")).autowire();
|
||||
|
||||
assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingConnectAckMessageTypeThenAutowireFails() {
|
||||
ThrowingCallable bad = () ->
|
||||
this.spring.configLocations(xml("ConnectAckInterceptTypeConfig")).autowire();
|
||||
|
||||
assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingDisconnectMessageTypeThenAutowireFails() {
|
||||
ThrowingCallable bad = () ->
|
||||
this.spring.configLocations(xml("DisconnectInterceptTypeConfig")).autowire();
|
||||
|
||||
assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingDisconnectAckMessageTypeThenAutowireFails() {
|
||||
ThrowingCallable bad = () ->
|
||||
this.spring.configLocations(xml("DisconnectAckInterceptTypeConfig")).autowire();
|
||||
|
||||
assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingHeartbeatMessageTypeThenAutowireFails() {
|
||||
ThrowingCallable bad = () ->
|
||||
this.spring.configLocations(xml("HeartbeatInterceptTypeConfig")).autowire();
|
||||
|
||||
assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingOtherMessageTypeThenAutowireFails() {
|
||||
ThrowingCallable bad = () ->
|
||||
this.spring.configLocations(xml("OtherInterceptTypeConfig")).autowire();
|
||||
|
||||
assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configureWhenUsingUnsubscribeMessageTypeThenAutowireFails() {
|
||||
ThrowingCallable bad = () ->
|
||||
this.spring.configLocations(xml("UnsubscribeInterceptTypeConfig")).autowire();
|
||||
|
||||
assertThatThrownBy(bad).isInstanceOf(BeanDefinitionParsingException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenNoIdMessageThenAuthenticationPrincipalResolved() throws Exception {
|
||||
this.spring.configLocations(xml("SyncConfig")).autowire();
|
||||
|
||||
this.clientInboundChannel.send(message("/message"));
|
||||
|
||||
assertThat(this.messageController.username).isEqualTo("anonymous");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenConnectMessageThenUsesCsrfTokenHandshakeInterceptor() throws Exception {
|
||||
this.spring.configLocations(xml("SyncConfig")).autowire();
|
||||
|
||||
WebApplicationContext context = (WebApplicationContext) this.spring.getContext();
|
||||
MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build();
|
||||
|
||||
String csrfAttributeName = CsrfToken.class.getName();
|
||||
String customAttributeName = this.getClass().getName();
|
||||
|
||||
MvcResult result = mvc.perform(get("/app")
|
||||
.requestAttr(csrfAttributeName, this.token)
|
||||
.sessionAttr(customAttributeName, "attributeValue"))
|
||||
.andReturn();
|
||||
|
||||
CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName);
|
||||
String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName);
|
||||
String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName);
|
||||
|
||||
assertThat(handshakeToken).isEqualTo(this.token)
|
||||
.withFailMessage("CsrfToken is populated");
|
||||
|
||||
assertThat(handshakeValue).isEqualTo(sessionValue)
|
||||
.withFailMessage("Explicitly listed session variables are not overridden");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void requestWhenConnectMessageAndUsingSockJsThenUsesCsrfTokenHandshakeInterceptor() throws Exception {
|
||||
this.spring.configLocations(xml("SyncSockJsConfig")).autowire();
|
||||
|
||||
WebApplicationContext context = (WebApplicationContext) this.spring.getContext();
|
||||
MockMvc mvc = MockMvcBuilders.webAppContextSetup(context).build();
|
||||
|
||||
String csrfAttributeName = CsrfToken.class.getName();
|
||||
String customAttributeName = this.getClass().getName();
|
||||
|
||||
MvcResult result = mvc.perform(get("/app/289/tpyx6mde/websocket")
|
||||
.requestAttr(csrfAttributeName, this.token)
|
||||
.sessionAttr(customAttributeName, "attributeValue"))
|
||||
.andReturn();
|
||||
|
||||
CsrfToken handshakeToken = (CsrfToken) this.testHandshakeHandler.attributes.get(csrfAttributeName);
|
||||
String handshakeValue = (String) this.testHandshakeHandler.attributes.get(customAttributeName);
|
||||
String sessionValue = (String) result.getRequest().getSession().getAttribute(customAttributeName);
|
||||
|
||||
assertThat(handshakeToken).isEqualTo(this.token)
|
||||
.withFailMessage("CsrfToken is populated");
|
||||
|
||||
assertThat(handshakeValue).isEqualTo(sessionValue)
|
||||
.withFailMessage("Explicitly listed session variables are not overridden");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenNoIdSpecifiedThenCustomArgumentResolversAreNotOverridden() {
|
||||
this.spring.configLocations(xml("SyncCustomArgumentResolverConfig")).autowire();
|
||||
|
||||
this.clientInboundChannel.send(message("/message-with-argument"));
|
||||
|
||||
assertThat(this.messageWithArgumentController.messageArgument).isNotNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenUsingCustomPathMatcherThenSecurityAppliesIt() {
|
||||
this.spring.configLocations(xml("CustomPathMatcherConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/denyAll.a");
|
||||
|
||||
assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
|
||||
|
||||
message = message("/denyAll.a.b");
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenIdSpecifiedThenSecurityDoesNotIntegrateWithClientInboundChannel() {
|
||||
this.spring.configLocations(xml("IdConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/denyAll");
|
||||
|
||||
assertThatCode(send(message)).doesNotThrowAnyException();
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser
|
||||
public void sendWhenIdSpecifiedAndExplicitlyIntegratedWhenBrokerUsesClientInboundChannel() {
|
||||
this.spring.configLocations(xml("IdIntegratedConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/denyAll");
|
||||
|
||||
assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sendWhenNoIdSpecifiedThenSecurityDoesntOverrideCustomInterceptors() {
|
||||
this.spring.configLocations(xml("CustomInterceptorConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/throwAll");
|
||||
|
||||
assertThatThrownBy(send(message)).hasCauseInstanceOf(UnsupportedOperationException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
@WithMockUser(username = "nile")
|
||||
public void sendWhenCustomExpressionHandlerThenAuthorizesAccordingly() {
|
||||
this.spring.configLocations(xml("CustomExpressionHandlerConfig")).autowire();
|
||||
|
||||
Message<?> message = message("/denyNile");
|
||||
|
||||
assertThatThrownBy(send(message)).hasCauseInstanceOf(AccessDeniedException.class);
|
||||
}
|
||||
|
||||
private String xml(String configName) {
|
||||
return CONFIG_LOCATION_PREFIX + "-" + configName + ".xml";
|
||||
}
|
||||
|
||||
private ThrowableAssert.ThrowingCallable send(Message<?> message) {
|
||||
return () -> this.clientInboundChannel.send(message);
|
||||
}
|
||||
|
||||
private Message<?> message(String destination) {
|
||||
return message(destination, SimpMessageType.MESSAGE);
|
||||
}
|
||||
|
||||
private Message<?> message(String destination, SimpMessageType type) {
|
||||
SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.create(type);
|
||||
return message(destination, headers);
|
||||
}
|
||||
|
||||
private Message<?> message(String destination, SimpMessageHeaderAccessor headers) {
|
||||
headers.setSessionId("123");
|
||||
headers.setSessionAttributes(new HashMap<>());
|
||||
headers.setDestination(destination);
|
||||
|
||||
if (SecurityContextHolder.getContext().getAuthentication() != null) {
|
||||
headers.setUser(SecurityContextHolder.getContext().getAuthentication());
|
||||
}
|
||||
|
||||
headers.getSessionAttributes().put(CsrfToken.class.getName(), this.token);
|
||||
|
||||
return new GenericMessage<>("hi", headers.getMessageHeaders());
|
||||
}
|
||||
|
||||
@Controller
|
||||
static class MessageController {
|
||||
String username;
|
||||
|
||||
@MessageMapping("/message")
|
||||
public void authentication(@AuthenticationPrincipal String username) {
|
||||
this.username = username;
|
||||
}
|
||||
}
|
||||
|
||||
@Controller
|
||||
static class MessageWithArgumentController {
|
||||
MessageArgument messageArgument;
|
||||
|
||||
@MessageMapping("/message-with-argument")
|
||||
public void myCustom(MessageArgument messageArgument) {
|
||||
this.messageArgument = messageArgument;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static class MessageArgument {
|
||||
MessageArgument(String notDefaultConstructor) {
|
||||
}
|
||||
}
|
||||
|
||||
static class MessageArgumentResolver implements HandlerMethodArgumentResolver {
|
||||
|
||||
@Override
|
||||
public boolean supportsParameter(MethodParameter parameter) {
|
||||
return parameter.getParameterType().isAssignableFrom(MessageArgument.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object resolveArgument(MethodParameter parameter, Message<?> message) throws Exception {
|
||||
return new MessageArgument("");
|
||||
}
|
||||
}
|
||||
|
||||
static class TestHandshakeHandler implements HandshakeHandler {
|
||||
Map<String, Object> attributes;
|
||||
|
||||
@Override
|
||||
public boolean doHandshake(
|
||||
ServerHttpRequest request,
|
||||
org.springframework.http.server.ServerHttpResponse response,
|
||||
WebSocketHandler wsHandler,
|
||||
Map<String, Object> attributes) throws HandshakeFailureException {
|
||||
|
||||
this.attributes = attributes;
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
static class InboundExecutorPostProcessor implements BeanDefinitionRegistryPostProcessor {
|
||||
|
||||
@Override
|
||||
public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException {
|
||||
BeanDefinition inbound = registry.getBeanDefinition("clientInboundChannel");
|
||||
inbound.getConstructorArgumentValues()
|
||||
.addIndexedArgumentValue(0, new RootBeanDefinition(SyncTaskExecutor.class));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
static class ExceptingInterceptor extends ChannelInterceptorAdapter {
|
||||
|
||||
@Override
|
||||
public Message<?> preSend(Message<?> message, MessageChannel channel) {
|
||||
throw new UnsupportedOperationException("no");
|
||||
}
|
||||
}
|
||||
|
||||
static class DenyNileMessageSecurityExpressionHandler
|
||||
extends DefaultMessageSecurityExpressionHandler<Object> {
|
||||
|
||||
@Override
|
||||
protected SecurityExpressionOperations createSecurityExpressionRoot(
|
||||
Authentication authentication,
|
||||
Message<Object> invocation) {
|
||||
|
||||
return new MessageSecurityExpressionRoot(authentication, invocation) {
|
||||
public boolean denyNile() {
|
||||
Authentication auth = getAuthentication();
|
||||
return auth != null && !"nile".equals(auth.getName());
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/permitAll" type="CONNECT_ACK" access="permitAll"/>
|
||||
<intercept-message pattern="/**" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/permitAll" type="CONNECT" access="permitAll"/>
|
||||
<intercept-message pattern="/**" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,33 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<b:bean name="expressionHandler" class="org.springframework.security.config.websocket.WebSocketMessageBrokerConfigTests.DenyNileMessageSecurityExpressionHandler"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<expression-handler ref="expressionHandler"/>
|
||||
<intercept-message pattern="/**" access="denyNile()"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,45 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:websocket="http://www.springframework.org/schema/websocket"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/websocket http://www.springframework.org/schema/websocket/spring-websocket.xsd">
|
||||
|
||||
<websocket:message-broker application-destination-prefix="/app" user-destination-prefix="/user">
|
||||
<websocket:transport/>
|
||||
<websocket:stomp-endpoint path="/foo">
|
||||
<websocket:sockjs/>
|
||||
</websocket:stomp-endpoint>
|
||||
<websocket:simple-broker prefix="/queue, /topic"/>
|
||||
<websocket:client-inbound-channel>
|
||||
<websocket:interceptors>
|
||||
<b:ref bean="eci"/>
|
||||
</websocket:interceptors>
|
||||
</websocket:client-inbound-channel>
|
||||
</websocket:message-broker>
|
||||
|
||||
<b:bean name="eci" class="org.springframework.security.config.websocket.WebSocketMessageBrokerConfigTests.ExceptingInterceptor"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/permitAll" access="permitAll"/>
|
||||
<intercept-message pattern="/denyAll" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,46 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:websocket="http://www.springframework.org/schema/websocket"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/websocket http://www.springframework.org/schema/websocket/spring-websocket.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
|
||||
<websocket:message-broker path-matcher="pathMatcher">
|
||||
<websocket:transport/>
|
||||
<websocket:stomp-endpoint path="/app">
|
||||
<websocket:handshake-handler ref="testHandler"/>
|
||||
</websocket:stomp-endpoint>
|
||||
|
||||
<websocket:simple-broker prefix="/queue, /topic"/>
|
||||
</websocket:message-broker>
|
||||
|
||||
<b:bean name="pathMatcher" class="org.springframework.util.AntPathMatcher">
|
||||
<b:constructor-arg value="."/>
|
||||
</b:bean>
|
||||
|
||||
<b:bean name="testHandler" class="org.springframework.security.config.websocket.WebSocketMessageBrokerConfigTests.TestHandshakeHandler"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/denyAll.*" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/permitAll" type="DISCONNECT_ACK" access="permitAll"/>
|
||||
<intercept-message pattern="/**" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/permitAll" type="HEARTBEAT" access="permitAll"/>
|
||||
<intercept-message pattern="/**" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/permitAll" type="HEARTBEAT" access="permitAll"/>
|
||||
<intercept-message pattern="/**" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,30 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker id="inCsi">
|
||||
<intercept-message pattern="/**" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,42 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:websocket="http://www.springframework.org/schema/websocket"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/websocket http://www.springframework.org/schema/websocket/spring-websocket.xsd">
|
||||
|
||||
<websocket:message-broker>
|
||||
<websocket:transport/>
|
||||
<websocket:stomp-endpoint path="/app">
|
||||
<websocket:sockjs/>
|
||||
</websocket:stomp-endpoint>
|
||||
<websocket:simple-broker prefix="/queue, /topic"/>
|
||||
<websocket:client-inbound-channel>
|
||||
<websocket:interceptors>
|
||||
<b:ref bean="inCsi"/>
|
||||
</websocket:interceptors>
|
||||
</websocket:client-inbound-channel>
|
||||
</websocket:message-broker>
|
||||
|
||||
<websocket-message-broker id="inCsi">
|
||||
<intercept-message pattern="/**" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/permitAll" type="MESSAGE" access="permitAll"/>
|
||||
<intercept-message pattern="/**" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/permitAll" access="permitAll"/>
|
||||
<intercept-message pattern="/denyAll" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/permitAll" type="OTHER" access="permitAll"/>
|
||||
<intercept-message pattern="/**" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/permitAll" type="SUBSCRIBE" access="permitAll"/>
|
||||
<intercept-message pattern="/**" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/sync.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/**" access="permitAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,50 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:websocket="http://www.springframework.org/schema/websocket"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/websocket http://www.springframework.org/schema/websocket/spring-websocket.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/sync.xml"/>
|
||||
|
||||
<websocket:message-broker>
|
||||
<websocket:transport/>
|
||||
<websocket:stomp-endpoint path="/app">
|
||||
<websocket:handshake-handler ref="testHandler"/>
|
||||
<websocket:handshake-interceptors>
|
||||
<b:bean class="org.springframework.web.socket.server.support.HttpSessionHandshakeInterceptor"/>
|
||||
</websocket:handshake-interceptors>
|
||||
</websocket:stomp-endpoint>
|
||||
|
||||
<websocket:simple-broker prefix="/queue, /topic"/>
|
||||
<websocket:argument-resolvers>
|
||||
<b:ref bean="messageArgumentResolver"/>
|
||||
</websocket:argument-resolvers>
|
||||
</websocket:message-broker>
|
||||
|
||||
<b:bean name="testHandler" class="org.springframework.security.config.websocket.WebSocketMessageBrokerConfigTests.TestHandshakeHandler"/>
|
||||
<b:bean name="messageArgumentResolver" class="org.springframework.security.config.websocket.WebSocketMessageBrokerConfigTests.MessageArgumentResolver"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/**" access="permitAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/sync.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker same-origin-disabled="true">
|
||||
<intercept-message pattern="/**" access="permitAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/sync.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket-sockjs.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/**" access="permitAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,31 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/security"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
|
||||
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/controllers.xml"/>
|
||||
<b:import resource="classpath:org/springframework/security/config/websocket/websocket.xml"/>
|
||||
|
||||
<websocket-message-broker>
|
||||
<intercept-message pattern="/permitAll" type="UNSUBSCRIBE" access="permitAll"/>
|
||||
<intercept-message pattern="/**" access="denyAll"/>
|
||||
</websocket-message-broker>
|
||||
|
||||
</b:beans>
|
||||
@ -0,0 +1,24 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/beans"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<bean class="org.springframework.security.config.websocket.WebSocketMessageBrokerConfigTests.MessageController"/>
|
||||
<bean class="org.springframework.security.config.websocket.WebSocketMessageBrokerConfigTests.MessageWithArgumentController"/>
|
||||
|
||||
</beans>
|
||||
@ -0,0 +1,22 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/beans"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
|
||||
|
||||
<bean class="org.springframework.security.config.websocket.WebSocketMessageBrokerConfigTests.InboundExecutorPostProcessor"/>
|
||||
</beans>
|
||||
@ -0,0 +1,37 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/websocket"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/websocket http://www.springframework.org/schema/websocket/spring-websocket.xsd">
|
||||
|
||||
<message-broker>
|
||||
<transport/>
|
||||
<stomp-endpoint path="/app">
|
||||
<handshake-handler ref="testHandler"/>
|
||||
<handshake-interceptors>
|
||||
<b:bean class="org.springframework.web.socket.server.support.HttpSessionHandshakeInterceptor"/>
|
||||
</handshake-interceptors>
|
||||
<sockjs/>
|
||||
</stomp-endpoint>
|
||||
|
||||
<simple-broker prefix="/queue, /topic"/>
|
||||
</message-broker>
|
||||
|
||||
<b:bean name="testHandler" class="org.springframework.security.config.websocket.WebSocketMessageBrokerConfigTests.TestHandshakeHandler"/>
|
||||
</b:beans>
|
||||
@ -0,0 +1,36 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2002-2018 the original author or authors.
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<b:beans xmlns:b="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns="http://www.springframework.org/schema/websocket"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/websocket http://www.springframework.org/schema/websocket/spring-websocket.xsd">
|
||||
|
||||
<message-broker>
|
||||
<transport/>
|
||||
<stomp-endpoint path="/app">
|
||||
<handshake-handler ref="testHandler"/>
|
||||
<handshake-interceptors>
|
||||
<b:bean class="org.springframework.web.socket.server.support.HttpSessionHandshakeInterceptor"/>
|
||||
</handshake-interceptors>
|
||||
</stomp-endpoint>
|
||||
|
||||
<simple-broker prefix="/queue, /topic"/>
|
||||
</message-broker>
|
||||
|
||||
<b:bean name="testHandler" class="org.springframework.security.config.websocket.WebSocketMessageBrokerConfigTests.TestHandshakeHandler"/>
|
||||
</b:beans>
|
||||
Loading…
x
Reference in New Issue
Block a user