@Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages .simpDestMatchers("/permitAll/**").permitAll() .simpDestMatchers("/customExpression/**").access("denyRob") .anyMessage().denyAll(); } // @formatter:on
@Override public MessageSecurityMetadataSource createMetadataSource() { return super.createMetadataSource(); }
/** * Maps any {@link Message} that has a null SimpMessageHeaderAccessor destination * header (i.e. CONNECT, CONNECT_ACK, HEARTBEAT, UNSUBSCRIBE, DISCONNECT, * DISCONNECT_ACK, OTHER) * * @return the Expression to associate */ public Constraint nullDestMatcher() { return matchers(SimpDestinationMessageMatcher.NULL_DESTINATION_MATCHER); }
@Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages .simpDestPathMatcher(new AntPathMatcher()) .simpDestMatchers("/app/a/*").permitAll() .anyMessage().denyAll(); } // @formatter:on
@Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages.nullDestMatcher().authenticated() // <1> .simpSubscribeDestMatchers("/user/queue/errors").permitAll() // <2> .simpDestMatchers("/app/**").hasRole("USER") // <3> .simpSubscribeDestMatchers("/user/**", "/topic/friends/*") .hasRole("USER") // <4> .simpTypeMatchers(MESSAGE, SUBSCRIBE).denyAll() // <5> .anyMessage().denyAll(); // <6> } }
/** * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances that match * on {@code SimpMessageType.MESSAGE}. If no destination is found on the Message, then * the Matcher returns false. * * @param patterns the patterns to create * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher} * from. Uses * {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}. * * @return the {@link Constraint} that is associated to the {@link MessageMatcher} * @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher) */ public Constraint simpMessageDestMatchers(String... patterns) { return simpDestMatchers(SimpMessageType.MESSAGE, patterns); }
@Test public void simpTypeMatchersMatch() { messages.simpTypeMatchers(SimpMessageType.MESSAGE).denyAll().anyMessage() .permitAll(); assertThat(getAttribute()).isEqualTo("denyAll"); }
@Override protected void configureInbound(MessageSecurityMetadataSourceRegistry message) { message .nullDestMatcher().permitAll() .simpDestMatchers("/app/**").authenticated() .simpDestMatchers("/topic/**").authenticated() .anyMessage().hasRole("USER"); }
@Test public void simpDestMatchersCustomSetAfterMatchersDoesNotMatter() { message = MessageBuilder .withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); messages.simpDestMatchers("price.stock.*").permitAll() .simpDestPathMatcher(new AntPathMatcher(".")); assertThat(getAttribute()).isNull(); message = MessageBuilder .withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); messages.simpDestMatchers("price.stock.**").permitAll() .simpDestPathMatcher(new AntPathMatcher(".")); assertThat(getAttribute()).isEqualTo("permitAll"); }
@Test public void nullDestMatcherNotMatches() { messages.nullDestMatcher().denyAll().anyMessage().permitAll(); assertThat(getAttribute()).isEqualTo("permitAll"); }
@Test public void simpDestSubscribeMatchersNotMatch() { messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage() .permitAll(); assertThat(getAttribute()).isEqualTo("permitAll"); }
@Test public void simpDestMessageMatchersMatch() { messages.simpMessageDestMatchers("location/**").denyAll().anyMessage() .permitAll(); assertThat(getAttribute()).isEqualTo("denyAll"); }
@Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages .anyMessage().access("denyRob()"); } // @formatter:on
@Override protected boolean isSimpDestPathMatcherConfigured() { return super.isSimpDestPathMatcherConfigured(); } }
@Override protected boolean containsMapping() { return super.containsMapping(); }
/** * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances that match * on {@code SimpMessageType.SUBSCRIBE}. If no destination is found on the Message, * then the Matcher returns false. * * @param patterns the patterns to create * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher} * from. Uses * {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}. * * @return the {@link Constraint} that is associated to the {@link MessageMatcher} * @see MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher) */ public Constraint simpSubscribeDestMatchers(String... patterns) { return simpDestMatchers(SimpMessageType.SUBSCRIBE, patterns); }
@Test public void simpTypeMatchersNotMatch() { messages.simpTypeMatchers(SimpMessageType.CONNECT).denyAll().anyMessage() .permitAll(); assertThat(getAttribute()).isEqualTo("permitAll"); }
@Test public void simpDestMatchersCustom() { message = MessageBuilder .withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); messages.simpDestPathMatcher(new AntPathMatcher(".")) .simpDestMatchers("price.stock.*").permitAll(); assertThat(getAttribute()).isNull(); message = MessageBuilder .withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.DESTINATION_HEADER, "price.stock.1.2").build(); messages.simpDestPathMatcher(new AntPathMatcher(".")) .simpDestMatchers("price.stock.**").permitAll(); assertThat(getAttribute()).isEqualTo("permitAll"); }
@Test public void nullDestMatcherMatch() { message = MessageBuilder .withPayload("Hi") .setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.CONNECT).build(); messages.nullDestMatcher().denyAll().anyMessage().permitAll(); assertThat(getAttribute()).isEqualTo("denyAll"); }
@Test public void simpDestSubscribeMatchersMatch() { message = MessageBuilder .fromMessage(message) .setHeader(SimpMessageHeaderAccessor.MESSAGE_TYPE_HEADER, SimpMessageType.SUBSCRIBE).build(); messages.simpSubscribeDestMatchers("location/**").denyAll().anyMessage() .permitAll(); assertThat(getAttribute()).isEqualTo("denyAll"); }