Message SecurityExpressionHandler is post processed (#3820)

Previously the SecurityExpressionHandler for message based configuration
did not have a beanResolver set.

This commit post processes the default message SecurityExpressionHandler
to ensure the beanResolver is set.

Fixes gh-3797
This commit is contained in:
Rob Winch
2016-04-19 12:21:58 -05:00
committed by Joe Grandja
parent c872a77ad1
commit a5a8aeb550
2 changed files with 45 additions and 6 deletions

View File

@@ -117,6 +117,15 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
clientInboundChannel().send(message("/permitAll"));
}
// gh-3797
@Test
public void beanResolver() {
loadConfig(SockJsSecurityConfig.class);
messageUser = null;
clientInboundChannel().send(message("/beanResolver"));
}
@Test
public void addsAuthenticationPrincipalResolver() throws InterruptedException {
loadConfig(SockJsSecurityConfig.class);
@@ -594,6 +603,7 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
messages
.simpDestMatchers("/permitAll/**").permitAll()
.simpDestMatchers("/beanResolver/**").access("@security.check()")
.anyMessage().denyAll();
}
// @formatter:on
@@ -613,6 +623,20 @@ public class AbstractSecurityWebSocketMessageBrokerConfigurerTests {
public TestHandshakeHandler testHandshakeHandler() {
return new TestHandshakeHandler();
}
@Bean
public SecurityCheck security() {
return new SecurityCheck();
}
static class SecurityCheck {
private boolean check;
public boolean check() {
check = !check;
return check;
}
}
}
@Configuration