Skip to content

Commit 06ed6ef

Browse files
evga7jzheaux
evga7
authored and
jzheaux
committed
Simplify Csrf Processor Decision Logic
Replaces repeated if-else string comparisons with a Set.contains() check for known WebSocket handshake handler class names in MessageSecurityPostProcessor. Improves readability and maintainability without changing behavior. Signed-off-by: Wonpyo Hong <[email protected]>
1 parent 676b44e commit 06ed6ef

File tree

1 file changed

+13
-10
lines changed

1 file changed

+13
-10
lines changed

config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java

Lines changed: 13 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,11 @@
1919
import java.util.Comparator;
2020
import java.util.List;
2121
import java.util.Map;
22+
import java.util.Set;
23+
import java.util.HashSet;
24+
import java.util.Arrays;
25+
import java.util.Collections;
26+
2227
import java.util.function.Supplier;
2328

2429
import org.w3c.dom.Element;
@@ -307,6 +312,13 @@ static class MessageSecurityPostProcessor implements BeanDefinitionRegistryPostP
307312

308313
private static final String TEMPLATE_EXPRESSION_BEAN_ID = "annotationExpressionTemplateDefaults";
309314

315+
private static final Set<String> CSRF_HANDSHAKE_HANDLER_CLASSES = Collections.unmodifiableSet(
316+
new HashSet<>(Arrays.asList(
317+
"org.springframework.web.socket.server.support.WebSocketHttpRequestHandler",
318+
"org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService",
319+
"org.springframework.web.socket.sockjs.transport.handler.DefaultSockJsService"
320+
)));
321+
310322
private final String inboundSecurityInterceptorId;
311323

312324
private final boolean sameOriginDisabled;
@@ -345,16 +357,7 @@ public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) t
345357
}
346358
}
347359
}
348-
else if ("org.springframework.web.socket.server.support.WebSocketHttpRequestHandler"
349-
.equals(beanClassName)) {
350-
addCsrfTokenHandshakeInterceptor(bd);
351-
}
352-
else if ("org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService"
353-
.equals(beanClassName)) {
354-
addCsrfTokenHandshakeInterceptor(bd);
355-
}
356-
else if ("org.springframework.web.socket.sockjs.transport.handler.DefaultSockJsService"
357-
.equals(beanClassName)) {
360+
else if (CSRF_HANDSHAKE_HANDLER_CLASSES.contains(beanClassName)) {
358361
addCsrfTokenHandshakeInterceptor(bd);
359362
}
360363
}

0 commit comments

Comments
 (0)