Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
爱吃血肠
spring-framework
提交
30d68f2d
S
spring-framework
项目概览
爱吃血肠
/
spring-framework
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
spring-framework
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
30d68f2d
编写于
11月 26, 2019
作者:
R
Rossen Stoyanchev
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Reject user names with "%2F" in STOMP
Closes gh-23836
上级
08669cc7
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
21 addition
and
2 deletion
+21
-2
spring-messaging/src/main/java/org/springframework/messaging/simp/SimpMessagingTemplate.java
...springframework/messaging/simp/SimpMessagingTemplate.java
+2
-1
spring-messaging/src/main/java/org/springframework/messaging/simp/user/DefaultUserDestinationResolver.java
...k/messaging/simp/user/DefaultUserDestinationResolver.java
+2
-1
spring-messaging/src/test/java/org/springframework/messaging/simp/SimpMessagingTemplateTests.java
...gframework/messaging/simp/SimpMessagingTemplateTests.java
+7
-0
spring-messaging/src/test/java/org/springframework/messaging/simp/user/DefaultUserDestinationResolverTests.java
...saging/simp/user/DefaultUserDestinationResolverTests.java
+10
-0
未找到文件。
spring-messaging/src/main/java/org/springframework/messaging/simp/SimpMessagingTemplate.java
浏览文件 @
30d68f2d
/*
/*
* Copyright 2002-201
8
the original author or authors.
* Copyright 2002-201
9
the original author or authors.
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* you may not use this file except in compliance with the License.
...
@@ -224,6 +224,7 @@ public class SimpMessagingTemplate extends AbstractMessageSendingTemplate<String
...
@@ -224,6 +224,7 @@ public class SimpMessagingTemplate extends AbstractMessageSendingTemplate<String
throws
MessagingException
{
throws
MessagingException
{
Assert
.
notNull
(
user
,
"User must not be null"
);
Assert
.
notNull
(
user
,
"User must not be null"
);
Assert
.
isTrue
(!
user
.
contains
(
"%2F"
),
"Invalid sequence \"%2F\" in user name: "
+
user
);
user
=
StringUtils
.
replace
(
user
,
"/"
,
"%2F"
);
user
=
StringUtils
.
replace
(
user
,
"/"
,
"%2F"
);
destination
=
destination
.
startsWith
(
"/"
)
?
destination
:
"/"
+
destination
;
destination
=
destination
.
startsWith
(
"/"
)
?
destination
:
"/"
+
destination
;
super
.
convertAndSend
(
this
.
destinationPrefix
+
user
+
destination
,
payload
,
headers
,
postProcessor
);
super
.
convertAndSend
(
this
.
destinationPrefix
+
user
+
destination
,
payload
,
headers
,
postProcessor
);
...
...
spring-messaging/src/main/java/org/springframework/messaging/simp/user/DefaultUserDestinationResolver.java
浏览文件 @
30d68f2d
/*
/*
* Copyright 2002-201
8
the original author or authors.
* Copyright 2002-201
9
the original author or authors.
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* you may not use this file except in compliance with the License.
...
@@ -203,6 +203,7 @@ public class DefaultUserDestinationResolver implements UserDestinationResolver {
...
@@ -203,6 +203,7 @@ public class DefaultUserDestinationResolver implements UserDestinationResolver {
}
}
Principal
principal
=
SimpMessageHeaderAccessor
.
getUser
(
headers
);
Principal
principal
=
SimpMessageHeaderAccessor
.
getUser
(
headers
);
String
user
=
(
principal
!=
null
?
principal
.
getName
()
:
null
);
String
user
=
(
principal
!=
null
?
principal
.
getName
()
:
null
);
Assert
.
isTrue
(
user
==
null
||
!
user
.
contains
(
"%2F"
),
"Invalid sequence \"%2F\" in user name: "
+
user
);
Set
<
String
>
sessionIds
=
Collections
.
singleton
(
sessionId
);
Set
<
String
>
sessionIds
=
Collections
.
singleton
(
sessionId
);
return
new
ParseResult
(
sourceDestination
,
actualDestination
,
sourceDestination
,
sessionIds
,
user
);
return
new
ParseResult
(
sourceDestination
,
actualDestination
,
sourceDestination
,
sessionIds
,
user
);
}
}
...
...
spring-messaging/src/test/java/org/springframework/messaging/simp/SimpMessagingTemplateTests.java
浏览文件 @
30d68f2d
...
@@ -36,6 +36,7 @@ import org.springframework.messaging.support.NativeMessageHeaderAccessor;
...
@@ -36,6 +36,7 @@ import org.springframework.messaging.support.NativeMessageHeaderAccessor;
import
org.springframework.util.LinkedMultiValueMap
;
import
org.springframework.util.LinkedMultiValueMap
;
import
static
org
.
assertj
.
core
.
api
.
Assertions
.
assertThat
;
import
static
org
.
assertj
.
core
.
api
.
Assertions
.
assertThat
;
import
static
org
.
assertj
.
core
.
api
.
Assertions
.
assertThatIllegalArgumentException
;
/**
/**
* Unit tests for {@link org.springframework.messaging.simp.SimpMessagingTemplate}.
* Unit tests for {@link org.springframework.messaging.simp.SimpMessagingTemplate}.
...
@@ -86,6 +87,12 @@ public class SimpMessagingTemplateTests {
...
@@ -86,6 +87,12 @@ public class SimpMessagingTemplateTests {
assertThat
(
headerAccessor
.
getDestination
()).
isEqualTo
(
"/user/https:%2F%2Fjoe.openid.example.org%2F/queue/foo"
);
assertThat
(
headerAccessor
.
getDestination
()).
isEqualTo
(
"/user/https:%2F%2Fjoe.openid.example.org%2F/queue/foo"
);
}
}
@Test
// gh-23836
public
void
convertAndSendToUserWithInvalidSequence
()
{
assertThatIllegalArgumentException
().
isThrownBy
(()
->
this
.
messagingTemplate
.
convertAndSendToUser
(
"joe%2F"
,
"/queue/foo"
,
"data"
));
}
@Test
@Test
public
void
convertAndSendWithCustomHeader
()
{
public
void
convertAndSendWithCustomHeader
()
{
Map
<
String
,
Object
>
headers
=
Collections
.<
String
,
Object
>
singletonMap
(
"key"
,
"value"
);
Map
<
String
,
Object
>
headers
=
Collections
.<
String
,
Object
>
singletonMap
(
"key"
,
"value"
);
...
...
spring-messaging/src/test/java/org/springframework/messaging/simp/user/DefaultUserDestinationResolverTests.java
浏览文件 @
30d68f2d
...
@@ -29,6 +29,7 @@ import org.springframework.messaging.support.MessageBuilder;
...
@@ -29,6 +29,7 @@ import org.springframework.messaging.support.MessageBuilder;
import
org.springframework.util.StringUtils
;
import
org.springframework.util.StringUtils
;
import
static
org
.
assertj
.
core
.
api
.
Assertions
.
assertThat
;
import
static
org
.
assertj
.
core
.
api
.
Assertions
.
assertThat
;
import
static
org
.
assertj
.
core
.
api
.
Assertions
.
assertThatIllegalArgumentException
;
import
static
org
.
mockito
.
BDDMockito
.
given
;
import
static
org
.
mockito
.
BDDMockito
.
given
;
import
static
org
.
mockito
.
Mockito
.
mock
;
import
static
org
.
mockito
.
Mockito
.
mock
;
...
@@ -113,6 +114,15 @@ public class DefaultUserDestinationResolverTests {
...
@@ -113,6 +114,15 @@ public class DefaultUserDestinationResolverTests {
assertThat
(
actual
.
getUser
()).
isNull
();
assertThat
(
actual
.
getUser
()).
isNull
();
}
}
@Test
// gh-23836
public
void
handleSubscribeInvalidUserName
()
{
TestPrincipal
user
=
new
TestPrincipal
(
"joe%2F"
);
String
sourceDestination
=
"/user/queue/foo"
;
Message
<?>
message
=
createMessage
(
SimpMessageType
.
SUBSCRIBE
,
user
,
"123"
,
sourceDestination
);
assertThatIllegalArgumentException
().
isThrownBy
(()
->
this
.
resolver
.
resolveDestination
(
message
));
}
@Test
@Test
public
void
handleUnsubscribe
()
{
public
void
handleUnsubscribe
()
{
TestPrincipal
user
=
new
TestPrincipal
(
"joe"
);
TestPrincipal
user
=
new
TestPrincipal
(
"joe"
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录