首頁 探索 說明
註冊 登入
github
/
spring-security
镜像来自 https://github.com/spring-projects/spring-security
2
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Simplify Csrf Processor Decision Logic

Replaces repeated if-else string comparisons with a Set.contains() check
for known WebSocket handshake handler class names in MessageSecurityPostProcessor.

Improves readability and maintainability without changing behavior.

Signed-off-by: Wonpyo Hong <evga7@naver.com>
evga7 2 月之前
父節點
676b44ebb0
當前提交
06ed6ef342
共有 1 個文件被更改,包括 13 次插入10 次删除
分割檢視 顯示文件統計
  1. 13 10
      config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java

+ 13 - 10
config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
查看文件 

@@ -19,6 +19,11 @@ package org.springframework.security.config.websocket;
 
 import java.util.Comparator;
 
 import java.util.List;
 
 import java.util.Map;
 
+import java.util.Set;
 
+import java.util.HashSet;
 
+import java.util.Arrays;
 
+import java.util.Collections;
 
+
 
 import java.util.function.Supplier;
 
 
 import org.w3c.dom.Element;
 
@@ -307,6 +312,13 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 
 
 		private static final String TEMPLATE_EXPRESSION_BEAN_ID = "annotationExpressionTemplateDefaults";
 
 
+		private static final Set<String> CSRF_HANDSHAKE_HANDLER_CLASSES = Collections.unmodifiableSet(
 
+				new HashSet<>(Arrays.asList(
 
+						"org.springframework.web.socket.server.support.WebSocketHttpRequestHandler",
 
+						"org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService",
 
+						"org.springframework.web.socket.sockjs.transport.handler.DefaultSockJsService"
 
+				)));
 
+
 
 		private final String inboundSecurityInterceptorId;
 
 
 		private final boolean sameOriginDisabled;
 
@@ -345,16 +357,7 @@ public final class WebSocketMessageBrokerSecurityBeanDefinitionParser implements
 
 						}
 
 					}
 
 				}
 
-				else if ("org.springframework.web.socket.server.support.WebSocketHttpRequestHandler"
 
-					.equals(beanClassName)) {
 
-					addCsrfTokenHandshakeInterceptor(bd);
 
-				}
 
-				else if ("org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService"
 
-					.equals(beanClassName)) {
 
-					addCsrfTokenHandshakeInterceptor(bd);
 
-				}
 
-				else if ("org.springframework.web.socket.sockjs.transport.handler.DefaultSockJsService"
 
-					.equals(beanClassName)) {
 
+				else if (CSRF_HANDSHAKE_HANDLER_CLASSES.contains(beanClassName)) {
 
 					addCsrfTokenHandshakeInterceptor(bd);
 
 				}
 
 			}