首頁 探索 說明
註冊 登入
github
/
spring-security
镜像来自 https://github.com/spring-projects/spring-security
2
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

SEC-2737: Remove WebSocket Outbound Authorization

Rob Winch 11 年之前
父節點
4e7398eec0
當前提交
24dec7ec3e
共有 1 個文件被更改,包括 1 次插入32 次删除
分割檢視 顯示文件統計
  1. 1 32
      config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java

+ 1 - 32
config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java
查看文件 

@@ -60,7 +60,6 @@ import java.util.List;
 
 @Order(Ordered.HIGHEST_PRECEDENCE + 100)
 
 public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends AbstractWebSocketMessageBrokerConfigurer {
 
     private final WebSocketMessageSecurityMetadataSourceRegistry inboundRegistry = new WebSocketMessageSecurityMetadataSourceRegistry();
 
-    private final WebSocketMessageSecurityMetadataSourceRegistry outboundRegistry = new WebSocketMessageSecurityMetadataSourceRegistry();
 
 
     public final void registerStompEndpoints(StompEndpointRegistry registry) {}
 
 
@@ -79,14 +78,6 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 
         }
 
     }
 
 
-    @Override
 
-    public final void configureClientOutboundChannel(ChannelRegistration registration) {
 
-        ChannelSecurityInterceptor outboundChannelSecurity = outboundChannelSecurity();
 
-        if(outboundRegistry.containsMapping()) {
 
-            registration.setInterceptors(securityContextChannelInterceptor(),outboundChannelSecurity);
 
-        }
 
-    }
 
-
 
     @Bean
 
     public ChannelSecurityInterceptor inboundChannelSecurity() {
 
         ChannelSecurityInterceptor channelSecurityInterceptor = new ChannelSecurityInterceptor(inboundMessageSecurityMetadataSource());
 
@@ -97,16 +88,6 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 
         return channelSecurityInterceptor;
 
     }
 
 
-    @Bean
 
-    public ChannelSecurityInterceptor outboundChannelSecurity() {
 
-        ChannelSecurityInterceptor channelSecurityInterceptor = new ChannelSecurityInterceptor(outboundMessageSecurityMetadataSource());
 
-        List<AccessDecisionVoter> voters = new ArrayList<AccessDecisionVoter>();
 
-        voters.add(new MessageExpressionVoter());
 
-        AffirmativeBased manager = new AffirmativeBased(voters);
 
-        channelSecurityInterceptor.setAccessDecisionManager(manager);
 
-        return channelSecurityInterceptor;
 
-    }
 
-
 
     @Bean
 
     public SecurityContextChannelInterceptor securityContextChannelInterceptor() {
 
         return new SecurityContextChannelInterceptor();
 
@@ -118,24 +99,12 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 
         return inboundRegistry.createMetadataSource();
 
     }
 
 
-    @Bean
 
-    public MessageSecurityMetadataSource outboundMessageSecurityMetadataSource() {
 
-        configureOutbound(outboundRegistry);
 
-        return outboundRegistry.createMetadataSource();
 
-    }
 
-
 
     /**
 
      *
 
      * @param messages
 
      */
 
     protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {}
 
 
-    /**
 
-     *
 
-     * @param messages
 
-     */
 
-    protected void configureOutbound(MessageSecurityMetadataSourceRegistry messages) {}
 
-
 
     private class WebSocketMessageSecurityMetadataSourceRegistry extends MessageSecurityMetadataSourceRegistry {
 
         @Override
 
         public MessageSecurityMetadataSource createMetadataSource() {
 
@@ -147,4 +116,4 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
 
             return super.containsMapping();
 
         }
 
     }
 
-}
 
+}