SEC-2833: Rossen's feedback on WebSocket

config/src/main/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistry.java

@@ -113,7 +113,7 @@ public class MessageSecurityMetadataSourceRegistry {
      * @return the {@link Constraint}  that is associated to the {@link MessageMatcher}
      * @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
      */
-    public Constraint simpDestMessageMatchers(String... patterns) {
+    public Constraint simpMessageDestMatchers(String... patterns) {
         return simpDestMatchers(SimpMessageType.MESSAGE, patterns);
     }
 
@@ -128,7 +128,7 @@ public class MessageSecurityMetadataSourceRegistry {
      * @return the {@link Constraint}  that is associated to the {@link MessageMatcher}
      * @see {@link MessageSecurityMetadataSourceRegistry#simpDestPathMatcher(PathMatcher)}
      */
-    public Constraint simpDestSubscribeMatchers(String... patterns) {
+    public Constraint simpSubscribeDestMatchers(String... patterns) {
         return simpDestMatchers(SimpMessageType.SUBSCRIBE, patterns);
     }
 

config/src/main/java/org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.java

@@ -46,8 +46,8 @@ import java.util.List;
  *   @Override
  *   protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
  *     messages
- *       .antMatchers("/user/queue/errors").permitAll()
- *       .antMatchers("/admin/**").hasRole("ADMIN")
+ *       .simpDestMatchers("/user/queue/errors").permitAll()
+ *       .simpDestMatchers("/admin/**").hasRole("ADMIN")
  *       .anyMessage().authenticated();
  *   }
  * }
@@ -61,7 +61,7 @@ import java.util.List;
 public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends AbstractWebSocketMessageBrokerConfigurer {
     private final WebSocketMessageSecurityMetadataSourceRegistry inboundRegistry = new WebSocketMessageSecurityMetadataSourceRegistry();
 
-    public final void registerStompEndpoints(StompEndpointRegistry registry) {}
+    public void registerStompEndpoints(StompEndpointRegistry registry) {}
 
     @Override
     public void addArgumentResolvers(
@@ -76,6 +76,15 @@ public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends A
         if(inboundRegistry.containsMapping()) {
             registration.setInterceptors(securityContextChannelInterceptor(),inboundChannelSecurity);
         }
+        customizeClientInboundChannel(registration);
+    }
+
+    /**
+     * Allows subclasses to customize the configuration of the {@link ChannelRegistration}.
+     *
+     * @param registration the {@link ChannelRegistration} to customize
+     */
+    protected void customizeClientInboundChannel(ChannelRegistration registration) {
     }
 
     @Bean

config/src/test/java/org/springframework/security/config/annotation/web/messaging/MessageSecurityMetadataSourceRegistryTests.java

@@ -225,7 +225,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
     @Test
     public void simpDestMessageMatchersNotMatch() {
         messages
-                .simpDestMessageMatchers("admin/**").denyAll()
+                .simpMessageDestMatchers("admin/**").denyAll()
                 .anyMessage().permitAll();
 
         assertThat(getAttribute()).isEqualTo("permitAll");
@@ -234,7 +234,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
     @Test
     public void simpDestMessageMatchersMatch() {
         messages
-                .simpDestMessageMatchers("location/**").denyAll()
+                .simpMessageDestMatchers("location/**").denyAll()
                 .anyMessage().permitAll();
 
         assertThat(getAttribute()).isEqualTo("denyAll");
@@ -243,7 +243,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
     @Test
     public void simpDestSubscribeMatchersNotMatch() {
         messages
-                .simpDestSubscribeMatchers("location/**").denyAll()
+                .simpSubscribeDestMatchers("location/**").denyAll()
                 .anyMessage().permitAll();
 
         assertThat(getAttribute()).isEqualTo("permitAll");
@@ -256,7 +256,7 @@ public class MessageSecurityMetadataSourceRegistryTests {
                     .build();
 
         messages
-                .simpDestSubscribeMatchers("location/**").denyAll()
+                .simpSubscribeDestMatchers("location/**").denyAll()
                 .anyMessage().permitAll();
 
         assertThat(getAttribute()).isEqualTo("denyAll");

core/src/main/java/org/springframework/security/core/annotation/AuthenticationPrincipal.java

@@ -30,7 +30,7 @@ import org.springframework.security.core.Authentication;
  * @author Rob Winch
  * @since 4.0
  *
- * @see AuthenticationPrincipalArgumentResolver
+ * @see org.springframework.security.messaging.context.AuthenticationPrincipalArgumentResolver
  */
 @Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE })
 @Retention(RetentionPolicy.RUNTIME)