Add XML Testing Support

Author: jzheaux

config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java

@@ -305,7 +305,7 @@ static class MessageSecurityPostProcessor implements BeanDefinitionRegistryPostP
 
 		private static final String CUSTOM_ARG_RESOLVERS_PROP = "customArgumentResolvers";
 
-		private static final String TEMPLATE_EXPRESSION_BEAN_ID = "templateDefaults";
+		private static final String TEMPLATE_EXPRESSION_BEAN_ID = "annotationExpressionTemplateDefaults";
 
 		private final String inboundSecurityInterceptorId;
 
@@ -333,7 +333,7 @@ public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) t
 							AuthenticationPrincipalArgumentResolver.class);
 					if (registry.containsBeanDefinition(TEMPLATE_EXPRESSION_BEAN_ID)) {
 						beanDefinition.getPropertyValues()
-							.add(TEMPLATE_EXPRESSION_BEAN_ID, new RuntimeBeanReference(TEMPLATE_EXPRESSION_BEAN_ID));
+							.add("templateDefaults", new RuntimeBeanReference(TEMPLATE_EXPRESSION_BEAN_ID));
 					}
 					argResolvers.add(beanDefinition);
 					bd.getPropertyValues().add(CUSTOM_ARG_RESOLVERS_PROP, argResolvers);

config/src/test/java/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests.java

@@ -16,6 +16,10 @@
 
 package org.springframework.security.config.websocket;
 
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.function.Supplier;
@@ -47,6 +51,7 @@
 import org.springframework.messaging.support.GenericMessage;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.expression.SecurityExpressionOperations;
+import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.config.test.SpringTestContext;
@@ -55,6 +60,7 @@
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.context.SecurityContextHolderStrategy;
+import org.springframework.security.core.context.SecurityContextImpl;
 import org.springframework.security.messaging.access.expression.DefaultMessageSecurityExpressionHandler;
 import org.springframework.security.messaging.access.expression.MessageSecurityExpressionRoot;
 import org.springframework.security.test.context.annotation.SecurityTestExecutionListeners;
@@ -376,6 +382,24 @@ public void sendWhenNoIdMessageThenAuthenticationPrincipalResolved() {
 		assertThat(this.messageController.username).isEqualTo("anonymous");
 	}
 
+	@Test
+	public void sendMessageWhenMetaAnnotationThenAuthenticationPrincipalResolved() {
+		this.spring.configLocations(xml("SyncConfig")).autowire();
+		Authentication harold = new TestingAuthenticationToken("harold", "password", "ROLE_USER");
+		try {
+			getSecurityContextHolderStrategy().setContext(new SecurityContextImpl(harold));
+			this.clientInboundChannel.send(message("/hi"));
+			assertThat(this.spring.getContext().getBean(MessageController.class).message).isEqualTo("Hi, Harold!");
+			Authentication user = new TestingAuthenticationToken("user", "password", "ROLE_USER");
+			getSecurityContextHolderStrategy().setContext(new SecurityContextImpl(user));
+			this.clientInboundChannel.send(message("/hi"));
+			assertThat(this.spring.getContext().getBean(MessageController.class).message).isEqualTo("Hi, Stranger!");
+		}
+		finally {
+			getSecurityContextHolderStrategy().clearContext();
+		}
+	}
+
 	@Test
 	public void requestWhenConnectMessageThenUsesCsrfTokenHandshakeInterceptor() throws Exception {
 		this.spring.configLocations(xml("SyncConfig")).autowire();
@@ -553,16 +577,32 @@ public boolean isGenerated() {
 
 	}
 
+	@Retention(RetentionPolicy.RUNTIME)
+	@Target(ElementType.PARAMETER)
+	@AuthenticationPrincipal(expression = "#this.equals('{value}')")
+	@interface IsUser {
+
+		String value() default "user";
+
+	}
+
 	@Controller
 	static class MessageController {
 
 		String username;
 
+		String message;
+
 		@MessageMapping("/message")
 		void authentication(@AuthenticationPrincipal String username) {
 			this.username = username;
 		}
 
+		@MessageMapping("/hi")
+		void sayHello(@IsUser("harold") boolean isHarold) {
+			this.message = isHarold ? "Hi, Harold!" : "Hi, Stranger!";
+		}
+
 	}
 
 	@Controller

config/src/test/resources/org/springframework/security/config/websocket/WebSocketMessageBrokerConfigTests-SyncConfig.xml

@@ -28,4 +28,5 @@
 		<intercept-message pattern="/**" access="permitAll"/>
 	</websocket-message-broker>
 
+	<b:bean name="annotationExpressionTemplateDefaults" class="org.springframework.security.core.annotation.AnnotationTemplateExpressionDefaults"/>
 </b:beans>