changed LSPWebSocketHandler to conform to SOnarCloud

Author: uiysg

app/src/main/java/tools/vitruv/methodologist/config/LspWebSocketHandler.java

@@ -6,7 +6,6 @@
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.io.OutputStreamWriter;
-import java.net.URI;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -38,12 +37,6 @@ public void afterConnectionEstablished(WebSocketSession session) throws Exceptio
     logger.info("=== WebSocket Connection Established ===");
     logger.info("Session ID: {}", session.getId());
 
-    // URI und Query-Parameter
-    URI uri = session.getUri();
-    logger.info("URI: {}", uri);
-    logger.info("Query String: {}", uri.getQuery());
-    logger.info("Path: {}", uri.getPath());
-
     // Session Attributes
     logger.info("Session Attributes:");
     session.getAttributes().forEach((key, value) -> logger.info("  {} = {}", key, value));
@@ -56,17 +49,10 @@ public void afterConnectionEstablished(WebSocketSession session) throws Exceptio
     logger.info("Principal: {}", session.getPrincipal());
 
     // Extrahierte Werte
-    Long userId = extractUserId(session);
     Long vsumId = extractProjectId(session);
-    logger.info("Extracted userId: {}", userId);
     logger.info("Extracted projectId: {}", vsumId);
     logger.info("=== End WebSocket Info ===");
 
-    if (userId == null) {
-      session.close(CloseStatus.POLICY_VIOLATION.withReason("userId required"));
-      return;
-    }
-
     Path sessionDir = Files.createTempDirectory("lsp-session-" + session.getId());
     Path userProject = sessionDir.resolve("UserProject");
     Path modelDir = userProject.resolve("model");
@@ -167,7 +153,6 @@ private class LspServerProcess {
     final BufferedWriter writer;
     final BufferedReader reader;
     private final Path tempDir;
-    private final Path userProject;
 
     LspServerProcess(
         WebSocketSession session,
@@ -181,40 +166,55 @@ private class LspServerProcess {
       this.writer = writer;
       this.reader = reader;
       this.tempDir = tempDir;
-      this.userProject = userProject;
     }
 
-    void readFromLsp() {
+    private int parseContentLength(String line) {
+      return Integer.parseInt(line.split(":")[1].trim());
+    }
+
+    private boolean handleContentLengthLine(String line) {
       try {
-        String line;
-        while ((line = reader.readLine()) != null) {
-          if (line.startsWith("Content-Length:")) {
-            try {
-              int contentLength = Integer.parseInt(line.split(":")[1].trim());
+        int contentLength = parseContentLength(line);
+
+        String separatorLine = reader.readLine(); // Skip empty line
+        if (separatorLine == null || !separatorLine.isEmpty()) {
+          logger.warn(
+              "Expected empty line after Content-Length header for session: {}, but got: '{}'",
+              session.getId(),
+              separatorLine);
+        }
 
-              reader.readLine(); // Skip empty line
+        char[] content = new char[contentLength];
+        int read = reader.read(content, 0, contentLength);
 
-              char[] content = new char[contentLength];
-              int read = reader.read(content, 0, contentLength);
+        if (read != contentLength) {
+          logger.warn(
+              "Expected {} bytes but read {} bytes from LSP for session: {}",
+              contentLength,
+              read,
+              session.getId());
+        }
 
-              if (read != contentLength) {
-                logger.warn(
-                    "Expected {} bytes but read {} bytes from LSP for session: {}",
-                    contentLength,
-                    read,
-                    session.getId());
-              }
+        String message = new String(content, 0, read);
+        session.sendMessage(new TextMessage(message));
 
-              String message = new String(content, 0, read);
-              session.sendMessage(new TextMessage(message));
+        return true;
+      } catch (NumberFormatException e) {
+        logger.error("Invalid Content-Length header from LSP for session: {}", session.getId(), e);
+        return true; // malformed message, but keep reading
+      } catch (IOException e) {
+        logger.error("Failed to send LSP message to WebSocket session: {}", session.getId(), e);
+        return false; // WebSocket is broken → caller should stop
+      }
+    }
 
-            } catch (NumberFormatException e) {
-              logger.error(
-                  "Invalid Content-Length header from LSP for session: {}", session.getId(), e);
-            } catch (IOException e) {
-              logger.error(
-                  "Failed to send LSP message to WebSocket session: {}", session.getId(), e);
-              break; // WebSocket is broken, no point in continuing
+    void readFromLsp() {
+      try {
+        String line;
+        while ((line = reader.readLine()) != null) {
+          if (line.startsWith("Content-Length:")) {
+            if (!handleContentLengthLine(line)) {
+              break; // stop reading if the WebSocket is broken
             }
           }
         }
@@ -245,78 +245,6 @@ void destroy() {
     }
   }
 
-  private Long extractUserId(WebSocketSession session) {
-    try {
-      String query = session.getUri().getQuery();
-      if (query != null && query.contains("userId=")) {
-        String userIdStr = extractQueryParam(query, "userId");
-        if (userIdStr != null) {
-          Long userId = Long.parseLong(userIdStr);
-          logger.debug("Extracted userId from query parameter: {}", userId);
-          return userId;
-        }
-      }
-
-      Object principal = session.getPrincipal();
-      if (principal != null) {
-        logger.debug("Principal type: {}", principal.getClass().getName());
-
-        if (principal
-            instanceof
-            org.springframework.security.oauth2.server.resource.authentication
-                .JwtAuthenticationToken) {
-          org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
-              jwt =
-                  (org.springframework.security.oauth2.server.resource.authentication
-                          .JwtAuthenticationToken)
-                      principal;
-
-          String sub = jwt.getToken().getClaim("sub");
-          if (sub != null) {
-            try {
-              Long userId = Long.parseLong(sub);
-              logger.debug("Extracted userId from JWT 'sub' claim: {}", userId);
-              return userId;
-            } catch (NumberFormatException e) {
-              logger.warn("JWT 'sub' claim is not a number: {}", sub);
-            }
-          }
-
-          Object userIdClaim = jwt.getToken().getClaim("userId");
-          if (userIdClaim != null) {
-            Long userId = Long.parseLong(userIdClaim.toString());
-            logger.debug("Extracted userId from JWT 'userId' claim: {}", userId);
-            return userId;
-          }
-
-          String email = jwt.getToken().getClaim("preferred_username");
-          if (email == null) {
-            email = jwt.getToken().getClaim("email");
-          }
-          if (email != null) {
-            logger.debug("Found email in JWT: {}, need to lookup userId", email);
-          }
-        }
-
-        logger.debug("Principal toString: {}", principal);
-      }
-
-      Object userIdAttr = session.getAttributes().get("userId");
-      if (userIdAttr != null) {
-        Long userId = Long.parseLong(userIdAttr.toString());
-        logger.debug("Extracted userId from session attributes: {}", userId);
-        return userId;
-      }
-
-      logger.warn("Could not extract userId from WebSocket session. URI: {}", session.getUri());
-      return null;
-
-    } catch (Exception e) {
-      logger.error("Error extracting userId from WebSocket session", e);
-      return null;
-    }
-  }
-
   private Long extractProjectId(WebSocketSession session) {
     try {
       String query = session.getUri().getQuery();

app/src/test/java/tools/vitruv/methodologist/vsum/service/LspWebSocketHandlerTest.java

@@ -1,6 +1,5 @@
 package tools.vitruv.methodologist.vsum.service;
 
-import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -14,7 +13,6 @@
 import java.util.Map;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.mockito.ArgumentCaptor;
 import org.springframework.http.HttpHeaders;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
@@ -74,27 +72,6 @@ void afterConnectionEstablished_withValidUserId_createsLspProcess() throws Excep
     verify(session, never()).close(any(CloseStatus.class));
   }
 
-  /**
-   * Verifies that a WebSocket connection without userId parameter is rejected.
-   *
-   * <p>Expects the handler to close the session with POLICY_VIOLATION status and reason "userId
-   * required".
-   */
-  @Test
-  void afterConnectionEstablished_withoutUserId_closesSession() throws Exception {
-    URI uri = new URI("ws://localhost/lsp");
-    when(session.getUri()).thenReturn(uri);
-
-    handler.afterConnectionEstablished(session);
-
-    ArgumentCaptor<CloseStatus> statusCaptor = ArgumentCaptor.forClass(CloseStatus.class);
-    verify(session).close(statusCaptor.capture());
-
-    CloseStatus capturedStatus = statusCaptor.getValue();
-    assertThat(capturedStatus.getCode()).isEqualTo(CloseStatus.POLICY_VIOLATION.getCode());
-    assertThat(capturedStatus.getReason()).contains("userId required");
-  }
-
   /**
    * Verifies that userId can be extracted from URL query parameters.
    *