Skip to content

Improve user check in TransportHandlingSockJsService #35753

New issue
New issue
Closed
Closed
Improve user check in TransportHandlingSockJsService#35753
Assignees
rstoyanchev
Labels
in: webIssues in web modules (web, webmvc, webflux, websocket)type: enhancementA general enhancement
Milestone
7.0.0
@rstoyanchev

Description

@rstoyanchev
rstoyanchev
opened on Nov 4, 2025

Based on spring-projects/spring-security#18106, there is a Principal#equals check in TransportHandlingSockJsService to ensure the user of the current request matches the one that established the SockJsSession. In the latest version of Spring Security there is a refinement after which it fails, and is expected to fail due to a timestamp difference. The check is not essential and could be dropped or adjusted to compare user names only.

Metadata

Metadata

Assignees

Labels

in: webIssues in web modules (web, webmvc, webflux, websocket)type: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions