refactor(websocket): unify handshake handler class check with Set

evga7 · evga7 · commit fd7adfc608b9 · 2025-06-15T05:15:15.000+09:00
Replaces repeated if-else string comparisons with a Set.contains() check
for known WebSocket handshake handler class names in MessageSecurityPostProcessor.

Improves readability and maintainability without changing behavior.

Signed-off-by: evga7 &lt;evga7@naver.com&gt;
diff --git a/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/websocket/WebSocketMessageBrokerSecurityBeanDefinitionParser.java
@@ -19,6 +19,10 @@
 import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
+import java.util.HashSet;
+import java.util.Arrays;
+
 import java.util.function.Supplier;
 
 import org.w3c.dom.Element;
@@ -307,6 +311,12 @@ static class MessageSecurityPostProcessor implements BeanDefinitionRegistryPostP
 
 		private static final String TEMPLATE_EXPRESSION_BEAN_ID = "annotationExpressionTemplateDefaults";
 
+		private static final Set<String> CSRF_HANDSHAKE_HANDLER_CLASSES = new HashSet<>(Arrays.asList(
+				"org.springframework.web.socket.server.support.WebSocketHttpRequestHandler",
+				"org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService",
+				"org.springframework.web.socket.sockjs.transport.handler.DefaultSockJsService"
+		));
+
 		private final String inboundSecurityInterceptorId;
 
 		private final boolean sameOriginDisabled;
@@ -345,16 +355,7 @@ public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) t
 						}
 					}
 				}
-				else if ("org.springframework.web.socket.server.support.WebSocketHttpRequestHandler"
-					.equals(beanClassName)) {
-					addCsrfTokenHandshakeInterceptor(bd);
-				}
-				else if ("org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService"
-					.equals(beanClassName)) {
-					addCsrfTokenHandshakeInterceptor(bd);
-				}
-				else if ("org.springframework.web.socket.sockjs.transport.handler.DefaultSockJsService"
-					.equals(beanClassName)) {
+				else if (CSRF_HANDSHAKE_HANDLER_CLASSES.contains(beanClassName)) {
 					addCsrfTokenHandshakeInterceptor(bd);
 				}
 			}
