Skip to content

Simplify Websocket Csrf Processor XML Configuration #17248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 17, 2025
Merged

Simplify Websocket Csrf Processor XML Configuration #17248

merged 2 commits into from
Jun 17, 2025
+10 −10

Conversation

evga7
Copy link
Contributor

@evga7 evga7 commented Jun 14, 2025
edited
Loading

This PR refactors the class matching logic for CSRF token handshake interceptor registration in MessageSecurityPostProcessor.

Changes

  • Replaces multiple else-if conditions checking beanClassName with a single Set<String> lookup
  • Introduces CSRF_HANDSHAKE_HANDLER_CLASSES as a static, final, and immutable constant using Collections.unmodifiableSet(...)
  • Preserves existing behavior while improving readability and maintainability
  • Keeps import statements explicit (avoids wildcard imports)

Why

  • Removes duplicate string checks
  • Prevents potential copy-paste errors
  • Makes it easier to extend or maintain the list of supported handshake handler classes

Let me know if further refinement or test adjustments are needed.

@evga7 evga7 closed this Jun 14, 2025
@evga7 evga7 reopened this Jun 14, 2025
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jun 14, 2025
@evga7 evga7 force-pushed the refactor/unify-handshake-handler-check branch from 21443de to fd7adfc Compare June 14, 2025 20:15
@evga7 evga7 force-pushed the refactor/unify-handshake-handler-check branch 2 times, most recently from b116d9f to ca5b610 Compare June 17, 2025 08:46
@jzheaux jzheaux self-assigned this Jun 17, 2025
@jzheaux jzheaux added in: config An issue in spring-security-config type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Jun 17, 2025
@jzheaux jzheaux added this to the 7.0.0-M1 milestone Jun 17, 2025
@evga7 @jzheaux
Simplify Csrf Processor Decision Logic
cac020c 
Replaces repeated if-else string comparisons with a Set.contains() check
for known WebSocket handshake handler class names in MessageSecurityPostProcessor.

Improves readability and maintainability without changing behavior.

Signed-off-by: Wonpyo Hong <evga7@naver.com>
@jzheaux jzheaux force-pushed the refactor/unify-handshake-handler-check branch from ca5b610 to cac020c Compare June 17, 2025 22:14
@jzheaux jzheaux changed the title Refactor: unify WebSocket handshake handler class matching logic Simplify Websocket Csrf Processor XML Configuration Jun 17, 2025
@jzheaux jzheaux enabled auto-merge (rebase) June 17, 2025 22:43
@jzheaux
Copy link
Contributor

jzheaux commented Jun 17, 2025

Thanks, @evga7 for this cleanup! It'll be merged into main once the build completes.

Let me know if further refinement or test adjustments are needed.

Not at this point, though for future PRs, you can build using:

./gradlew format && ./gradle checkstyleMain checkstyleTest

This will advise you of any formatting or style issues that need addressing.

@jzheaux jzheaux merged commit 42e24aa into spring-projects:main Jun 17, 2025
6 checks passed
@evga7
Copy link
Contributor Author

evga7 commented Jun 17, 2025

Thanks for reviewing and merging!
I'll make sure to run ./gradlew format and ./gradlew checkstyleTest in future PRs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ronodhirSoumik ronodhirSoumik ronodhirSoumik left review comments

Assignees

@jzheaux jzheaux

Labels
in: config An issue in spring-security-config type: enhancement A general enhancement
Projects
None yet
Milestone
7.0.0-M1
Development

Successfully merging this pull request may close these issues.
4 participants
@evga7 @jzheaux @ronodhirSoumik @spring-projects-issues