Skip to content

SEC-3026: simpSubscribeDestMatchers should match also the disconnect event #3185

New issue
New issue
Open
Open
SEC-3026: simpSubscribeDestMatchers should match also the disconnect event#3185
Labels
in: messagingAn issue in spring-security-messagingtype: enhancementA general enhancementtype: jiraAn issue that was migrated from JIRA
@spring-projects-issues

Description

@spring-projects-issues
spring-projects-issues
opened on Jul 3, 2015

Alex (Migrated from SEC-3026) said:

In my websocket security I've a rule similar to the usual one:

bq. .simpSubscribeDestMatchers("/topic/**").permitAll()

this is nice because it allows any client to subscribe to public queues, but it has a problem: it does not allow them to unsubscribe.

So another method with a tentative name like simpUnsubscribeDestMatchers would be needed for that, or maybe better a method that can match both subscribe and unsubscribe type of messages in order to apply the security policy

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: messagingAn issue in spring-security-messagingtype: enhancementA general enhancementtype: jiraAn issue that was migrated from JIRA

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions