Add PathPatternMessageMatcher

Closes spring-projectsgh-16500

Signed-off-by: Pat McCusker <[email protected]>

Author: pat-mccusker

config/src/main/java/org/springframework/security/config/annotation/web/socket/MessageMatcherAuthorizationManagerConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@
 import org.springframework.context.annotation.Scope;
 import org.springframework.messaging.simp.annotation.support.SimpAnnotationMethodMessageHandler;
 import org.springframework.security.messaging.access.intercept.MessageMatcherDelegatingAuthorizationManager;
+import org.springframework.security.messaging.util.matcher.MessageMatcherFactory;
 import org.springframework.util.AntPathMatcher;
 
 final class MessageMatcherAuthorizationManagerConfiguration {
@@ -29,6 +30,7 @@ final class MessageMatcherAuthorizationManagerConfiguration {
 	@Scope("prototype")
 	MessageMatcherDelegatingAuthorizationManager.Builder messageAuthorizationManagerBuilder(
 			ApplicationContext context) {
+		MessageMatcherFactory.setApplicationContext(context);
 		return MessageMatcherDelegatingAuthorizationManager.builder()
 			.simpDestPathMatcher(
 					() -> (context.getBeanNamesForType(SimpAnnotationMethodMessageHandler.class).length > 0)

messaging/src/main/java/org/springframework/security/messaging/access/intercept/MessageMatcherDelegatingAuthorizationManager.java

@@ -17,6 +17,7 @@
 package org.springframework.security.messaging.access.intercept;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 import java.util.function.Supplier;
@@ -34,10 +35,13 @@
 import org.springframework.security.authorization.SingleResultAuthorizationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.messaging.util.matcher.MessageMatcher;
+import org.springframework.security.messaging.util.matcher.MessageMatcherFactory;
+import org.springframework.security.messaging.util.matcher.PathPatternMessageMatcher;
 import org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher;
 import org.springframework.security.messaging.util.matcher.SimpMessageTypeMatcher;
 import org.springframework.util.AntPathMatcher;
 import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.PathMatcher;
 import org.springframework.util.function.SingletonSupplier;
 
@@ -85,15 +89,17 @@ public AuthorizationDecision check(Supplier<Authentication> authentication, Mess
 	}
 
 	private MessageAuthorizationContext<?> authorizationContext(MessageMatcher<?> matcher, Message<?> message) {
-		if (!matcher.matches((Message) message)) {
+		MessageMatcher.MatchResult matchResult = matcher.matcher((Message) message);
+		if (!matchResult.isMatch()) {
 			return null;
 		}
-		if (matcher instanceof SimpDestinationMessageMatcher simp) {
-			return new MessageAuthorizationContext<>(message, simp.extractPathVariables(message));
+
+		if (!CollectionUtils.isEmpty(matchResult.getVariables())) {
+			return new MessageAuthorizationContext<>(message, matchResult.getVariables());
 		}
-		if (matcher instanceof Builder.LazySimpDestinationMessageMatcher) {
-			Builder.LazySimpDestinationMessageMatcher path = (Builder.LazySimpDestinationMessageMatcher) matcher;
-			return new MessageAuthorizationContext<>(message, path.extractPathVariables(message));
+
+		if (matcher instanceof Builder.LazySimpDestinationMessageMatcher pathMatcher) {
+			return new MessageAuthorizationContext<>(message, pathMatcher.extractPathVariables(message));
 		}
 		return new MessageAuthorizationContext<>(message);
 	}
@@ -113,6 +119,7 @@ public static final class Builder {
 
 		private final List<Entry<AuthorizationManager<MessageAuthorizationContext<?>>>> mappings = new ArrayList<>();
 
+		@Deprecated
 		private Supplier<PathMatcher> pathMatcher = AntPathMatcher::new;
 
 		public Builder() {
@@ -133,11 +140,11 @@ public Builder.Constraint anyMessage() {
 		 * @return the Expression to associate
 		 */
 		public Builder.Constraint nullDestMatcher() {
-			return matchers(SimpDestinationMessageMatcher.NULL_DESTINATION_MATCHER);
+			return matchers(PathPatternMessageMatcher.NULL_DESTINATION_MATCHER);
 		}
 
 		/**
-		 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances.
+		 * Maps a {@link List} of {@link SimpMessageTypeMatcher} instances.
 		 * @param typesToMatch the {@link SimpMessageType} instance to match on
 		 * @return the {@link Builder.Constraint} associated to the matchers.
 		 */
@@ -151,56 +158,58 @@ public Builder.Constraint simpTypeMatchers(SimpMessageType... typesToMatch) {
 		}
 
 		/**
-		 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances without
-		 * regard to the {@link SimpMessageType}. If no destination is found on the
-		 * Message, then the Matcher returns false.
-		 * @param patterns the patterns to create
-		 * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
-		 * from.
+		 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} (or
+		 * {@link PathPatternMessageMatcher} if the application has configured a
+		 * {@link org.springframework.security.messaging.util.matcher.PathPatternMessageMatcherBuilderFactoryBean})
+		 * instances without regard to the {@link SimpMessageType}. If no destination is
+		 * found on the Message, then the Matcher returns false.
+		 * @param patterns the patterns to create {@code MessageMatcher}s from.
 		 */
 		public Builder.Constraint simpDestMatchers(String... patterns) {
 			return simpDestMatchers(null, patterns);
 		}
 
 		/**
-		 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances that
-		 * match on {@code SimpMessageType.MESSAGE}. If no destination is found on the
-		 * Message, then the Matcher returns false.
-		 * @param patterns the patterns to create
-		 * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
-		 * from.
+		 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} (or
+		 * {@link PathPatternMessageMatcher} if the application has configured a
+		 * {@link org.springframework.security.messaging.util.matcher.PathPatternMessageMatcherBuilderFactoryBean})
+		 * instances that match on {@code SimpMessageType.MESSAGE}. If no destination is
+		 * found on the Message, then the Matcher returns false.
+		 * @param patterns the patterns to create {@code MessageMatcher}s from.
 		 */
 		public Builder.Constraint simpMessageDestMatchers(String... patterns) {
 			return simpDestMatchers(SimpMessageType.MESSAGE, patterns);
 		}
 
 		/**
-		 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances that
-		 * match on {@code SimpMessageType.SUBSCRIBE}. If no destination is found on the
-		 * Message, then the Matcher returns false.
-		 * @param patterns the patterns to create
-		 * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
-		 * from.
+		 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} (or
+		 * {@link PathPatternMessageMatcher} if the application has configured a
+		 * {@link org.springframework.security.messaging.util.matcher.PathPatternMessageMatcherBuilderFactoryBean})
+		 * instances that match on {@code SimpMessageType.SUBSCRIBE}. If no destination is
+		 * found on the Message, then the Matcher returns false.
+		 * @param patterns the patterns to create {@code MessageMatcher}s from.
 		 */
 		public Builder.Constraint simpSubscribeDestMatchers(String... patterns) {
 			return simpDestMatchers(SimpMessageType.SUBSCRIBE, patterns);
 		}
 
 		/**
-		 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances. If no
-		 * destination is found on the Message, then the Matcher returns false.
+		 * Maps a {@link List} of {@link SimpDestinationMessageMatcher} instances, or
+		 * {@link PathPatternMessageMatcher} if the application has configured a
+		 * {@link org.springframework.security.messaging.util.matcher.PathPatternMessageMatcherBuilderFactoryBean}.
+		 * If no destination is found on the Message, then the Matcher returns false.
 		 * @param type the {@link SimpMessageType} to match on. If null, the
 		 * {@link SimpMessageType} is not considered for matching.
-		 * @param patterns the patterns to create
-		 * {@link org.springframework.security.messaging.util.matcher.SimpDestinationMessageMatcher}
-		 * from.
+		 * @param patterns the patterns to create {@code MessageMatcher}s from.
 		 * @return the {@link Builder.Constraint} that is associated to the
 		 * {@link MessageMatcher}
 		 */
 		private Builder.Constraint simpDestMatchers(SimpMessageType type, String... patterns) {
 			List<MessageMatcher<?>> matchers = new ArrayList<>(patterns.length);
 			for (String pattern : patterns) {
-				MessageMatcher<Object> matcher = new LazySimpDestinationMessageMatcher(pattern, type);
+				MessageMatcher<Object> matcher = MessageMatcherFactory.usesPathPatterns()
+						? MessageMatcherFactory.matcher(pattern, type)
+						: new LazySimpDestinationMessageMatcher(pattern, type);
 				matchers.add(matcher);
 			}
 			return new Builder.Constraint(matchers);
@@ -212,7 +221,9 @@ private Builder.Constraint simpDestMatchers(SimpMessageType type, String... patt
 		 * constructor of {@link AntPathMatcher}.
 		 * @param pathMatcher the {@link PathMatcher} to use. Cannot be null.
 		 * @return the {@link Builder} for further customization.
+		 * @deprecated
 		 */
+		@Deprecated
 		public Builder simpDestPathMatcher(PathMatcher pathMatcher) {
 			Assert.notNull(pathMatcher, "pathMatcher cannot be null");
 			this.pathMatcher = () -> pathMatcher;
@@ -225,7 +236,9 @@ public Builder simpDestPathMatcher(PathMatcher pathMatcher) {
 		 * computation or lookup of the {@link PathMatcher}.
 		 * @param pathMatcher the {@link PathMatcher} to use. Cannot be null.
 		 * @return the {@link Builder} for further customization.
+		 * @deprecated
 		 */
+		@Deprecated
 		public Builder simpDestPathMatcher(Supplier<PathMatcher> pathMatcher) {
 			Assert.notNull(pathMatcher, "pathMatcher cannot be null");
 			this.pathMatcher = pathMatcher;
@@ -241,9 +254,7 @@ public Builder simpDestPathMatcher(Supplier<PathMatcher> pathMatcher) {
 		 */
 		public Builder.Constraint matchers(MessageMatcher<?>... matchers) {
 			List<MessageMatcher<?>> builders = new ArrayList<>(matchers.length);
-			for (MessageMatcher<?> matcher : matchers) {
-				builders.add(matcher);
-			}
+			builders.addAll(Arrays.asList(matchers));
 			return new Builder.Constraint(builders);
 		}
 
@@ -382,6 +393,7 @@ public Builder access(AuthorizationManager<MessageAuthorizationContext<?>> autho
 
 		}
 
+		@Deprecated
 		private final class LazySimpDestinationMessageMatcher implements MessageMatcher<Object> {
 
 			private final Supplier<SimpDestinationMessageMatcher> delegate;
@@ -421,7 +433,7 @@ private static final class Entry<T> {
 
 		private final T entry;
 
-		Entry(MessageMatcher requestMatcher, T entry) {
+		Entry(MessageMatcher<?> requestMatcher, T entry) {
 			this.messageMatcher = requestMatcher;
 			this.entry = entry;
 		}

messaging/src/main/java/org/springframework/security/messaging/util/matcher/MessageMatcherFactory.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright 2002-2025 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.messaging.util.matcher;
+
+import org.springframework.context.ApplicationContext;
+import org.springframework.messaging.simp.SimpMessageType;
+
+@Deprecated(forRemoval = true)
+public final class MessageMatcherFactory {
+
+	private static PathPatternMessageMatcher.Builder builder;
+
+	public static void setApplicationContext(ApplicationContext context) {
+		builder = context.getBeanProvider(PathPatternMessageMatcher.Builder.class).getIfUnique();
+	}
+
+	public static boolean usesPathPatterns() {
+		return builder != null;
+	}
+
+	public static MessageMatcher<?> matcher(String destination) {
+		return builder.matcher(destination);
+	}
+
+	public static MessageMatcher<Object> matcher(String destination, SimpMessageType type) {
+		return (type != null) ? builder.matcher(destination, type) : builder.matcher(destination);
+	}
+
+	private MessageMatcherFactory() {
+	}
+
+}