|
|
|
@ -303,10 +303,15 @@ public class TransportHandlingSockJsService extends AbstractSockJsService implem |
|
|
|
} |
|
|
|
} |
|
|
|
else { |
|
|
|
else { |
|
|
|
Principal principal = session.getPrincipal(); |
|
|
|
Principal principal = session.getPrincipal(); |
|
|
|
if (principal != null && !principal.equals(request.getPrincipal())) { |
|
|
|
if (principal != null) { |
|
|
|
logger.debug("The user for the session does not match the user for the request."); |
|
|
|
// Compare usernames, not full equality (different login timestamps)
|
|
|
|
response.setStatusCode(HttpStatus.NOT_FOUND); |
|
|
|
Principal currentPrincipal = request.getPrincipal(); |
|
|
|
return; |
|
|
|
if (!principal.equals(currentPrincipal) && |
|
|
|
|
|
|
|
(currentPrincipal == null || !principal.getName().equals(currentPrincipal.getName()))) { |
|
|
|
|
|
|
|
logger.debug("The user for the session does not match the user for the request."); |
|
|
|
|
|
|
|
response.setStatusCode(HttpStatus.NOT_FOUND); |
|
|
|
|
|
|
|
return; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
if (!transportHandler.checkSessionType(session)) { |
|
|
|
if (!transportHandler.checkSessionType(session)) { |
|
|
|
logger.debug("Session type does not match the transport type for the request."); |
|
|
|
logger.debug("Session type does not match the transport type for the request."); |
|
|
|
|
rstoyanchev
1 month ago