From 159a99bbafdd6c01871228113d7042c3f83f360f Mon Sep 17 00:00:00 2001 From: rstoyanchev Date: Fri, 29 Apr 2022 10:41:16 +0100 Subject: [PATCH] Ignore invalid STOMP frame Closes gh-28444 --- .../broker/SimpleBrokerMessageHandler.java | 8 +++++- .../stomp/StompBrokerRelayMessageHandler.java | 8 +++++- .../StompBrokerRelayMessageHandlerTests.java | 26 ++++++++++++++++++- 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/SimpleBrokerMessageHandler.java b/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/SimpleBrokerMessageHandler.java index bcfe2dc3fe61..7f795eb67e30 100644 --- a/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/SimpleBrokerMessageHandler.java +++ b/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/SimpleBrokerMessageHandler.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -306,6 +306,12 @@ protected void handleMessageInternal(Message message) { else if (SimpMessageType.CONNECT.equals(messageType)) { logMessage(message); if (sessionId != null) { + if (this.sessions.get(sessionId) != null) { + if (logger.isWarnEnabled()) { + logger.warn("Ignoring CONNECT in session " + sessionId + ". Already connected."); + } + return; + } long[] heartbeatIn = SimpMessageHeaderAccessor.getHeartbeat(headers); long[] heartbeatOut = getHeartbeatValue(); Principal user = SimpMessageHeaderAccessor.getUser(headers); diff --git a/spring-messaging/src/main/java/org/springframework/messaging/simp/stomp/StompBrokerRelayMessageHandler.java b/spring-messaging/src/main/java/org/springframework/messaging/simp/stomp/StompBrokerRelayMessageHandler.java index b5792593036e..265b0daa2f15 100644 --- a/spring-messaging/src/main/java/org/springframework/messaging/simp/stomp/StompBrokerRelayMessageHandler.java +++ b/spring-messaging/src/main/java/org/springframework/messaging/simp/stomp/StompBrokerRelayMessageHandler.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -532,6 +532,12 @@ else if (accessor instanceof SimpMessageHeaderAccessor) { } if (StompCommand.CONNECT.equals(command) || StompCommand.STOMP.equals(command)) { + if (this.connectionHandlers.get(sessionId) != null) { + if (logger.isWarnEnabled()) { + logger.warn("Ignoring CONNECT in session " + sessionId + ". Already connected."); + } + return; + } if (logger.isDebugEnabled()) { logger.debug(stompAccessor.getShortLogMessage(EMPTY_PAYLOAD)); } diff --git a/spring-messaging/src/test/java/org/springframework/messaging/simp/stomp/StompBrokerRelayMessageHandlerTests.java b/spring-messaging/src/test/java/org/springframework/messaging/simp/stomp/StompBrokerRelayMessageHandlerTests.java index daf146fe2421..635f35945759 100644 --- a/spring-messaging/src/test/java/org/springframework/messaging/simp/stomp/StompBrokerRelayMessageHandlerTests.java +++ b/spring-messaging/src/test/java/org/springframework/messaging/simp/stomp/StompBrokerRelayMessageHandlerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -223,6 +223,30 @@ void systemSubscription() { assertThat(captor.getValue()).isSameAs(message); } + @Test + void alreadyConnected() { + + this.brokerRelay.start(); + + Message connect = connectMessage("sess1", "joe"); + this.brokerRelay.handleMessage(connect); + + assertThat(this.tcpClient.getSentMessages().size()).isEqualTo(2); + + StompHeaderAccessor headers1 = this.tcpClient.getSentHeaders(0); + assertThat(headers1.getCommand()).isEqualTo(StompCommand.CONNECT); + assertThat(headers1.getSessionId()).isEqualTo(StompBrokerRelayMessageHandler.SYSTEM_SESSION_ID); + + StompHeaderAccessor headers2 = this.tcpClient.getSentHeaders(1); + assertThat(headers2.getCommand()).isEqualTo(StompCommand.CONNECT); + assertThat(headers2.getSessionId()).isEqualTo("sess1"); + + this.brokerRelay.handleMessage(connect); + + assertThat(this.tcpClient.getSentMessages().size()).isEqualTo(2); + assertThat(this.outboundChannel.getMessages()).isEmpty(); + } + private Message connectMessage(String sessionId, String user) { StompHeaderAccessor headers = StompHeaderAccessor.create(StompCommand.CONNECT); headers.setSessionId(sessionId);