Encode user name in user-specific message destinations. [SPR-11302]

[spring-projects-issues]

Pierre Fouché opened SPR-11302 and commented

The DefaultUserDestinationResolver in org.springframework.messaging.simp.user uses the user name obtained from the current Principal to build user-specific destinations.

However the user name can itself be a URI in some cases (eg when using OpenId authentication). Having slashes in the user name breaks the resolution of the targetDestination.

It seems to me that encoding (using SHA-1 for instance) the user name would make the algorithm more robust.

---

Affects: 4.0 GA

Referenced from: commits d03fb89

[spring-projects-issues]

Rossen Stoyanchev commented

Seems like a good idea to turn the user name into an opaque token.

[spring-projects-issues]

Rossen Stoyanchev commented

I've opted for simple percent encoding of "/" characters found in a user name when sending messages through the SimpMessagingTemplate. On the reverse end, the DefaultUserDestinationResolver decodes the user name after it is parsed out. This should be sufficient for the purpose of parsing the user destination. If you have a chance to confirm the fix that would be great. Thanks!