spring-security-messaging uses PathMatcher in two places:

  • [ ] SimpDestinationMessageMatcher should be deprecated and replaced
  • [ ] MessageMatcherDelegatingAuthorizationManager should deprecate and replace its use of PathMatcher
  • [ ] MessageMatcherAuthorizationManagerConfiguration should not retrieve and configuration a PathMatcher

To construct a PathPattern from a given pattern do:

PathPatternParser parser = PathPatternParser.defaultInstance;
PathPattern pathPattern = parser.parse(pattern);

To compare a PathPattern to a message destination, do:

String destination = SimpMessageHeaderAccessor.getDestination(message.getHeaders());
PathContainer pathContainer = PathContainer.parsePath(destination);
PathMatchInfo match = pathPattern.matchAndExtract(pathContainer);

Please take a look at PathPatternRequestMatcher for implementation guidance.

Comment From: pat-mccusker

Hi @jzheaux, is this still up for grabs/not accounted for in the other mentioned issues? I'd like to work on it.

Comment From: jzheaux

Hi, @pat-mccusker, yes, thanks for volunteering!