Source code under question:
@Configuration
public class PresenceEventListener {
@EventListener
public void handleSessionConnected(SessionConnectEvent event) {
SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.wrap(event.getMessage());
Principal principal = headers.getUser();
/* custom logic with principal.getName() */
}
@EventListener
public void handleSessionDisconnect(SessionDisconnectEvent event) {
SimpMessageHeaderAccessor headers = SimpMessageHeaderAccessor.wrap(event.getMessage());
Principal principal = headers.getUser();
/* custom logic with principal.getName() */
}
}
This code is more or less identical in all examples I could find. Here's one reference...
By upgrading from spring-boot v1.5 to v2, Findbugs complains about .getName() because principal might be null, and is unchecked.
This is because spring-messaging, since v5, has marked method SimpMessageHeaderAccessor#getUser as @Nullable.
My question is how is this supposed to be handled properly? (i.e. when #getUser returns null)
Should the code throw an exception? do nothing?
And what does it actually mean that the user is null in this context?
Could this be considered a hacking attempt ?
Principal principal = headers.getUser();
if (principal == null) {
// what should happen here ?
}
Thanks !
