Nullability fine-tuning based on IntelliJ IDEA 2018.3 inspection

Issue: SPR-15540

(cherry picked from commit bf272b0b21)

spring-beans/src/main/java/org/springframework/beans/ExtendedBeanInfo.java

@@ -314,6 +314,7 @@ class ExtendedBeanInfo implements BeanInfo {
 		}
 
 		@Override
+		@Nullable
 		public Class<?> getPropertyType() {
 			if (this.propertyType == null) {
 				try {
@@ -425,6 +426,7 @@ class ExtendedBeanInfo implements BeanInfo {
 		}
 
 		@Override
+		@Nullable
 		public Class<?> getPropertyType() {
 			if (this.propertyType == null) {
 				try {
@@ -460,6 +462,7 @@ class ExtendedBeanInfo implements BeanInfo {
 		}
 
 		@Override
+		@Nullable
 		public Class<?> getIndexedPropertyType() {
 			if (this.indexedPropertyType == null) {
 				try {

spring-context/src/main/java/org/springframework/context/annotation/ConfigurationClassEnhancer.java

@@ -395,6 +395,7 @@ class ConfigurationClassEnhancer {
 				Object beanInstance = (useArgs ? beanFactory.getBean(beanName, beanMethodArgs) :
 						beanFactory.getBean(beanName));
 				if (!ClassUtils.isAssignableValue(beanMethod.getReturnType(), beanInstance)) {
+					// Detect package-protected NullBean instance through equals(null) check
 					if (beanInstance.equals(null)) {
 						if (logger.isDebugEnabled()) {
 							logger.debug(String.format("@Bean method %s.%s called as bean reference " +

spring-context/src/main/java/org/springframework/jmx/support/ConnectorServerFactoryBean.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -170,11 +170,12 @@ public class ConnectorServerFactoryBean extends MBeanRegistrationSupport
 		try {
 			if (this.threaded) {
 				// Start the connector server asynchronously (in a separate thread).
+				final JMXConnectorServer serverToStart = this.connectorServer;
 				Thread connectorThread = new Thread() {
 					@Override
 					public void run() {
 						try {
-							connectorServer.start();
+							serverToStart.start();
 						}
 						catch (IOException ex) {
 							throw new JmxException("Could not start JMX connector server after delay", ex);

spring-jdbc/src/main/java/org/springframework/jdbc/core/namedparam/NamedParameterUtils.java

@@ -111,25 +111,25 @@ public abstract class NamedParameterUtils {
 			char c = statement[i];
 			if (c == ':' || c == '&') {
 				int j = i + 1;
-				if (j < statement.length && statement[j] == ':' && c == ':') {
+				if (c == ':' && j < statement.length && statement[j] == ':') {
 					// Postgres-style "::" casting operator should be skipped
 					i = i + 2;
 					continue;
 				}
 				String parameter = null;
-				if (j < statement.length && c == ':' && statement[j] == '{') {
+				if (c == ':' && j < statement.length && statement[j] == '{') {
 					// :{x} style parameter
-					while (j < statement.length && statement[j] != '}') {
+					while (statement[j] != '}') {
 						j++;
+						if (j >= statement.length) {
+							throw new InvalidDataAccessApiUsageException("Non-terminated named parameter declaration " +
+									"at position " + i + " in statement: " + sql);
+						}
 						if (statement[j] == ':' || statement[j] == '{') {
 							throw new InvalidDataAccessApiUsageException("Parameter name contains invalid character '" +
 									statement[j] + "' at position " + i + " in statement: " + sql);
 						}
 					}
-					if (j >= statement.length) {
-						throw new InvalidDataAccessApiUsageException(
-								"Non-terminated named parameter declaration at position " + i + " in statement: " + sql);
-					}
 					if (j - i > 2) {
 						parameter = sql.substring(i + 2, j);
 						namedParameterCount = addNewNamedParameter(namedParameters, namedParameterCount, parameter);
@@ -202,7 +202,7 @@ public abstract class NamedParameterUtils {
 	}
 
 	/**
-	 * Skip over comments and quoted names present in an SQL statement
+	 * Skip over comments and quoted names present in an SQL statement.
 	 * @param statement character array containing SQL statement
 	 * @param position current position of statement
 	 * @return next position to process after any comments or quotes are skipped

spring-jdbc/src/main/java/org/springframework/jdbc/object/RdbmsOperation.java

@@ -211,7 +211,7 @@ public abstract class RdbmsOperation implements InitializingBean {
 	 * Set the column names of the auto-generated keys.
 	 * @see java.sql.Connection#prepareStatement(String, String[])
 	 */
-	public void setGeneratedKeysColumnNames(String... names) {
+	public void setGeneratedKeysColumnNames(@Nullable String... names) {
 		if (isCompiled()) {
 			throw new InvalidDataAccessApiUsageException(
 					"The column names for the generated keys must be set before the operation is compiled");
@@ -230,7 +230,7 @@ public abstract class RdbmsOperation implements InitializingBean {
 	/**
 	 * Set the SQL executed by this operation.
 	 */
-	public void setSql(String sql) {
+	public void setSql(@Nullable String sql) {
 		this.sql = sql;
 	}
 
@@ -297,7 +297,7 @@ public abstract class RdbmsOperation implements InitializingBean {
 	 * Add one or more declared parameters. Used for configuring this operation
 	 * when used in a bean factory.  Each parameter will specify SQL type and (optionally)
 	 * the parameter's name.
-	 * @param parameters Array containing the declared {@link SqlParameter} objects
+	 * @param parameters an array containing the declared {@link SqlParameter} objects
 	 * @see #declaredParameters
 	 */
 	public void setParameters(SqlParameter... parameters) {

spring-jdbc/src/main/java/org/springframework/jdbc/object/SqlCall.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -40,13 +40,6 @@ import org.springframework.util.Assert;
  */
 public abstract class SqlCall extends RdbmsOperation {
 
-	/**
-	 * Object enabling us to create CallableStatementCreators
-	 * efficiently, based on this class's declared parameters.
-	 */
-	@Nullable
-	private CallableStatementCreatorFactory callableStatementFactory;
-
 	/**
 	 * Flag used to indicate that this call is for a function and to
 	 * use the {? = call get_invoice_count(?)} syntax.
@@ -54,20 +47,26 @@ public abstract class SqlCall extends RdbmsOperation {
 	private boolean function = false;
 
 	/**
-	 * Flag used to indicate that the sql for this call should be used exactly as it is
-	 * defined.  No need to add the escape syntax and parameter place holders.
+	 * Flag used to indicate that the sql for this call should be used exactly as
+	 * it is defined. No need to add the escape syntax and parameter place holders.
 	 */
 	private boolean sqlReadyForUse = false;
 
 	/**
 	 * Call string as defined in java.sql.CallableStatement.
-	 * String of form {call add_invoice(?, ?, ?)}
-	 * or {? = call get_invoice_count(?)} if isFunction is set to true
-	 * Updated after each parameter is added.
+	 * String of form {call add_invoice(?, ?, ?)} or {? = call get_invoice_count(?)}
+	 * if isFunction is set to true. Updated after each parameter is added.
 	 */
 	@Nullable
 	private String callString;
 
+	/**
+	 * Object enabling us to create CallableStatementCreators
+	 * efficiently, based on this class's declared parameters.
+	 */
+	@Nullable
+	private CallableStatementCreatorFactory callableStatementFactory;
+
 
 	/**
 	 * Constructor to allow use as a JavaBean.
@@ -83,8 +82,8 @@ public abstract class SqlCall extends RdbmsOperation {
 	/**
 	 * Create a new SqlCall object with SQL, but without parameters.
 	 * Must add parameters or settle with none.
-	 * @param ds DataSource to obtain connections from
-	 * @param sql SQL to execute
+	 * @param ds the DataSource to obtain connections from
+	 * @param sql the SQL to execute
 	 */
 	public SqlCall(DataSource ds, String sql) {
 		setDataSource(ds);
@@ -103,7 +102,7 @@ public abstract class SqlCall extends RdbmsOperation {
 	 * Return whether this call is for a function.
 	 */
 	public boolean isFunction() {
-		return function;
+		return this.function;
 	}
 
 	/**
@@ -117,7 +116,7 @@ public abstract class SqlCall extends RdbmsOperation {
 	 * Return whether the SQL can be used as is.
 	 */
 	public boolean isSqlReadyForUse() {
-		return sqlReadyForUse;
+		return this.sqlReadyForUse;
 	}
 
 
@@ -129,30 +128,32 @@ public abstract class SqlCall extends RdbmsOperation {
 	@Override
 	protected final void compileInternal() {
 		if (isSqlReadyForUse()) {
-			this.callString = getSql();
+			this.callString = resolveSql();
 		}
 		else {
+			StringBuilder callString = new StringBuilder(32);
 			List<SqlParameter> parameters = getDeclaredParameters();
 			int parameterCount = 0;
 			if (isFunction()) {
-				this.callString = "{? = call " + getSql() + "(";
+				callString.append("{? = call ").append(resolveSql()).append('(');
 				parameterCount = -1;
 			}
 			else {
-				this.callString = "{call " + getSql() + "(";
+				callString.append("{call ").append(resolveSql()).append('(');
 			}
 			for (SqlParameter parameter : parameters) {
-				if (!(parameter.isResultsParameter())) {
+				if (!parameter.isResultsParameter()) {
 					if (parameterCount > 0) {
-						this.callString += ", ";
+						callString.append(", ");
 					}
 					if (parameterCount >= 0) {
-						this.callString += "?";
+						callString.append('?');
 					}
 					parameterCount++;
 				}
 			}
-			this.callString += ")}";
+			callString.append(")}");
+			this.callString = callString.toString();
 		}
 		if (logger.isDebugEnabled()) {
 			logger.debug("Compiled stored procedure. Call string is [" + this.callString + "]");

spring-jdbc/src/test/java/org/springframework/jdbc/core/namedparam/NamedParameterUtilsTests.java

@@ -117,13 +117,13 @@ public class NamedParameterUtilsTests {
 	}
 
 	@Test(expected = InvalidDataAccessApiUsageException.class)
-	public void buildValueArrayWithMissingParameterValue() throws Exception {
+	public void buildValueArrayWithMissingParameterValue() {
 		String sql = "select count(0) from foo where id = :id";
 		NamedParameterUtils.buildValueArray(sql, Collections.<String, Object>emptyMap());
 	}
 
 	@Test
-	public void substituteNamedParametersWithStringContainingQuotes() throws Exception {
+	public void substituteNamedParametersWithStringContainingQuotes() {
 		String expectedSql = "select 'first name' from artists where id = ? and quote = 'exsqueeze me?'";
 		String sql = "select 'first name' from artists where id = :id and quote = 'exsqueeze me?'";
 		String newSql = NamedParameterUtils.substituteNamedParameters(sql, new MapSqlParameterSource());
@@ -131,7 +131,7 @@ public class NamedParameterUtilsTests {
 	}
 
 	@Test
-	public void testParseSqlStatementWithStringContainingQuotes() throws Exception {
+	public void testParseSqlStatementWithStringContainingQuotes() {
 		String expectedSql = "select 'first name' from artists where id = ? and quote = 'exsqueeze me?'";
 		String sql = "select 'first name' from artists where id = :id and quote = 'exsqueeze me?'";
 		ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
@@ -173,7 +173,7 @@ public class NamedParameterUtilsTests {
 	}
 
 	@Test  // SPR-4612
-	public void parseSqlStatementWithPostgresCasting() throws Exception {
+	public void parseSqlStatementWithPostgresCasting() {
 		String expectedSql = "select 'first name' from artists where id = ? and birth_date=?::timestamp";
 		String sql = "select 'first name' from artists where id = :id and birth_date=:birthDate::timestamp";
 		ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
@@ -181,7 +181,7 @@ public class NamedParameterUtilsTests {
 	}
 
 	@Test  // SPR-13582
-	public void parseSqlStatementWithPostgresContainedOperator() throws Exception {
+	public void parseSqlStatementWithPostgresContainedOperator() {
 		String expectedSql = "select 'first name' from artists where info->'stat'->'albums' = ?? ? and '[\"1\",\"2\",\"3\"]'::jsonb ?? '4'";
 		String sql = "select 'first name' from artists where info->'stat'->'albums' = ?? :album and '[\"1\",\"2\",\"3\"]'::jsonb ?? '4'";
 		ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
@@ -190,7 +190,7 @@ public class NamedParameterUtilsTests {
 	}
 
 	@Test  // SPR-15382
-	public void parseSqlStatementWithPostgresAnyArrayStringsExistsOperator() throws Exception {
+	public void parseSqlStatementWithPostgresAnyArrayStringsExistsOperator() {
 		String expectedSql = "select '[\"3\", \"11\"]'::jsonb ?| '{1,3,11,12,17}'::text[]";
 		String sql = "select '[\"3\", \"11\"]'::jsonb ?| '{1,3,11,12,17}'::text[]";
 
@@ -200,7 +200,7 @@ public class NamedParameterUtilsTests {
 	}
 
 	@Test  // SPR-15382
-	public void parseSqlStatementWithPostgresAllArrayStringsExistsOperator() throws Exception {
+	public void parseSqlStatementWithPostgresAllArrayStringsExistsOperator() {
 		String expectedSql = "select '[\"3\", \"11\"]'::jsonb ?& '{1,3,11,12,17}'::text[] AND ? = 'Back in Black'";
 		String sql = "select '[\"3\", \"11\"]'::jsonb ?& '{1,3,11,12,17}'::text[] AND :album = 'Back in Black'";
 
@@ -210,7 +210,7 @@ public class NamedParameterUtilsTests {
 	}
 
 	@Test  // SPR-7476
-	public void parseSqlStatementWithEscapedColon() throws Exception {
+	public void parseSqlStatementWithEscapedColon() {
 		String expectedSql = "select '0\\:0' as a, foo from bar where baz < DATE(? 23:59:59) and baz = ?";
 		String sql = "select '0\\:0' as a, foo from bar where baz < DATE(:p1 23\\:59\\:59) and baz = :p2";
 
@@ -223,7 +223,7 @@ public class NamedParameterUtilsTests {
 	}
 
 	@Test  // SPR-7476
-	public void parseSqlStatementWithBracketDelimitedParameterNames() throws Exception {
+	public void parseSqlStatementWithBracketDelimitedParameterNames() {
 		String expectedSql = "select foo from bar where baz = b??z";
 		String sql = "select foo from bar where baz = b:{p1}:{p2}z";
 
@@ -236,7 +236,7 @@ public class NamedParameterUtilsTests {
 	}
 
 	@Test  // SPR-7476
-	public void parseSqlStatementWithEmptyBracketsOrBracketsInQuotes() throws Exception {
+	public void parseSqlStatementWithEmptyBracketsOrBracketsInQuotes() {
 		String expectedSql = "select foo from bar where baz = b:{}z";
 		String sql = "select foo from bar where baz = b:{}z";
 		ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
@@ -257,7 +257,7 @@ public class NamedParameterUtilsTests {
 	public void parseSqlStatementWithSingleLetterInBrackets() {
 		String expectedSql = "select foo from bar where baz = b?z";
 		String sql = "select foo from bar where baz = b:{p}z";
-		
+
 		ParsedSql parsedSql = NamedParameterUtils.parseSqlStatement(sql);
 		assertEquals(1, parsedSql.getParameterNames().size());
 		assertEquals("p", parsedSql.getParameterNames().get(0));
@@ -273,14 +273,14 @@ public class NamedParameterUtilsTests {
 	}
 
 	@Test  // SPR-2544
-	public void substituteNamedParametersWithLogicalAnd() throws Exception {
+	public void substituteNamedParametersWithLogicalAnd() {
 		String expectedSql = "xxx & yyyy";
 		String newSql = NamedParameterUtils.substituteNamedParameters(expectedSql, new MapSqlParameterSource());
 		assertEquals(expectedSql, newSql);
 	}
 
 	@Test  // SPR-3173
-	public void variableAssignmentOperator() throws Exception {
+	public void variableAssignmentOperator() {
 		String expectedSql = "x := 1";
 		String newSql = NamedParameterUtils.substituteNamedParameters(expectedSql, new MapSqlParameterSource());
 		assertEquals(expectedSql, newSql);

spring-tx/src/main/java/org/springframework/transaction/jta/JtaTransactionManager.java

@@ -709,7 +709,7 @@ public class JtaTransactionManager extends AbstractPlatformTransactionManager
 	 * @see #FALLBACK_TRANSACTION_MANAGER_NAMES
 	 */
 	@Nullable
-	protected TransactionManager findTransactionManager(UserTransaction ut) {
+	protected TransactionManager findTransactionManager(@Nullable UserTransaction ut) {
 		if (ut instanceof TransactionManager) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("JTA UserTransaction object [" + ut + "] implements TransactionManager");
@@ -864,7 +864,7 @@ public class JtaTransactionManager extends AbstractPlatformTransactionManager
 	 * <p>Calls {@code applyIsolationLevel} and {@code applyTimeout}
 	 * before invoking the UserTransaction's {@code begin} method.
 	 * @param txObject the JtaTransactionObject containing the UserTransaction
-	 * @param definition TransactionDefinition instance, describing propagation
+	 * @param definition the TransactionDefinition instance, describing propagation
 	 * behavior, isolation level, read-only flag, timeout, and transaction name
 	 * @throws NotSupportedException if thrown by JTA methods
 	 * @throws SystemException if thrown by JTA methods
@@ -1139,7 +1139,7 @@ public class JtaTransactionManager extends AbstractPlatformTransactionManager
 	 * If none of the two is available, a warning will be logged.
 	 * <p>Can be overridden in subclasses, for specific JTA implementations.
 	 * @param txObject the current transaction object
-	 * @param synchronizations List of TransactionSynchronization objects
+	 * @param synchronizations a List of TransactionSynchronization objects
 	 * @throws RollbackException if thrown by JTA methods
 	 * @throws SystemException if thrown by JTA methods
 	 * @see #getTransactionManager()

spring-webflux/src/main/java/org/springframework/web/reactive/function/server/PathResourceLookupFunction.java

@@ -113,11 +113,8 @@ class PathResourceLookupFunction implements Function<ServerRequest, Mono<Resourc
 				return true;
 			}
 		}
-		if (path.contains("")) {
-			path = StringUtils.cleanPath(path);
-			if (path.contains("../")) {
-				return true;
-			}
+		if (path.contains("..") && StringUtils.cleanPath(path).contains("../")) {
+			return true;
 		}
 		return false;
 	}

spring-webflux/src/main/java/org/springframework/web/reactive/resource/ResourceWebHandler.java

@@ -83,12 +83,12 @@ import org.springframework.web.server.WebHandler;
  */
 public class ResourceWebHandler implements WebHandler, InitializingBean {
 
-	/** Set of supported HTTP methods */
 	private static final Set<HttpMethod> SUPPORTED_METHODS = EnumSet.of(HttpMethod.GET, HttpMethod.HEAD);
 
 	private static final ResponseStatusException NOT_FOUND_EXCEPTION =
 			new ResponseStatusException(HttpStatus.NOT_FOUND);
 
+
 	private static final Log logger = LogFactory.getLog(ResourceWebHandler.class);
 
 	private final List<Resource> locations = new ArrayList<>(4);
@@ -212,7 +212,6 @@ public class ResourceWebHandler implements WebHandler, InitializingBean {
 			this.resourceHttpMessageWriter = new ResourceHttpMessageWriter();
 		}
 
-
 		// Initialize immutable resolver and transformer chains
 		this.resolverChain = new DefaultResourceResolverChain(this.resourceResolvers);
 		this.transformerChain = new DefaultResourceTransformerChain(this.resolverChain, this.resourceTransformers);
@@ -343,8 +342,8 @@ public class ResourceWebHandler implements WebHandler, InitializingBean {
 			return Mono.empty();
 		}
 
-		Assert.notNull(this.resolverChain, "ResourceResolverChain not initialized.");
-		Assert.notNull(this.transformerChain, "ResourceTransformerChain not initialized.");
+		Assert.state(this.resolverChain != null, "ResourceResolverChain not initialized");
+		Assert.state(this.transformerChain != null, "ResourceTransformerChain not initialized");
 
 		return this.resolverChain.resolveResource(exchange, path, getLocations())
 				.flatMap(resource -> this.transformerChain.transform(exchange, resource));
@@ -374,7 +373,7 @@ public class ResourceWebHandler implements WebHandler, InitializingBean {
 		for (int i = 0; i < path.length(); i++) {
 			char curr = path.charAt(i);
 			try {
-				if ((curr == '/') && (prev == '/')) {
+				if (curr == '/' && prev == '/') {
 					if (sb == null) {
 						sb = new StringBuilder(path.substring(0, i));
 					}
@@ -388,7 +387,7 @@ public class ResourceWebHandler implements WebHandler, InitializingBean {
 				prev = curr;
 			}
 		}
-		return sb != null ? sb.toString() : path;
+		return (sb != null ? sb.toString() : path);
 	}
 
 	private String cleanLeadingSlash(String path) {
@@ -401,7 +400,7 @@ public class ResourceWebHandler implements WebHandler, InitializingBean {
 				if (i == 0 || (i == 1 && slash)) {
 					return path;
 				}
-				path = slash ? "/" + path.substring(i) : path.substring(i);
+				path = (slash ? "/" + path.substring(i) : path.substring(i));
 				if (logger.isTraceEnabled()) {
 					logger.trace("Path after trimming leading '/' and control characters: " + path);
 				}
@@ -457,7 +456,7 @@ public class ResourceWebHandler implements WebHandler, InitializingBean {
 		}
 		if (path.contains("WEB-INF") || path.contains("META-INF")) {
 			if (logger.isTraceEnabled()) {
-				logger.trace("Path contains \"WEB-INF\" or \"META-INF\".");
+				logger.trace("Path with \"WEB-INF\" or \"META-INF\": [" + path + "]");
 			}
 			return true;
 		}
@@ -465,19 +464,16 @@ public class ResourceWebHandler implements WebHandler, InitializingBean {
 			String relativePath = (path.charAt(0) == '/' ? path.substring(1) : path);
 			if (ResourceUtils.isUrl(relativePath) || relativePath.startsWith("url:")) {
 				if (logger.isTraceEnabled()) {
-					logger.trace("Path represents URL or has \"url:\" prefix.");
+					logger.trace("Path represents URL or has \"url:\" prefix: [" + path + "]");
 				}
 				return true;
 			}
 		}
-		if (path.contains("..")) {
-			path = StringUtils.cleanPath(path);
-			if (path.contains("../")) {
-				if (logger.isTraceEnabled()) {
-					logger.trace("Path contains \"../\" after call to StringUtils#cleanPath.");
-				}
-				return true;
+		if (path.contains("..") && StringUtils.cleanPath(path).contains("../")) {
+			if (logger.isTraceEnabled()) {
+				logger.trace("Path contains \"../\" after call to StringUtils#cleanPath: [" + path + "]");
 			}
+			return true;
 		}
 		return false;
 	}

spring-webmvc/src/main/java/org/springframework/web/servlet/resource/ResourceHttpRequestHandler.java

@@ -641,22 +641,25 @@ public class ResourceHttpRequestHandler extends WebContentGenerator
 	 */
 	protected boolean isInvalidPath(String path) {
 		if (path.contains("WEB-INF") || path.contains("META-INF")) {
-			logger.trace("Path contains \"WEB-INF\" or \"META-INF\".");
+			if (logger.isTraceEnabled()) {
+				logger.trace("Path with \"WEB-INF\" or \"META-INF\": [" + path + "]");
+			}
 			return true;
 		}
 		if (path.contains(":/")) {
 			String relativePath = (path.charAt(0) == '/' ? path.substring(1) : path);
 			if (ResourceUtils.isUrl(relativePath) || relativePath.startsWith("url:")) {
-				logger.trace("Path represents URL or has \"url:\" prefix.");
+				if (logger.isTraceEnabled()) {
+					logger.trace("Path represents URL or has \"url:\" prefix: [" + path + "]");
+				}
 				return true;
 			}
 		}
-		if (path.contains("..")) {
-			path = StringUtils.cleanPath(path);
-			if (path.contains("../")) {
-				logger.trace("Path contains \"../\" after call to StringUtils#cleanPath.");
-				return true;
+		if (path.contains("..") && StringUtils.cleanPath(path).contains("../")) {
+			if (logger.isTraceEnabled()) {
+				logger.trace("Invalid Path contains \"../\" after call to StringUtils#cleanPath: [" + path + "]");
 			}
+			return true;
 		}
 		return false;
 	}

spring-websocket/src/main/java/org/springframework/web/socket/messaging/StompSubProtocolHandler.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -155,7 +155,7 @@ public class StompSubProtocolHandler implements SubProtocolHandler, ApplicationE
 	}
 
 	/**
-	 * Configure a {@link StompEncoder} for encoding STOMP frames
+	 * Configure a {@link StompEncoder} for encoding STOMP frames.
 	 * @since 4.3.5
 	 */
 	public void setEncoder(StompEncoder encoder) {
@@ -163,7 +163,7 @@ public class StompSubProtocolHandler implements SubProtocolHandler, ApplicationE
 	}
 
 	/**
-	 * Configure a {@link StompDecoder} for decoding STOMP frames
+	 * Configure a {@link StompDecoder} for decoding STOMP frames.
 	 * @since 4.3.5
 	 */
 	public void setDecoder(StompDecoder decoder) {
@@ -415,7 +415,7 @@ public class StompSubProtocolHandler implements SubProtocolHandler, ApplicationE
 		else if (StompCommand.CONNECTED.equals(command)) {
 			this.stats.incrementConnectedCount();
 			accessor = afterStompSessionConnected(message, accessor, session);
-			if (this.eventPublisher != null && StompCommand.CONNECTED.equals(command)) {
+			if (this.eventPublisher != null) {
 				try {
 					SimpAttributes simpAttributes = new SimpAttributes(session.getId(), session.getAttributes());
 					SimpAttributesContextHolder.setAttributes(simpAttributes);