服务端使用的是,spring boot socket 服务,
认证服务 spring security.
客户端是 stompjs.
服务端配置:
@Configuration
@EnableWebSocketMessageBroker
@Order(1)
public class WebSocketConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/socket").setAllowedOrigins("*").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry config) {
config.setApplicationDestinationPrefixes("/app");
config.enableSimpleBroker("/topic");
}
@Override
public void customizeClientInboundChannel(ChannelRegistration registration) {
registration.interceptors(new ChannelInterceptor() {
@Override
public Message<?> preSend(Message<?> message, MessageChannel channel) {
StompHeaderAccessor accessor =
MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
if (StompCommand.CONNECT.equals(accessor.getCommand())) {
List sessions = accessor.getNativeHeader("x-auth-token");
System.out.println(sessions.get(0));
// Authentication user = ...; // access authentication header(s)
//accessor.setUser(user);
}
return message;
}
});
}
@Override
protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
messages.nullDestMatcher().authenticated();
}
@Override
protected boolean sameOriginDisabled() {
return true;
}
}
"x-auth-token" 这个header 是客户端 认证的tokenId.
https://stackoverflow.com/questions/30887788/json-web-token-jwt-with-spring-based-sockjs-stomp-web-socket
参考这个,得知跨域要自己去判断认证.
现在问题来了,客户端传过来的是认证sessionid,不是用户,密码,我怎么拿到 Authentication 呢?
感谢大神们无私帮助,谢谢
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
@Autowired FindByIndexNameSessionRepository sessionRepository;
SecurityContext securityContext = sessionRepository.findById(sessions.get(0).toString())
.getAttribute("SPRING_SECURITY_CONTEXT");
Authentication user = securityContext.getAuthentication(); // access authentication header(s)
accessor.setUser(user);
自己解决了