服务端使用的是,spring boot socket 服务,
认证服务 spring security.
客户端是 stompjs.
服务端配置:
@Configuration @EnableWebSocketMessageBroker @Order(1) public class WebSocketConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer { @Override public void registerStompEndpoints(StompEndpointRegistry registry) { registry.addEndpoint("/socket").setAllowedOrigins("*").withSockJS(); } @Override public void configureMessageBroker(MessageBrokerRegistry config) { config.setApplicationDestinationPrefixes("/app"); config.enableSimpleBroker("/topic"); } @Override public void customizeClientInboundChannel(ChannelRegistration registration) { registration.interceptors(new ChannelInterceptor() { @Override public Message<?> preSend(Message<?> message, MessageChannel channel) { StompHeaderAccessor accessor = MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class); if (StompCommand.CONNECT.equals(accessor.getCommand())) { List sessions = accessor.getNativeHeader("x-auth-token"); System.out.println(sessions.get(0)); // Authentication user = ...; // access authentication header(s) //accessor.setUser(user); } return message; } }); } @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages.nullDestMatcher().authenticated(); } @Override protected boolean sameOriginDisabled() { return true; } }
"x-auth-token" 这个header 是客户端 认证的tokenId.
https://stackoverflow.com/questions/30887788/json-web-token-jwt-with-spring-based-sockjs-stomp-web-socket
参考这个,得知跨域要自己去判断认证.
现在问题来了,客户端传过来的是认证sessionid,不是用户,密码,我怎么拿到 Authentication 呢?
感谢大神们无私帮助,谢谢
@Autowired FindByIndexNameSessionRepository sessionRepository;
SecurityContext securityContext = sessionRepository.findById(sessions.get(0).toString()) .getAttribute("SPRING_SECURITY_CONTEXT"); Authentication user = securityContext.getAuthentication(); // access authentication header(s) accessor.setUser(user);
自己解决了
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。