Websocket in Spring Boot app - Getting 403 Forbidden
I can connect to the websocket from client using sockjs/stompjs when I run this in eclipse (no spring boot).
But when I create a Spring boot jar(gradlew build) for the websocket code and run the java -jar websocket-code.jar I get a 403 error connecting to the websocket.
I have no authentication for the websockets. I have a CORS filters and think have all headers right in request/response.
Below is my build.gradle
apply plugin: 'java'
apply plugin: 'spring-boot'
apply plugin: 'war'
sourceCompatibility = 1.7
version = '1.0'
repositories {
mavenCentral()
}
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:1.2.5.RELEASE")
}
}
configurations {
compile.exclude module: "spring-boot-starter-tomcat"
}
dependencies {
compile "org.springframework:spring-web:$spring_version"
compile "org.springframework:spring-webmvc:$spring_version"
compile "org.springframework:spring-websocket:$spring_version"
compile "org.springframework:spring-messaging:$spring_version"
compile "org.springframework.boot:spring-boot-starter-websocket"
compile "org.springframework.boot:spring-boot-starter-web"
compile "com.fasterxml.jackson.core:jackson-databind:2.6.2"
compile "com.fasterxml.jackson.core:jackson-core:2.6.2"
compile "com.fasterxml.jackson.core:jackson-annotations:2.6.2"
compile "org.springframework.amqp:spring-rabbit:1.3.5.RELEASE"
compile("org.springframework:spring-tx")
compile("org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE")
compile("org.springframework.boot:spring-boot-starter-jetty:1.2.6.RELEASE")
testCompile group: 'junit', name: 'junit', version: '4.11'
testCompile "org.springframework:spring-test:$spring_version"
}
task wrapper(type: Wrapper) {
gradleVersion = '2.5'
}
Update:
Added a CORS filter with response.setHeader("Access-Control-Allow-Origin", "http://localhost:8089");
In firebug on Client side
Request Headers
Origin
http://localhost:8089
Response Headers
Access-Control-Allow-Origin
http://localhost:8089
Server Logs
2015-10-02 16:57:31.372 DEBUG 1848 --- [qtp374030679-14] o.s.w.s.s.t.h.DefaultSockJsService : Request rejected, Origin header value http://localhost:8089 not allowed
Origin I am requesting from is in the Allow-origin list. Still getting Request Rejected message in the logs.
I had a similar issue and fixed it in the WebSocketConfig by setting the allowed origins to "*".
@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
// the endpoint for websocket connections
registry.addEndpoint("/stomp").setAllowedOrigins("*").withSockJS();
}
// remaining config not shown as not relevant
}
Difference between my 2 environment was the version of jars.
spring-boot-starter-websocket-1.2.5.RELEASE.jar
spring-websocket-4.1.7.RELEASE.jar
Because of the spring-boot-starter-websocket dependency while packaging it was picking up spring-websocket-4.1.7.RELEASE inspite of the spring_version being spring_version=4.0.6.RELEASE.
Modified the dependency in build.gradle that fixed the problem.
compile "org.springframework.boot:spring-boot-starter-websocket:1.1.0.RELEASE"
I think in latest version of spring-websocket jar the class StompWebSocketEndpointRegistration has setAllowedOrigins method that has to be used.Have not tried this.
But CORS filter with
response.setHeader("Access-Control-Allow-Origin", "http://localhost:8089");
is working with older version.
try to add
registry.addEndpoint("/your-end-point").setAllowedOrigins("*").withSockJS();
"your-end-point" is registered by @SendTo in controller I guess
来源:https://stackoverflow.com/questions/32874421/websocket-in-spring-boot-app-getting-403-forbidden