Spring Session Basic Auth token passed as query parameter in Spring-Websocket

生来就可爱ヽ(ⅴ<●) 提交于 2019-12-08 10:32:32

问题


Currently we have Rest app with Spring Boot, Spring Session (Redis) and Spring Security. We use basic auth. Now I would like to add websocket support.

  1. When client logs in successfully to other part of application, he gets x-auth-token. It is passed later as header, and it works.

  2. Then websocket client sends this token as query parameter to connect to service.

We would like to make Spring Security and Spring Session accept token through query param in websocket connection. Is there any parameter that I can set? Or do we need to write custom authentication provider. If so, how do we integrate with Spring Session?


回答1:


You can use queryString parameter for this, but I had the same issue, and my suggestion is to pass your token with headers at subscription time, or while sending messages from your JS client.

As you have a custom filter to handle your X-Auth-Token, Spring security doesn't support defining a custom-filter at websocket interceptors defined in Security.xml . All you need is to implement interceptor for inbound channel , and to handle token authentication through access of nativeHeader sent with messages at Presend method, through an injected instance of your token authentication service.



来源:https://stackoverflow.com/questions/30499043/spring-session-basic-auth-token-passed-as-query-parameter-in-spring-websocket

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!