Spring WebSocket返回一個無日誌403

Question

從我的Spring WebSocket中返回一個403，儘管我不知道爲什麼，Spring Security目前不在類路徑中。

注意：我開始寫這個問題，然後打開完整的Spring Boot調試，這是它發出的最後3行日誌。

2015-08-23 14:38:30.263 DEBUG 32271 --- [nio-8080-exec-1] o.s.b.a.e.mvc.EndpointHandlerMapping  : Looking up handler method for path /socket/info 
2015-08-23 14:38:30.270 DEBUG 32271 --- [nio-8080-exec-1] o.s.b.a.e.mvc.EndpointHandlerMapping  : Did not find handler method for [/socket/info] 
2015-08-23 14:39:08.791 INFO 32271 --- [eBrokerSockJS-1] o.s.w.s.c.WebSocketMessageBrokerStats : WebSocketSession[0 current WS(0)-HttpStream(0)-HttpPoll(0), 0 total, 0 closed abnormally (0 connect failure, 0 send limit, 0 transport error)], stompSubProtocol[processed CONNECT(0)-CONNECTED(0)-DISCONNECT(0)], stompBrokerRelay[null], inboundChannel[pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0], outboundChannelpool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0], sockJsScheduler[pool size = 1, active threads = 1, queued tasks = 0, completed tasks = 0] 

這裏的響應頭

HTTP/1.1 403 Forbidden 
Server: Apache-Coyote/1.1 
Access-Control-Allow-Origin: http://localhost:3000 
Access-Control-Allow-: POST, GET, PUT, OPTIONS, DELETE 
Access-Control-Allow-Headers: content-type, x-auth-token, x-requested-with 
Access-Control-Expose-Headers: Location 
Access-Control-Allow-Credentials: true 
Access-Control-Max-Age: 3600 
X-Application-Context: application 
Cache-Control: no-store, no-cache, must-revalidate, max-age=0 
Content-Length: 0 
Date: Sun, 23 Aug 2015 18:01:10 GMT 

這裏的請求

GET /socket/info?t=1440352870279 HTTP/1.1 
Host: localhost:8080 
Connection: keep-alive 
Pragma: no-cache 
Cache-Control: no-cache 
Origin: http://localhost:3000 
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36 
Accept: */* 
DNT: 1 
Referer: http://localhost:3000/ 
Accept-Encoding: gzip, deflate, sdch 
Accept-Language: en-US,en;q=0.8 
Cookie: NXSESSIONID=174bf31b-e199-44e3-bae8-f5f44ad6ee90 

，這裏是我的WebSocket配置

@Configuration 
@EnableWebSocketMessageBroker 
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer { 

@Override 
public void configureMessageBroker(final MessageBrokerRegistry config) { 
    config.enableSimpleBroker("/topic"); 
    config.setApplicationDestinationPrefixes("/app"); 
} 

@Override 
public void registerStompEndpoints(final StompEndpointRegistry registry) { 
    registry.addEndpoint("/socket").withSockJS(); 
} 

} 

訪問http://localhost:8080顯示「W歡迎來到SockJS！「所以我相信這是行得通的。 StompJS在403之後發出Whoops! Lost connection to http://localhost:8080/socket。

這裏是我的javascript。

var SockJS = require('sockjs-client'); 
var sock = new SockJS('http://localhost:8080/socket'); 
var Stomp = require('stompjs'); 
var stompClient = Stomp.over(sock); 
stompClient.connect({}, function(frame) { 
    console.log('Connected: ' + frame); 
    stompClient.subscribe('/topic/stations/create', function() { 
     console.log('subscribed'); 
    }); 
}); 

蹬地射向Opening Web Socket...，但從未達到連接

我缺少什麼？我究竟做錯了什麼？

Answer 1

顯然有第二個允許來源，我需要允許，專門爲websockets。我在我的application.properties中有一個allowOrigin，然後在我的配置中使用了setter注入，因爲構造函數注入在這個bean類型上不起作用。然後，我只需要撥打setAllowedOrigins(...)，然後致電withSockJs。

@Configuration 
@EnableWebSocketMessageBroker 
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer { 

private URI allowOrigin; 

@Inject // constructor injection not working in this class, use setter injection instead 
public void setAllowOrigin( @Value("${allowOrigin}") final URI allowOrigin) { 
    this.allowOrigin = Objects.requireNonNull(allowOrigin); 
} 

@Override 
public void configureMessageBroker(final MessageBrokerRegistry config) { 
    config.enableSimpleBroker("/topic"); 
    config.setApplicationDestinationPrefixes("/app"); 
} 

@Override 
public void registerStompEndpoints(final StompEndpointRegistry registry) { 
    registry.addEndpoint("/socket") 
      .setAllowedOrigins(allowOrigin.toString()) 
      .withSockJS(); 
} 

}