我試圖根據https://github.com/spring-projects/spring-framework/blob/master/src/docs/asciidoc/web/web-websocket.adoc#token-based-authentication實現基於令牌的身份驗證。SockJS/STOMP Web Socket的Spring Security「基於令牌的身份驗證」
我對我的HTTP請求使用基本身份驗證,所以Spring在成功身份驗證後返回x-auth令牌。我將此令牌添加到STOMP CONNECT命令。
@Configuration
@EnableWebSocketMessageBroker
public class MyConfig extends AbstractWebSocketMessageBrokerConfigurer {
@Override
public void configureClientInboundChannel(ChannelRegistration registration) {
registration.setInterceptors(new ChannelInterceptorAdapter() {
@Override
public Message<?> preSend(Message<?> message, MessageChannel channel) {
StompHeaderAccessor accessor =
MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
if (StompCommand.CONNECT.equals(accessor.getCommand())) {
String authToken = accessor.getFirstNativeHeader("X-Auth-Token");
log.debug("webSocket token is {}", authToken);
Principal user = ... ; // access authentication header(s)
accessor.setUser(user);
}
return message;
}
});
}
}
但是,我完全失去了我將在「Principal user = ...;」上做的事情。我如何用令牌獲得原則?任何人都可以點亮一下嗎?
可能在[Spring中的Websocket身份驗證和授權]的副本(https://stackoverflow.com/questions/45405332/websocket-authentication-and-authorization-in-spring) –