Spring WebSocket返回一个无日志403

Question

从我的Spring WebSocket中返回一个403，尽管我不知道为什么，Spring Security目前不在类路径中。

注意：我开始写这个问题，然后打开完整的Spring Boot调试，这是它发出的最后3行日志。

2015-08-23 14:38:30.263 DEBUG 32271 --- [nio-8080-exec-1] o.s.b.a.e.mvc.EndpointHandlerMapping  : Looking up handler method for path /socket/info 
2015-08-23 14:38:30.270 DEBUG 32271 --- [nio-8080-exec-1] o.s.b.a.e.mvc.EndpointHandlerMapping  : Did not find handler method for [/socket/info] 
2015-08-23 14:39:08.791 INFO 32271 --- [eBrokerSockJS-1] o.s.w.s.c.WebSocketMessageBrokerStats : WebSocketSession[0 current WS(0)-HttpStream(0)-HttpPoll(0), 0 total, 0 closed abnormally (0 connect failure, 0 send limit, 0 transport error)], stompSubProtocol[processed CONNECT(0)-CONNECTED(0)-DISCONNECT(0)], stompBrokerRelay[null], inboundChannel[pool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0], outboundChannelpool size = 0, active threads = 0, queued tasks = 0, completed tasks = 0], sockJsScheduler[pool size = 1, active threads = 1, queued tasks = 0, completed tasks = 0] 

这里的响应头

HTTP/1.1 403 Forbidden 
Server: Apache-Coyote/1.1 
Access-Control-Allow-Origin: http://localhost:3000 
Access-Control-Allow-: POST, GET, PUT, OPTIONS, DELETE 
Access-Control-Allow-Headers: content-type, x-auth-token, x-requested-with 
Access-Control-Expose-Headers: Location 
Access-Control-Allow-Credentials: true 
Access-Control-Max-Age: 3600 
X-Application-Context: application 
Cache-Control: no-store, no-cache, must-revalidate, max-age=0 
Content-Length: 0 
Date: Sun, 23 Aug 2015 18:01:10 GMT 

这里的请求

GET /socket/info?t=1440352870279 HTTP/1.1 
Host: localhost:8080 
Connection: keep-alive 
Pragma: no-cache 
Cache-Control: no-cache 
Origin: http://localhost:3000 
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36 
Accept: */* 
DNT: 1 
Referer: http://localhost:3000/ 
Accept-Encoding: gzip, deflate, sdch 
Accept-Language: en-US,en;q=0.8 
Cookie: NXSESSIONID=174bf31b-e199-44e3-bae8-f5f44ad6ee90 

，这里是我的WebSocket配置

@Configuration 
@EnableWebSocketMessageBroker 
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer { 

@Override 
public void configureMessageBroker(final MessageBrokerRegistry config) { 
    config.enableSimpleBroker("/topic"); 
    config.setApplicationDestinationPrefixes("/app"); 
} 

@Override 
public void registerStompEndpoints(final StompEndpointRegistry registry) { 
    registry.addEndpoint("/socket").withSockJS(); 
} 

} 

访问http://localhost:8080显示“W欢迎来到SockJS！“所以我相信这是行得通的。 StompJS在403之后发出Whoops! Lost connection to http://localhost:8080/socket。

这里是我的javascript。

var SockJS = require('sockjs-client'); 
var sock = new SockJS('http://localhost:8080/socket'); 
var Stomp = require('stompjs'); 
var stompClient = Stomp.over(sock); 
stompClient.connect({}, function(frame) { 
    console.log('Connected: ' + frame); 
    stompClient.subscribe('/topic/stations/create', function() { 
     console.log('subscribed'); 
    }); 
}); 

蹬地射向Opening Web Socket...，但从未达到连接

我缺少什么？我究竟做错了什么？

Answer 1

显然有第二个允许来源，我需要允许，专门为websockets。我在我的application.properties中有一个allowOrigin，然后在我的配置中使用了setter注入，因为构造函数注入在这个bean类型上不起作用。然后，我只需要拨打setAllowedOrigins(...)，然后致电withSockJs。

@Configuration 
@EnableWebSocketMessageBroker 
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer { 

private URI allowOrigin; 

@Inject // constructor injection not working in this class, use setter injection instead 
public void setAllowOrigin( @Value("${allowOrigin}") final URI allowOrigin) { 
    this.allowOrigin = Objects.requireNonNull(allowOrigin); 
} 

@Override 
public void configureMessageBroker(final MessageBrokerRegistry config) { 
    config.enableSimpleBroker("/topic"); 
    config.setApplicationDestinationPrefixes("/app"); 
} 

@Override 
public void registerStompEndpoints(final StompEndpointRegistry registry) { 
    registry.addEndpoint("/socket") 
      .setAllowedOrigins(allowOrigin.toString()) 
      .withSockJS(); 
} 

}