我试图根据https://github.com/spring-projects/spring-framework/blob/master/src/docs/asciidoc/web/web-websocket.adoc#token-based-authentication实现基于令牌的身份验证。SockJS/STOMP Web Socket的Spring Security“基于令牌的身份验证”
我对我的HTTP请求使用基本身份验证,所以Spring在成功身份验证后返回x-auth令牌。我将此令牌添加到STOMP CONNECT命令。
@Configuration
@EnableWebSocketMessageBroker
public class MyConfig extends AbstractWebSocketMessageBrokerConfigurer {
@Override
public void configureClientInboundChannel(ChannelRegistration registration) {
registration.setInterceptors(new ChannelInterceptorAdapter() {
@Override
public Message<?> preSend(Message<?> message, MessageChannel channel) {
StompHeaderAccessor accessor =
MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
if (StompCommand.CONNECT.equals(accessor.getCommand())) {
String authToken = accessor.getFirstNativeHeader("X-Auth-Token");
log.debug("webSocket token is {}", authToken);
Principal user = ... ; // access authentication header(s)
accessor.setUser(user);
}
return message;
}
});
}
}
但是,我完全失去了我将在“Principal user = ...;”上做的事情。我如何用令牌获得原则?任何人都可以点亮一下吗?
可能在[Spring中的Websocket身份验证和授权]的副本(https://stackoverflow.com/questions/45405332/websocket-authentication-and-authorization-in-spring) –