Ara*_*yan 19 grails spring-security websocket atmosphere
我有一个带有spring-security-core插件和Atmosphere框架的Grails应用程序.
如果我从已打开WebSocket连接的页面注销,则Spring Security会将WebSocket连接的URL保留为SavedRequest.
DEBUG savedrequest.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/formx/formX/update]
DEBUG savedrequest.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/formx/formX/notifications/?X-Atmosphere-Transport=close&X-Atmosphere-tracking-id=b5d8fde4-d950-41fd-9b49-02e06799a36f&conversationId=988080042]
日志中的第一个条目具有SavedRequest的正确值,但不知何故它被Atmosphere WebSocket连接覆盖.
如何告诉Spring Security不要将Atmosphere WebSocket连接用作SavedRequest?
我想我可以使用一些Atmosphere Protocol Specific Header来区分连接.
在 Java 配置中,您可以设置 RequestMatcher - 然后就很容易了。
在 WebSecurityConfigurerAdapter 中:
protected void configure(HttpSecurity http) {
HttpSessionRequestCache cache = new HttpSessionRequestCache(); //this one is used by default
cache.setRequestMatcher(AnyRequestMatcher.INSTANCE); //change the request matcher, so it do not match your Atmosphere requests
http.requestCache().requestCache(cache);
}
| 归档时间: |
|
| 查看次数: |
858 次 |
| 最近记录: |