Sai*_*fer 5 javascript java spring websocket sockjs
我需要帮助,我要做的是将 Websocket 与“禁用 websocket”的客户端一起使用
当我尝试在没有 Oauth2 身份验证或启用 websocket 的情况下使用它时没有问题,当我尝试使用禁用的 ws && oauth2auth 来执行此操作时,我遇到了麻烦。
var accessToken = oauth.getAccessToken();
var socket = new SockJS("/ws?access_token=" + accessToken);
self.stompClient = Stomp.over(socket);
self.stompClient.connect({}, function (frame)
{
console.log("Connecteded");...
ws/info?access_token=..进展顺利
ws/1234/abc/xhr_streaming?access_token=..也进展顺利
ws/1234/abc/xhr_send?access_token=..抛出 404 未找到错误(当我不在 url 中添加 access_token 时,这个错误会顺利进行,但是,ofc,我没有被授权,因为我没有被识别,无法使用其他服务)
这是我的 Spring 配置
资源服务器配置
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter
{
@Override
public void configure(HttpSecurity http) throws Exception
{
http
.authorizeRequests()
// Resources
.antMatchers("/favicon.png", "/favicon.ico", "/css/**", "/js/**", "/libs/**", "/templates/**", "/fonts/**", "/sounds/**", "/docs/**", "/ws/**").permitAll()
// Pages
.antMatchers("/", "/admin").permitAll()
// Public APIs
.antMatchers(HttpMethod.GET, "/api/**").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/users/search/emailExists").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/users/search/nicknameExists").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/users/passwordreset/request/**").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/users/passwordreset/reset").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/users").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/analytics/pageviews").permitAll()
// Everything else
.anyRequest().authenticated();
}
}
websocket消息代理
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebsocketConfig extends AbstractWebSocketMessageBrokerConfigurer
{
@Override
public void configureMessageBroker(MessageBrokerRegistry registry)
{
registry.enableSimpleBroker("/notifications");
registry.setApplicationDestinationPrefixes("/app");
}
@Override
public void registerStompEndpoints(StompEndpointRegistry stompEndpointRegistry)
{
stompEndpointRegistry.addEndpoint("/ws")
.setAllowedOrigins("*")
.withSockJS()
.setSessionCookieNeeded(false);
}
}
Mvc配置
@Configuration
public class MvcConfiguration extends WebMvcConfigurerAdapter
{
@Bean
public RequestParamsResolver requestParamsResolver()
{
return new RequestParamsResolver();
}
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers)
{
argumentResolvers.add(requestParamsResolver());
super.addArgumentResolvers(argumentResolvers);
}
@Override
public void configurePathMatch(PathMatchConfigurer configurer)
{
configurer.setUseRegisteredSuffixPatternMatch(true);
}
和 websocket 安全
@Configuration
@Order(Ordered.HIGHEST_PRECEDENCE)
public class WebsocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
@Override
protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
messages
.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.HEARTBEAT, SimpMessageType.UNSUBSCRIBE, SimpMessageType.DISCONNECT).permitAll()
.simpDestMatchers("/user/**").authenticated()
.simpDestMatchers("/app/**").authenticated()
// catch all
.anyMessage().denyAll();
}
@Override
protected boolean sameOriginDisabled() {
//disable CSRF for websockets for now...
return true;
}
}
| 归档时间: |
|
| 查看次数: |
1117 次 |
| 最近记录: |