在Spring中为WebSockets启用跨源请求

Question

在Spring中为WebSockets启用跨源请求

use*_*637 10 spring-mvc spring-security websocket spring-boot spring-websocket

我有一个OpenShift Wildfly服务器.我正在用Spring MVC框架构建一个网站.我的一个网页也使用WebSocket连接.在服务器端,我使用了@ServerEndpoint注释和javax.websocket.*库来创建我的websocket:

package com.myapp.spring.web.controller;
import java.io.IOException;

import javax.websocket.OnClose;
import javax.websocket.OnError;
import javax.websocket.OnMessage;
import javax.websocket.OnOpen;
import javax.websocket.Session;
import javax.websocket.server.ServerEndpoint;

import org.springframework.web.socket.server.standard.SpringConfigurator;


@ServerEndpoint(value="/serverendpoint", configurator = SpringConfigurator.class)

public class serverendpoint {

    @OnOpen
    public void handleOpen () {
        System.out.println("JAVA: Client is now connected...");
    }

    @OnMessage
    public String handleMessage (Session session, String message) throws IOException {

        if (message.equals("ping")) {
//            return "pong"
                session.getBasicRemote().sendText("pong");
        }
        else if (message.equals("close")) {
            handleClose();
            return null;
        }
        System.out.println("JAVA: Received from client: "+ message);
        MyClass mc = new MyClass(message);
        String res = mc.action();
        session.getBasicRemote().sendText(res);
        return res;
    }

    @OnClose
    public void handleClose() {
        System.out.println("JAVA: Client is now disconnected...");
    }

    @OnError
    public void handleError (Throwable t) {
        t.printStackTrace();
    }
}

Run Code Online (Sandbox Code Playgroud)

OpenShift提供了一个默认URL,因此我的所有网页(html文件)都具有公共(规范)主机名.为简单起见,我调用了这个URL URL A(projectname-domainname.rhclound.com).我创建了一个别名CNAME,URL A叫做URL B(比如说https://www.mywebsite.tech).URL B是安全的,因为它有https.

我正在使用JavaScript客户端连接到路径上的WebSocket /serverendpoint.我在html网页文件中使用的URI test.html如下:

var wsUri = "wss://" + "projectname-domainname.rhclound.com" + ":8443" + "/serverendpoint";

Run Code Online (Sandbox Code Playgroud)

当我打开URL A(projectname-domainname.rhclound.com/test)时,WebSocket连接并且一切正常.但是,当我尝试使用URL B(https://mywebsite.tech/test)连接到websocket时,JavaScript客户端会立即连接并断开连接.

以下是我收到的来自控制台的消息:

这是我连接到WebSocket的JavaScript代码:

/****** BEGIN WEBSOCKET ******/
            var connectedToWebSocket = false;
            var responseMessage = '';
            var webSocket = null;
            function initWS() {
                connectedToWebSocket = false;
                var wsUri = "wss://" + "projectname-domainname.rhcloud.com" + ":8443" + "/serverendpoint";
                webSocket = new WebSocket(wsUri); // Create a new instance of WebSocket using usUri
                webSocket.onopen = function(message) {
                    processOpen(message);
                };
                webSocket.onmessage = function(message) {
                    responseMessage = message.data;
                    if (responseMessage !== "pong") { // Ping-pong messages to keep a persistent connection between server and client
                        processResponse(responseMessage);
                    }
                    return false;
                };
                webSocket.onclose = function(message) {
                    processClose(message);
                };
                webSocket.onerror = function(message) {
                    processError(message);
                };
                console.log("Exiting initWS()");
            }

            initWS(); //Connect to websocket

            function processOpen(message) {
                connectedToWebSocket = true;
                console.log("JS: Server Connected..."+message);
            }

            function sendMessage(toServer) { // Send message to server
                if (toServer != "close") {
                    webSocket.send(toServer);
                } else {
                    webSocket.close();
                }
            }

            function processClose(message) {
                connectedToWebSocket = false;
                console.log("JS: Client disconnected..."+message);
            }

            function processError(message) { 
                userInfo("An error occurred. Please contact for assistance", true, true);
            }
            setInterval(function() {
                if (connectedToWebSocket) {
                    webSocket.send("ping");
                }
            }, 4000); // Send ping-pong message to server
/****** END WEBSOCKET ******/

Run Code Online (Sandbox Code Playgroud)

经过大量的调试和尝试各种事情之后,我得出结论,由于Spring Framework,这就出现了问题.这是因为在我介绍Spring Framework我的项目之前,URL B可以连接到WebSocket,但是在介绍Spring之后,它不能.
我在春天的网站上看到了WebSocket政策.我遇到了他们相同的源策略,该策略声明别名URL B无法连接到WebSocket,因为它与原来URL A的不同.为了解决这个问题,我使用文档中所述的WebSockets禁用了相同的源策略,因此我添加了以下代码.我认为这样做可以解决我的错误.这是我添加的内容:

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer;

@Configuration
public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {

    @Override
    protected boolean sameOriginDisabled() {
        return true;
    }

}

Run Code Online (Sandbox Code Playgroud)

然而,这并没有解决这个问题,所以我说下面的方法来我ApplicationConfig这extends WebMvcConfigurerAdapter:

@Override
public void addCorsMappings(CorsRegistry registry) {
    registry.addMapping("/**").allowedOrigins("https://www.mywebsite.com");
}

Run Code Online (Sandbox Code Playgroud)

这也没有用.然后我尝试了这个:

package com.myapp.spring.security.config;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
public class MyCorsFilter {

//  @Bean
//  public FilterRegistrationBean corsFilter() {
//      System.out.println("Filchain");
//      UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//      CorsConfiguration config = new CorsConfiguration();
//      config.setAllowCredentials(true);
//      config.addAllowedOrigin("https://www.mymt.tech");
//      config.addAllowedHeader("*");
//      config.addAllowedMethod("*");
//      source.registerCorsConfiguration("/**", config);
//      FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
//      bean.setOrder(0);
//      System.out.println("Filchain");
//      return bean;
//  }

     @Bean
     public CorsFilter corsFilter() {
         System.out.println("Filchain");
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         CorsConfiguration config = new CorsConfiguration();
         config.setAllowCredentials(true); // you USUALLY want this
         config.addAllowedOrigin("*");
         config.addAllowedHeader("*");
         config.addAllowedMethod("*");
         config.addAllowedMethod("*");
         source.registerCorsConfiguration("/**", config);
         System.out.println("Filchain");
         return new CorsFilter(source);
     }

}

Run Code Online (Sandbox Code Playgroud)

这也行不通.

我甚var wsURI至将JS代码更改为以下内容: var wsUri = "wss://" + "www.mywebsite.com" + ":8443" + "/serverendpoint"; 然后var wsUri = "wss://" + "mywebsite.com" + ":8443" + "/serverendpoint";

当我这样做时,谷歌Chrome给了我一个错误,说握手失败了.但是,当我有这个URL时var wsUri = "wss://" + "projectname-domianname.rhcloud.com" + ":8443" + "/serverendpoint";,我没有收到握手没有发生的错误,但是我收到一条消息,表明连接立即打开和关闭(如上所示).

那么我该如何解决这个问题呢？

Answer 1

k9y*_*osh 2

您是否尝试过实现WebMvcConfigurer并重写该方法addCorsMappings()？如果没有尝试这个并看看。

@EnableWebMvc
@Configuration
@ComponentScan
public class WebConfig implements WebMvcConfigurer {

    @Override
    public void addCorsMappings(CorsRegistry registry) {

        registry.addMapping("/**")
        .allowedOrigins("*")
        .allowedMethods("GET", "POST")
        .allowedHeaders("Origin", "Accept", "Content-Type", "Authorization")
        .allowCredentials(true)
        .maxAge(3600);

    }

}

Run Code Online (Sandbox Code Playgroud)

归档时间：	9 年前
查看次数：	2596 次
最近记录：	6 年前