Menu
I am using Spring Boot 1.3.0.RELEASE. My code is based on the Starting Guide for websocket in Spring Boot using Stomp and SocketJS.
When I run the Client from localhost:8080 (Spring Server)... Of course it works. Its not until I try to call it from a Different Port, that I get a 403 Forbidden. My CorsFilter is set below.
Getting Started Web Sockets With Spring Boot
I setup my CorsFilter to access my client...
package hello;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Component
public class CorsFilter implements Filter {
private final Logger log = LoggerFactory.getLogger(CorsFilter.class);
public CorsFilter() {
log.info("SimpleCORSFilter init");
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
String clientOrigin = request.getHeader("origin");
response.addHeader("Access-Control-Allow-Origin", clientOrigin);
response.setHeader("Access-Control-Allow-Methods", "POST, GET, DELETE, PUT");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers",
"Origin, Accept, X-Requested-With, Content-Type, " +
"Access-Control-Request-Method, Access-Control-Request-Headers");
if (request.getMethod().equals("OPTIONS")) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(request, response);
}
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Host:localhost:8080
Origin:http://localhost:3000
Referer:http://localhost:3000/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36
Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods:POST, GET, DELETE, PUT
Access-Control-Allow-Origin:http://localhost:3000
Access-Control-Max-Age:3600
Cache-Control:no-store, no-cache, must-revalidate, max-age=0
Content-Length:0
Date:Wed, 02 Dec 2015 13:59:25 GMT
Server:Apache-Coyote/1.1
253
An HTTP 403 response code means that a client is forbidden from accessing a valid URL. The server understands the request, but it can't fulfill the request because of client-side issues. The caller isn't authorized to access an API that's using an API Gateway Lambda authorizer.
WebSocket is a thin, lightweight layer above TCP. This makes it suitable for using “subprotocols” to embed messages. In this guide, we use STOMP messaging with Spring to create an interactive web application. STOMP is a subprotocol operating on top of the lower-level WebSocket.
Adding an answer in case anyone else comes across this question. As suggested in the comments, you need to use the setAllowedOrigins method as described in the docs. So assuming that this is the tutorial you are following, you would end up with a configuration class that looks like this:
@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
@Override
public void configureMessageBroker(MessageBrokerRegistry config) {
config.enableSimpleBroker("/your/topic");
config.setApplicationDestinationPrefixes("/yourapp");
}
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/your/endpoint").setAllowedOrigins("http://localhost:3000").withSockJS();
}
}
That would allow a stomp client running on localhost:3000 to subscribe to the /your/endpoint.
57
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
