Menu
I have implemented WebSocket in Spring. Everything worked fine, but recently I decided to implement Spring Security.
My MessageBroker looks like :
@Configuration
@EnableWebSocketMessageBroker
@Component("messageBroker")
public class MessageBroker implements WebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry stompEndpointRegistry) {
stompEndpointRegistry.addEndpoint("/graphs").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry messageBrokerRegistry) {
}
@Override
public void configureClientInboundChannel(ChannelRegistration channelRegistration) {
}
@Override
public void configureClientOutboundChannel(ChannelRegistration channelRegistration) {
}
@Override
public boolean configureMessageConverters(List<MessageConverter> messageConverters) {
messageConverters.add(new MappingJackson2MessageConverter());
return false;
}
}
And my JS client looks liks this :
var socket = new SockJS('/server/graphs');
var client = Stomp.over(socket);
client.connect({}, function (frame) {
client.subscribe("/data", function (message) {
console.log('GET MESSAGE :' + message.body);
var test = JSON.parse(message.body);
var point = [ (new Date()).getTime(), parseInt(25) ];
var shift = randomData.data.length > 60;
randomData.addPoint(point, true, shift);
});
});
Spring Security Config :
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config='true' use-expressions="true" disable-url-rewriting="true">
<security:intercept-url pattern="/login/**" access="isAnonymous()"/>
<security:intercept-url pattern="/index/**" access="isAuthenticated()" />
<security:intercept-url pattern="/volumegraph/**" access="isAuthenticated()" />
<security:intercept-url pattern="/graphs/**" access="permitAll()" />
<security:intercept-url pattern="/graphs/**/**" access="permitAll()" />
<security:form-login login-page="/" login-processing-url="/" authentication-failure-url="/" always-use-default-target="true"/>
<security:csrf/>
<security:logout logout-success-url="/login"/>
<security:headers>
<security:frame-options></security:frame-options>
</security:headers>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="password" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
After subscribing via my JS client I receive :
Opening Web Socket...
sockjs.js:1213 WebSocket connection to 'ws://localhost:8080/server/graphs/651/kyzdihld/websocket' failed: Error during WebSocket handshake: Unexpected response code: 404
sockjs.js:807 POST http://localhost:8080/server/graphs/651/zx7zdre7/xhr_streaming 403 (Forbidden)AbstractXHRObject._start @ sockjs.js:807(anonymous function) @ sockjs.js:834
sockjs.js:807 POST http://localhost:8080/server/graphs/651/o6eg5ikc/xhr 403 (Forbidden)AbstractXHRObject._start @ sockjs.js:807(anonymous function) @ sockjs.js:834
stomp.js:122 Whoops! Lost connection to undefined
So I decided to add this code in Security Config :
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:websocket-message-broker>
<!--<security:intercept-message pattern="/graphs/**" access="permitAll()"/>-->
<security:intercept-message pattern="/**" access="permitAll()"/>
<security:intercept-message type="SUBSCRIBE" access="permitAll()"/>
<security:intercept-message type="CONNECT" access="permitAll()"/>
</security:websocket-message-broker>
</beans>
but after that I receive this kind of error :
NoSuchBeanDefinitionException: No bean named 'springSecurityMessagePathMatcher' is defined
I do not know how define such bean, so I created this below class :
@Configuration
public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
messages.simpDestMatchers("/graphs/*").permitAll();
messages.simpDestMatchers("/**").permitAll();
}
}
But during compilation I receive this kind of error :
java: cannot access org.springframework.beans.factory.SmartInitializingSingleton
class file for org.springframework.beans.factory.SmartInitializingSingleton not found
and I really do not know how to fix this :( I must to add that I am using Spring Core 4.0.1.RELEASE and Spring Messaging 4.0.1.RELEASE. All libs related with Spring Security is in version 4.0.1.RELEASE.
418
In order to get this to work you have to modify your <security:websocket-message-broker > by adding some id to it, <security:websocket-message-broker id="interceptor"> and link it to the definition of your websocket Inbound channels.
<websocket:message-broker application-destination-prefix="/app" user-destination-prefix="/user" >
<websocket:stomp-endpoint path="/websocketEndPoint" >
<websocket:handshake-handler ref="astalavista" />
<websocket:simple-broker prefix="/topic , /queue" />
<websocket:client-inbound-channel >
<websocket:interceptors>
<!--This will reference your interceptor that you have defined in you security XML-->
<ref bean="interceptor"/>
</websocket:interceptors>
</websocket:client-inbound-channel>
</websocket:message-broker>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
