Spring WebSocket Connecting with SockJS to a different domain

Question

WebSockets in Spring is a rather new topic that I;m tiring to find a bit more.

My problem is with connecting to a service from a different domain, I'm working on with Lineman building the front-end side and Spring Boot when doing the back-end side, with that I have these apps on two different ports : 8000 and 8080 on localhost.

I had issues with the 'Access-Control-Allow-Origin' header but I have resolved it by adding a filter on the server side which added the allowed origin to the header. After this I started to get the following error on connection:

GET http://localhost:8080/socket/info 403 (Forbidden) AbstractXHRObject._start @ sockjs-0.3.4.js:807 (anonymous function) @sockjs-0.3.4.js:841 

I don't have Spring Security in the project so this is not an authorization issue, the error points to sockJS : that.xhr.send(payload); - where payload is never defined.I tried but couldn't find the root of the call where is may began.

I was thinking if I need to add some additional information to either SockJS and Stomp when setting the connection, but there is not much of examples and notes in both wiki pages of this tools.

Bellow you will find the connection JS code.

var socket = new SockJS("http://localhost:8080/socket"); client = Stomp.over(socket);  client.connect({'login': BoatsGame.userName,                     'passcode': 'guest'},             function (frame) { ....  The Server Side has a MessageBroker configured :       @Configuration @EnableWebSocketMessageBroker public class MessageBrokerConfig extends AbstractWebSocketMessageBrokerConfigurer {  @Bean public ServletServerContainerFactoryBean createWebSocketContainer() {      ServletServerContainerFactoryBean container = new ServletServerContainerFactoryBean();      container.setMaxTextMessageBufferSize(8192);      container.setMaxBinaryMessageBufferSize(8192);      return container; }  @Override public void configureMessageBroker(MessageBrokerRegistry config) {      //config.enableStompBrokerRelay("/queue", "/topic");      config.enableSimpleBroker("/queue", "/topic","/user");      config.setApplicationDestinationPrefixes("/BoatBattleGame"); }  @Override public void registerStompEndpoints(StompEndpointRegistry stompEndpointRegistry) {     stompEndpointRegistry.addEndpoint("/socket").withSockJS(); } } 

I Also tried setting up a MessageHandler as it has the option to set OriginAllowe when configuring, but I'm not sure how it is connected to the broker.

Last think, this setup works correctly when running on one port.

Answer 1

Jax's anwesr was correct :)

The registerStompEndpoints method gives us the opportunity to set the Allowed Origins. We need to add it before the "withSockJs()" option.

    @Override     public void registerStompEndpoints(StompEndpointRegistry stompEndpointRegistry) {         stompEndpointRegistry.addEndpoint("/BO/socket").setAllowedOrigins("*").withSockJS();     } 

Answer 2

To anyone getting to this ticket because of the 403 Forbidden answer when trying to connect through a SockJsClient to a different domain:

The problem arises when trying to make a GET to the /info Url, as part of the handshaking. The response actually returns a 200 via WGET as well as via browser. Only through SockJsClient it doesn't work.

After trying different solutions, the only one that really fixed the issue is to write a class that implements Transport and InfoReceiver. In this way the developer can directly handle this part of the handshake. Basically you make the work in the executeInfoRequest() method:

@Override public String executeInfoRequest(URI infoUrl, HttpHeaders headers) {     HttpGet getRequest = new HttpGet(infoUrl); // eventually add headers here     HttpClient client = HttpClients.createDefault();      try {         HttpResponse response = client.execute(getRequest);         List<String> responseOutput = IOUtils.readLines(response.getEntity().getContent());          return responseOutput.get(0);     } catch (IOException ioe) {         ...     } } 

I defined TransportType.XHR as transport type.