javascript - Using SockJS with Spring, with Websocket disabled -
i need help, have using websocket client "disabled websocket"
no problems while try use without oauth2 authentication or enabled websocket, in trouble when try disabled ws && oauth2auth.
var accesstoken = oauth.getaccesstoken(); var socket = new sockjs("/ws?access_token=" + accesstoken); self.stompclient = stomp.over(socket); self.stompclient.connect({}, function (frame) { console.log("connecteded");... ws/info?access_token=.. goes well
ws/1234/abc/xhr_streaming?access_token=.. goes too
ws/1234/abc/xhr_send?access_token=.. throws 404 not found error(this 1 goes when don't add access_token in url, but, ofc, i'm not authorized, cause i'm not identified, using others services)
this spring configuration
resourceserverconfig
@configuration @enableresourceserver @enableglobalmethodsecurity(prepostenabled = true, proxytargetclass = true) public class oauth2resourceserverconfig extends resourceserverconfigureradapter { @override public void configure(httpsecurity http) throws exception { http .authorizerequests() // resources .antmatchers("/favicon.png", "/favicon.ico", "/css/**", "/js/**", "/libs/**", "/templates/**", "/fonts/**", "/sounds/**", "/docs/**", "/ws/**").permitall() // pages .antmatchers("/", "/admin").permitall() // public apis .antmatchers(httpmethod.get, "/api/**").permitall() .antmatchers(httpmethod.post, "/api/v1/users/search/emailexists").permitall() .antmatchers(httpmethod.post, "/api/v1/users/search/nicknameexists").permitall() .antmatchers(httpmethod.post, "/api/v1/users/passwordreset/request/**").permitall() .antmatchers(httpmethod.post, "/api/v1/users/passwordreset/reset").permitall() .antmatchers(httpmethod.post, "/api/v1/users").permitall() .antmatchers(httpmethod.post, "/api/v1/analytics/pageviews").permitall() // else .anyrequest().authenticated(); } } websocketmessagebroker
@configuration @enablescheduling @enablewebsocketmessagebroker public class websocketconfig extends abstractwebsocketmessagebrokerconfigurer { @override public void configuremessagebroker(messagebrokerregistry registry) { registry.enablesimplebroker("/notifications"); registry.setapplicationdestinationprefixes("/app"); } @override public void registerstompendpoints(stompendpointregistry stompendpointregistry) { stompendpointregistry.addendpoint("/ws") .setallowedorigins("*") .withsockjs() .setsessioncookieneeded(false); } } mvcconfig
@configuration public class mvcconfiguration extends webmvcconfigureradapter { @bean public requestparamsresolver requestparamsresolver() { return new requestparamsresolver(); } @override public void addargumentresolvers(list<handlermethodargumentresolver> argumentresolvers) { argumentresolvers.add(requestparamsresolver()); super.addargumentresolvers(argumentresolvers); } @override public void configurepathmatch(pathmatchconfigurer configurer) { configurer.setuseregisteredsuffixpatternmatch(true); } and websocketsecurity
@configuration @order(ordered.highest_precedence) public class websocketsecurityconfig extends abstractsecuritywebsocketmessagebrokerconfigurer { @override protected void configureinbound(messagesecuritymetadatasourceregistry messages) { messages .simptypematchers(simpmessagetype.connect, simpmessagetype.heartbeat, simpmessagetype.unsubscribe, simpmessagetype.disconnect).permitall() .simpdestmatchers("/user/**").authenticated() .simpdestmatchers("/app/**").authenticated() // catch .anymessage().denyall(); } @override protected boolean sameorigindisabled() { //disable csrf websockets now... return true; } }
Comments
Post a Comment