未在WebStomp.connect上调用带有Spring Security ChannelInterceptor.presend函数的Spring WebSocket

aiazj4mn 于 2023-01-17 发布在 Spring

关注(0)|答案(2)|浏览(120)

我正在使用Spring Boot 2.1.8并尝试实现具有OAuth2安全性的websocket微服务。我已尝试查看Stackoverflow上的其他类似问题。我的ChannelInterceptor有问题。presend在ws Connect上未激发。我希望能够在查询参数中从OAuth2 JWT授权用户。
我正在使用wscat测试我的服务，命令如下

$ wscat -c ws://177.15.32.34:8080/collaboration?access_token=xxx.yyy.zzz

它将连接良好，并且在websocket关闭之前永远不会调用ChannelInterceptor.presend，然后捕获WebStomp.DISCONNECT消息。
代码如下。我感谢任何见解或方向提供。
x一个一个一个一个一个x一个一个二个一个x一个一个三个一个x一个x一个x一个x一个x一个x一个

spring-boot

来源：https://stackoverflow.com/questions/60532803/spring-websockets-with-spring-security-channelinterceptor-presend-function-not-b

2条答案

按热度按时间

xfyts7mz1#

我仍然无法让ChannelInterceptor正确工作来验证websocket。我最终做的是重用BearerTokenAuthenticationFilter，但将其配置为将令牌作为查询参数处理。在我的WebsecurityConfigurerAdapter中，我创建了以下bean，然后将它们插入安全过滤器链中，如下所示。

@EnableWebSecurity
@Configuration
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {

  @Bean
  public JwtDecoder jwtDecoder() {
    NimbusJwtDecoderJwkSupport jwtDecoder =
        (NimbusJwtDecoderJwkSupport) JwtDecoders.fromOidcIssuerLocation(issuerUri);

    return jwtDecoder;
  }

  @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
  public AuthenticationManager myAuthenticationManager() {
    //copied from OAuth2ResourceServerSecurityConfiguration
    JwtAuthenticationProvider authenticationProvider = new JwtAuthenticationProvider(jwtDecoder());
    authenticationProvider.setJwtAuthenticationConverter(new JwtAuthenticationConverter());
    return authenticationProvider::authenticate;
  }

  @Bean("DefaultBearerTokenResolver")
  public DefaultBearerTokenResolver getDefaultBearerTokenResolver() {
    DefaultBearerTokenResolver defaultBearerTokenResolver = new DefaultBearerTokenResolver();
    defaultBearerTokenResolver.setAllowUriQueryParameter(true);
    return defaultBearerTokenResolver;
  }

  @Bean("BearerTokenAuthenticationFilter")
  public BearerTokenAuthenticationFilter getBearerTokenAuthFilter() {
    AuthenticationManager authenticationManager = myAuthenticationManager();
    BearerTokenAuthenticationFilter filter = new BearerTokenAuthenticationFilter(authenticationManager);
    filter.setBearerTokenResolver(getDefaultBearerTokenResolver());

    AuthenticationEntryPoint authenticationEntryPoint = new BearerTokenAuthenticationEntryPoint();
    filter.setAuthenticationEntryPoint(authenticationEntryPoint);

    return filter;
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {

    http
            .anonymous().disable()
            .logout().disable()
            .csrf().disable()
            .formLogin().disable()
            .addFilterAfter(getBearerTokenAuthFilter()
                    , SecurityContextHolderAwareRequestFilter.class )
            .authorizeRequests()
        .anyRequest()
        .authenticated();
  }

}

赞(0）回复(0）举报 2023-01-17

s8vozzvw2#

我的问题是我从

import org.apache.logging.log4j.core.config.Order;

代替

import org.springframework.core.annotation.Order;

哈哈

赞(0）回复(0）举报 2023-01-17

我来回答

未在WebStomp.connect上调用带有Spring Security ChannelInterceptor.presend函数的Spring WebSocket

2条答案

相关问题

热门标签

最新问答