go to  ForumEasy.com   
JavaPro
Home » Archive » Message


[Email To Friend][View in Live Context][prev topic « prev post | next post » next topic]
  WebSocket Security
 
Subject: WebSocket Security
Author: WebSpider
In response to: Example -- JS Client
Posted on: 07/12/2020 05:39:39 AM

Once your messaging system is on, you definitely have to regulate as to:

  • who can connect to STOMP ?
  • who can send message to /channel as publisher?
  • who can receive message from /topic as subscriber ?

    This is the place where WebSocket Security come into play.

    Prerequisite: 
    	<dependency>
    		<groupId>org.springframework.security</groupId>
    		<artifactId>spring-security-messaging</artifactId>
	</dependency>


    Config: 
    @Configuration
public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {

	// Messages with destination: MESSAGE, SUBSCRIBE
	// Messages w/o  destination: CONNECT, DISCONNECT, UNSUBSCRIBE
	// nullDestMatcher() -- CONNECT, DISCONNECT, UNSUBSCRIBE
	
    @Override
    protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
        messages
        
	    // ######## connect #################
            .nullDestMatcher()
	        .authenticated()  // CONNECT, DISCONNECT, UNSUBSCRIBE needs authenticated
        
	    // ######## send #################
            .simpDestMatchers("/channel/**")
	        .hasRole("USER")  // any sessage SENT to "/channel/" will require ROLE_USER
        
	    // ######## receive #################
	    .simpSubscribeDestMatchers("/topic/**", "/queue/*")
                .hasRole("ADMIN") // any message SUBCRIBED for "/topic/ or /queue/" will require ROLE_ADMIN
	    .anyMessage().denyAll();
    }
    
    @Override
    protected boolean sameOriginDisabled() {
        return true;
    }    
}


     

    > On 07/11/2020 01:01:42 AM WebSpider wrote:
    Connect & Subscribe

    function connect() {
    // 'websocket' -- naming context
    // 'api' -- servlet context
    // 'stomp' -- STOMP endpoint
    var socket = new SockJS('/websocket/api/stomp'); 
    stompClient = Stomp.over(socket);
    stompClient.connect({}, function(frame) {
        stompClient.subscribe('/topic/messages', 
            function(messageOutput) { // JS Object <-- Java OutputMessage
                showMessageOutput(JSON.parse(messageOutput.body)); // JS String --> JS Object
            }
        );
   });
}



    Publish
    function sendMessage() {
    stompClient.send('/channel/chat', 
        {}, // header
	JSON.stringify({...}) // JS Object --> JS String
    );
}





    References:

    		•  


     
    Powered by ForumEasy © 2002-2022, All Rights Reserved. | Privacy Policy | Terms of Use
     
    Get your own forum today. It's easy and free.