在使用sockjs和stomp的/ info请求期间没有cookie [英] No cookies during /info request using sockjs and stomp
问题描述
我正在尝试使用带有websockets的Spring Security。作为一个例子,我使用spring-websocket-chat( https://github.com/salmar/ spring-websocket-chat ) - 演讲应用程序深入探讨websockets。在该应用程序中,CookieHttpSessionStrategy用于存储会话ID,在身份验证期间存储cookie正在使用/ info请求发送。以下是演示通过sockjs连接服务器的代码(此请求发送cookie) https://github.com/salmar/spring-websocket-chat/blob/master/src/main/webapp/js/services.js 。我编写了自己的客户端,使用sockjs和stomp但是在/ info请求期间没有cookie发送。这是我的代码
I'm trying to use Spring Security with websockets. As an example I'm using spring-websocket-chat (https://github.com/salmar/spring-websocket-chat) — demo application from talk "Deep dive into websockets". In that application CookieHttpSessionStrategy uses for storing session id, stored during authentication cookie is sending with /info request. Here are code that demonstrates connecting to server via sockjs (this request sends cookies) https://github.com/salmar/spring-websocket-chat/blob/master/src/main/webapp/js/services.js. I wrote my own client that uses sockjs and stomp but there are no cookies sending during /info request. Here are my code
$connectButton.click(function () {
var serverHost = $host.val();
console.log("sockjs created");
stomp = Stomp.over(new SockJS(serverHost));
console.log("stomp over");
stomp.connect({},
function () {
console.log("connected");
},
function () {
console.log("error");
})
console.log("pressed");
});
推荐答案
据我所知,你无法将cookie传递给SockJS (特别是同源政策)。但是,使用最新的SockJS 1.0.3,您可以将查询参数作为连接URL的一部分传递。因此,您可以发送一些JWT令牌来授权会话。
As far as I know you cannot pass cookies to SockJS (especially with Same-origin policy). However with the latest SockJS 1.0.3 you can pass query parameters as a part of connection URL. Thus you can send some JWT token to authorize a session.
var socket = new SockJS('http://localhost/ws?token=AAA');
var stompClient = Stomp.over(socket);
stompClient.connect({}, function(frame) {
stompClient.subscribe('/topic/echo', function(data) {
// topic handler
});
}
}, function(err) {
// connection error
});
现在所有与websocket相关的请求都会有参数?token = AAA
Now all the requests related to websocket will have parameter "?token=AAA"
http:// localhost / ws / info?token = AAA& t = 1446482506843
http:// localhost / ws / 515 / z45wjz24 / websocket?token = AAA
然后使用Spring,您可以设置一些过滤器,使用提供的令牌识别会话。
Then with Spring you can setup some filter which will identify a session using provided token.
当UI和服务器的来源相同时,PS cookie会自动被选中。
PS cookies are picked up automatically when same origin for UI and server.
这篇关于在使用sockjs和stomp的/ info请求期间没有cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
