在Spring中使用STOMP和WebSocket向特定用户发送消息时检查身份验证 [英] Check auth while sending a message to a specific user by using STOMP and WebSocket in Spring
问题描述
我正在使用 Message Broker 和 STOMP 在 WebSocket .
我希望能够根据其用户名向特定用户发送消息.
为了实现此目标,我使用了org.springframework.messaging.simp.SimpMessagingTemplate
类的convertAndSendToUser
方法,如下所示:
I would like to be able to send messages to a specific user, according with his username.
In order to achieve this goal, I'm using the convertAndSendToUser
method of org.springframework.messaging.simp.SimpMessagingTemplate
class, as follows:
private final MessagingTemplate messagingTemplate;
@Autowired
public LRTStatusListener(SimpMessagingTemplate messagingTemplate) {
this.messagingTemplate = messagingTemplate;
}
@Scheduled(fixedDelay=5000)
public void sendMessages(Principal principal)
messagingTemplate
.convertAndSendToUser(principal.getName(), "/horray", "Horray, " + principal.getName() + "!");
}
作为配置:
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/notifications").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/topic", "/queue", "/user");
}
}
在客户端(通过 JavaScript ),我应该通过指定用户名来订阅频道(根据另一个非常相似的问题:
Client-side (via JavaScript), I should subscribe to a channel by specifing the username (according with another very similar question: Sending message to specific user on Spring Websocket).
stompClient.subscribe('/user/' + username + '/horray, ...)
这最后一点听起来很奇怪...
This last point sounds weird...
假设我通过以下方式在我的Web应用程序上以 w.white 身份登录:
Supposing that I'm logged as w.white on my webapp, by subscribing:
stompClient.subscribe('/user/w.white/horray, ...)
...我将能够看到发送到 w.white 的消息,这真棒...但是订阅:
... I will be able to see messages sent to w.white, and this is awesome... But subscribing:
stompClient.subscribe('/user/j.pinkman/horray, ...)
......我也将看到发送给 j.pinkman 的消息,尽管我目前以 w.white 身份登录.
... I will be able to see also messages sent to j.pinkman, despide that I'm currently logged as w.white.
这是解决这个问题的方法吗?
It is a way to overcome this problem?
下面是有关通过WebSocket进行连接的日志:
Below there is the log about the connection over WebSocket:
Opening Web Socket...
Web Socket Opened...
>>> CONNECT
accept-version:1.1,1.0
heart-beat:10000,10000
<<< CONNECTED
user-name:w.white
heart-beat:0,0
version:1.1
connected to server undefined
Connected: CONNECTED
version:1.1
heart-beat:0,0
user-name:w.white
>>> SUBSCRIBE
id:sub-0
destination:/topic/lrt
>>> SUBSCRIBE
id:sub-1
destination:/user/lrt
推荐答案
我找到了解决方案.
首先,重要的是要知道/user
频道已经由 Spring STOMP 管理,而且,不需要注册.
First of all, it is important to know that the /user
channel is already managed by Spring STOMP, and by the way, no registration is required.
所以:
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.enableSimpleBroker("/topic", "/queue");
}
然后,我将目标频道设置为/queue/horray
:
Then, I setup the destination channel as /queue/horray
:
@Scheduled(fixedDelay=5000)
public void sendMessages(Principal principal)
messagingTemplate
.convertAndSendToUser(principal.getName(), "/queue/horray", "Horray, " + principal.getName() + "!");
}
最后,在客户端上:
stompClient.subscribe('/user/queue/horray', '...');
现在,它可以正常工作!根据安全上下文获取的Principal
,消息仅发送到指定的收件人.
Now, it works fine! Messages are sent only to the specified recipient, according to the Principal
fetched by the security context.
这篇关于在Spring中使用STOMP和WebSocket向特定用户发送消息时检查身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!