如何通过WebSocket配置在Spring 4 STOMP中回复未经身份验证的用户? [英] How to reply to unauthenticated user in Spring 4 STOMP over WebSocket configuration?

问题描述

我正在尝试使用Spring 4 WebSocket STOMP应用程序.如果每个用户都具有唯一的会话ID，是否有一种方法可以答复未经身份验证的单个用户?现在，我只能广播消息或直接将消息发送给经过身份验证的用户.

I'm experimenting with Spring 4 WebSocket STOMP application. Is there a way to reply to a single unauthenticated user on condition that each user has unique session ID? Right now I can only either broadcast a message or send it directly to an authenticated user.

@Controller
public class ProductController {

    @MessageMapping("/products/{id}")
    @SendTo("/topic") // This line makes return value to be broadcasted to every connected user.
    public String getProduct(@DestinationVariable int id) {
        return "Product " + id;
    }
}

推荐答案

您可以为传入的用户分配匿名身份.有两种方法可以做到这一点.

You can assign an anonymous identity to incoming users. There are two ways to do it.

一个，您可以配置DefaultHandshakeHandler的子类，该子类重写determineUser并为每个WebSocketSession分配某种标识.顺便说一下，这需要4.0.1(当前可用的构建快照)，该版本将于2014年1月23日星期一发布.

One, you can configure a sub-class of DefaultHandshakeHandler that overrides determineUser and assigns some kind of identity to every WebSocketSession. This requires 4.0.1 by the way (currently build snapshots are available) that will be released on Monday Jan 23, 2014.

两个，WebSocket会话将返回握手HTTP请求上从HttpServletRequest.getUserPrincipal返回的值.您可能需要一个Servlet筛选器包装HttpServletRequest并确定从该方法返回什么.或者，如果您使用的是具有AnonymousAuthenticationFilter的Spring Security，请覆盖其createAuthentication方法.

Two, the WebSocket session will fall back on the value returned from HttpServletRequest.getUserPrincipal on the handshake HTTP request. You could have a servlet Filter wrap the HttpServletRequest and decide what to return from that method. Or if you're using Spring Security which has the AnonymousAuthenticationFilter, override its createAuthentication method.

这篇关于如何通过WebSocket配置在Spring 4 STOMP中回复未经身份验证的用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！