basic authentication - How to authenticate WebSocket within an existing HTTP environment with Spring Security -


i have pretty simple requirement (i use spring-security 4.0.1) can't find examples on web except been told on page: http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-server-handler

it relatively simple integrate websockethandler other http serving environments of websockethttprequesthandler.

what have: implementation of websockethandler job , http serving environments using basic authentication. webapplicationinitializer looks this:

public class mywebappinitializer implements webapplicationinitializer {      @override     public void onstartup(servletcontext servletcontext) throws servletexception {         ...         // websocket support - handshake         dynamic ws = servletcontext.addservlet("websockethttprequesthandler", new httprequesthandlerservlet());         ws.addmapping("/streaming/*");          // spring security filter         filterregistration.dynamic springsecurity = servletcontext.addfilter("springsecurityfilterchain", new delegatingfilterproxy());         springsecurity.addmappingforurlpatterns(enumset.of(dispatchertype.request), true, "/*");     } } 

this how plugged websocket endpoint existing web application. websocket configuration class looks (very simplified) this:

@configuration public class websocketservicesconfig{     @bean     public websockethttprequesthandler websockethttprequesthandler() {         return new websockethttprequesthandler(new streamingwebsockethandler());     } } 

streamingwebsockethandler implements websockethandler.

i have restful web service (in same server) uses configured basic authentication.

what working: restful web service working web browsers. can authenticated queries (credentials can sent in http headers). websocket queries working , ask authentication first time try (under firefox, popup appears asking credentials, once enter them, client , server able communicate via websocket messages). in websockethandler, spring object: websocketsession contains informations authenticated user correct (#getprincipal() method returns authentication containing right granted authorities, details , on...). note once websocket authenticated, can relaunch query without re-enter them.

what want: on user point of view, bad because credentials required twice:

  1. first restful queries
  2. second websocket queries

how can bypass second authentication assuming first 1 succeeded? there way detect client has been authenticated , not ask credentials?

what don't want: don't want use neither stomp on websocket nor sockjs (i don't need support old web browsers).


Comments

Popular posts from this blog

twig - Using Twigbridge in a Laravel 5.1 Package -

jdbc - Not able to establish database connection in eclipse -

firemonkey - How do I make a beep sound in Android using Delphi and the API? -