I need help, I have to use Websocket with a client with a "disabled website"
There is no problem while I try to use it without Oauth2 authentication or with websocket enabled, I have problems when I try to do this with ws && oauth2auth disabled.
var accessToken = oauth.getAccessToken();
var socket = new SockJS("/ws?access_token=" + accessToken);
self.stompClient = Stomp.over(socket);
self.stompClient.connect({}, function (frame)
{
console.log("Connecteded");...
ws/info?access_token=.. it goes well
ws/1234/abc/xhr_streaming?access_token=.. also fits well
ws/1234/abc/xhr_send?access_token=.. gives a 404 error not found (this is good when I do not add access_token in the URL, but, from under, I did not log in, because I am not identified to use other services)
This is my Spring configuration
ResourceServerConfig
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
public class OAuth2ResourceServerConfig extends ResourceServerConfigurerAdapter
{
@Override
public void configure(HttpSecurity http) throws Exception
{
http
.authorizeRequests()
.antMatchers("/favicon.png", "/favicon.ico", "/css/**", "/js/**", "/libs/**", "/templates/**", "/fonts/**", "/sounds/**", "/docs/**", "/ws/**").permitAll()
.antMatchers("/", "/admin").permitAll()
.antMatchers(HttpMethod.GET, "/api/**").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/users/search/emailExists").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/users/search/nicknameExists").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/users/passwordreset/request/**").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/users/passwordreset/reset").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/users").permitAll()
.antMatchers(HttpMethod.POST, "/api/v1/analytics/pageviews").permitAll()
.anyRequest().authenticated();
}
}
websocketmessageBroker
@Configuration
@EnableScheduling
@EnableWebSocketMessageBroker
public class WebsocketConfig extends AbstractWebSocketMessageBrokerConfigurer
{
@Override
public void configureMessageBroker(MessageBrokerRegistry registry)
{
registry.enableSimpleBroker("/notifications");
registry.setApplicationDestinationPrefixes("/app");
}
@Override
public void registerStompEndpoints(StompEndpointRegistry stompEndpointRegistry)
{
stompEndpointRegistry.addEndpoint("/ws")
.setAllowedOrigins("*")
.withSockJS()
.setSessionCookieNeeded(false);
}
}
Mvcconfig
@Configuration
public class MvcConfiguration extends WebMvcConfigurerAdapter
{
@Bean
public RequestParamsResolver requestParamsResolver()
{
return new RequestParamsResolver();
}
@Override
public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers)
{
argumentResolvers.add(requestParamsResolver());
super.addArgumentResolvers(argumentResolvers);
}
@Override
public void configurePathMatch(PathMatchConfigurer configurer)
{
configurer.setUseRegisteredSuffixPatternMatch(true);
}
and websocketSecurity
@Configuration
@Order(Ordered.HIGHEST_PRECEDENCE)
public class WebsocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
@Override
protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
messages
.simpTypeMatchers(SimpMessageType.CONNECT, SimpMessageType.HEARTBEAT, SimpMessageType.UNSUBSCRIBE, SimpMessageType.DISCONNECT).permitAll()
.simpDestMatchers("/user/**").authenticated()
.simpDestMatchers("/app/**").authenticated()
.anyMessage().denyAll();
}
@Override
protected boolean sameOriginDisabled() {
return true;
}
}