Spring RSocket over WebSocket - 從 HTTP Z21D6F40CFB511982A95424E0E27 訪問用戶信息
[英]Spring RSocket over WebSocket - Access user information from HTTP session
問題描述
在我的 web 應用程序中,用戶使用用戶名/密碼組合登錄並獲得 session cookie。 在發起 WebSocket 連接時,我可以輕松訪問WebSocketHandler中的用戶信息,例如:
@Component
public class MyWebSocketHandler implements WebSocketHandler {
@Override
public Mono<Void> handle(WebSocketSession session) {
// two ways to access security context information, either like this:
Mono<Principal> principal = session.getHandshakeInfo().getPrincipal();
// or like this
Mono<SecurityContext> context = ReactiveSecurityContextHolder.getContext();
//...
return Mono.empty();
}
}
Both reuse the HTTP session from the WebSocket handshake, I don't have to send additional authentication over the WebSocket itself. 對於 STOMP,同樣的事情也適用:我可以重用 HTTP session 的信息。
如何使用 RSocket 實現相同的目標? 例如,我如何在這樣的 MessageMapping 方法中獲取有關用戶的信息?:
@Controller
public class RSocketController {
@MessageMapping("test-stream")
public Flux<String> streamTest(RSocketRequester requester) {
// this mono completes empty, no security context available :(
Mono<SecurityContext> context = ReactiveSecurityContextHolder.getContext();
return Flux.empty();
}
}
I found many resources how to setup authentication with RSocket, but they all rely on an additional authentication after the WebSocket connection is established, but I specifically want to reuse the web session and don't want to send additional tokens over the websocket.
1 個解決方案
解決方案1
0 2022-01-24 20:06:57
您是否嘗試過以下操作? 我在文檔中找到它:2.2 Secure Your RSocket Methods(可能需要向下滾動一點) https://spring.io/blog/2020/06/17/getting-started-with-rsocket-spring-security
@PreAuthorize("hasRole('USER')") // (1)
@MessageMapping("fire-and-forget")
public Mono<Void> fireAndForget(final Message request, @AuthenticationPrincipal UserDetails user) { // (2)
log.info("Received fire-and-forget request: {}", request);
log.info("Fire-And-Forget initiated by '{}' in the role '{}'", user.getUsername(), user.getAuthorities());
return Mono.empty();
}
有沒有辦法讓反應性 Stream 在 Spring 上使用 Rsocket、Websocket 或 Z9D45D5D43DE68FDC05BB93
[英]Is there a way to keep an Reactive Stream open forever on Spring Reactive using Rsocket, Websocket or Http?
遷移現有的 Spring Websocket 處理程序以使用 rsocket
[英]Migrating existing Spring Websocket handler to use rsocket
春+的WebSocket + STOMP。 給特定會話的消息(非用戶)
[英]Spring+WebSocket+STOMP. Message to specific session (NOT user)
通過spring websocket,sockJs和STOMP向經過身份驗證的用戶發送通知
[英]Send notification to authenticated user over spring websocket, sockJs and STOMP
如何在Spring 4 STOMP over WebSocket配置中回復未經身份驗證的用戶?
[英]How to reply to unauthenticated user in Spring 4 STOMP over WebSocket configuration?
Spring Websocket-從Websocket服務器外部向用戶目標發送消息
[英]Spring websocket - send messages to user destinations from outside the websocket server
Spring Integraton RSocket 和 Spring RSocket 交互問題
[英]Spring Integraton RSocket and Spring RSocket interaction issues
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
從 Spring 上的當前 session 獲取用戶信息?
有沒有辦法讓反應性 Stream 在 Spring 上使用 Rsocket、Websocket 或 Z9D45D5D43DE68FDC05BB93
遷移現有的 Spring Websocket 處理程序以使用 rsocket
Spring RSocket 安全性 JWT 訪問被拒絕錯誤
春+的WebSocket + STOMP。 給特定會話的消息(非用戶)
彈簧websocket在stomp
通過spring websocket,sockJs和STOMP向經過身份驗證的用戶發送通知
如何在Spring 4 STOMP over WebSocket配置中回復未經身份驗證的用戶?
Spring Websocket-從Websocket服務器外部向用戶目標發送消息
Spring Integraton RSocket 和 Spring RSocket 交互問題
相關標簽