Spring 4 WebSockect over STOMP authentication
I am developing a multiplayer game based on Spring 4 WebSocket. my server is stateless, so I use tokens to identify players.
after ever wrestling how to identify players via WebSockets, I came up with this solution: the following is logged on the client player:
var sockjs = new SockJS("http://mygame/games/", null, {server : token});
this adds the token to the url, i have set up the filter with spring security:
String requestURI = request.getRequestURI();
String[] parts = StringUtils.split(requestURI, "/");
if (parts.length == 4) {
String token = parts[1];
List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority(Role.ROLE_MULTIPLAYER)));
SecurityContextHolder.getContext().setAuthentication(new PreAuthenticatedAuthenticationToken(token, "MULTIPLAYER", authorities));
}
and it works! in all WebSockets requests I have a Principal set.
However, some browsers don't seem to support this, in Safari , for example, the Principal is not installed, when debugging the request, I see that the URL is correct and the filter is working, but the Principal is not installed, The same goes for IE, Chrome and FF. I am using STOMP ( https://github.com/jmesnil/stomp-websocket ) as messege protocol.
Why is there different behavior between browsers? is it a Spring or client issue?
source to share
No one has answered this question yet
See similar questions:
or similar: