Spring 4 WebSockect over STOMP authentication

I am developing a multiplayer game based on Spring 4 WebSocket. my server is stateless, so I use tokens to identify players.

after ever wrestling how to identify players via WebSockets, I came up with this solution: the following is logged on the client player:

var sockjs = new SockJS("http://mygame/games/", null, {server : token});

      

        
        
        
      

    

this adds the token to the url, i have set up the filter with spring security:

String requestURI = request.getRequestURI();
String[] parts = StringUtils.split(requestURI, "/");
if (parts.length == 4) {
    String token = parts[1];
   List<GrantedAuthority> authorities = new ArrayList<>();
   authorities.add(new SimpleGrantedAuthority(Role.ROLE_MULTIPLAYER)));
   SecurityContextHolder.getContext().setAuthentication(new PreAuthenticatedAuthenticationToken(token, "MULTIPLAYER", authorities));
}

      

        
        
        
      

    

and it works! in all WebSockets requests I have a Principal set.

However, some browsers don't seem to support this, in Safari , for example, the Principal is not installed, when debugging the request, I see that the URL is correct and the filter is working, but the Principal is not installed, The same goes for IE, Chrome and FF. I am using STOMP ( https://github.com/jmesnil/stomp-websocket ) as messege protocol.

Why is there different behavior between browsers? is it a Spring or client issue?