tutorial manager example and spring spring-security stomp spring-websocket spring-messaging

spring - manager - Seguridad de Primavera con WebSockets-Prohibido 403



spring security order (1)

Para que esto funcione, debe modificar su <security:websocket-message-broker > agregándole un ID , <security:websocket-message-broker id="interceptor"> y vincularlo a la definición de su websocket de canales entrantes.

<websocket:message-broker application-destination-prefix="/app" user-destination-prefix="/user" > <websocket:stomp-endpoint path="/websocketEndPoint" > <websocket:handshake-handler ref="astalavista" /> <websocket:simple-broker prefix="/topic , /queue" /> <websocket:client-inbound-channel > <websocket:interceptors> <!--This will reference your interceptor that you have defined in you security XML--> <ref bean="interceptor"/> </websocket:interceptors> </websocket:client-inbound-channel> </websocket:message-broker>

He implementado WebSocket en Spring. Todo funcionó bien, pero recientemente decidí implementar Spring Security.

Mi MessageBroker se parece a:

@Configuration @EnableWebSocketMessageBroker @Component("messageBroker") public class MessageBroker implements WebSocketMessageBrokerConfigurer { @Override public void registerStompEndpoints(StompEndpointRegistry stompEndpointRegistry) { stompEndpointRegistry.addEndpoint("/graphs").withSockJS(); } @Override public void configureMessageBroker(MessageBrokerRegistry messageBrokerRegistry) { } @Override public void configureClientInboundChannel(ChannelRegistration channelRegistration) { } @Override public void configureClientOutboundChannel(ChannelRegistration channelRegistration) { } @Override public boolean configureMessageConverters(List<MessageConverter> messageConverters) { messageConverters.add(new MappingJackson2MessageConverter()); return false; } }

Y mi cliente JS se parece a esto:

var socket = new SockJS(''/server/graphs''); var client = Stomp.over(socket); client.connect({}, function (frame) { client.subscribe("/data", function (message) { console.log(''GET MESSAGE :'' + message.body); var test = JSON.parse(message.body); var point = [ (new Date()).getTime(), parseInt(25) ]; var shift = randomData.data.length > 60; randomData.addPoint(point, true, shift); }); });

Configuración de seguridad de primavera:

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <security:http auto-config=''true'' use-expressions="true" disable-url-rewriting="true"> <security:intercept-url pattern="/login/**" access="isAnonymous()"/> <security:intercept-url pattern="/index/**" access="isAuthenticated()" /> <security:intercept-url pattern="/volumegraph/**" access="isAuthenticated()" /> <security:intercept-url pattern="/graphs/**" access="permitAll()" /> <security:intercept-url pattern="/graphs/**/**" access="permitAll()" /> <security:form-login login-page="/" login-processing-url="/" authentication-failure-url="/" always-use-default-target="true"/> <security:csrf/> <security:logout logout-success-url="/login"/> <security:headers> <security:frame-options></security:frame-options> </security:headers> </security:http> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="user" password="password" authorities="ROLE_USER"/> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans>

Después de suscribirme a través de mi cliente JS recibo:

Opening Web Socket... sockjs.js:1213 WebSocket connection to ''ws://localhost:8080/server/graphs/651/kyzdihld/websocket'' failed: Error during WebSocket handshake: Unexpected response code: 404 sockjs.js:807 POST http://localhost:8080/server/graphs/651/zx7zdre7/xhr_streaming 403 (Forbidden)AbstractXHRObject._start @ sockjs.js:807(anonymous function) @ sockjs.js:834 sockjs.js:807 POST http://localhost:8080/server/graphs/651/o6eg5ikc/xhr 403 (Forbidden)AbstractXHRObject._start @ sockjs.js:807(anonymous function) @ sockjs.js:834 stomp.js:122 Whoops! Lost connection to undefined

Así que decidí agregar este código en la configuración de seguridad:

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <security:websocket-message-broker> <!--<security:intercept-message pattern="/graphs/**" access="permitAll()"/>--> <security:intercept-message pattern="/**" access="permitAll()"/> <security:intercept-message type="SUBSCRIBE" access="permitAll()"/> <security:intercept-message type="CONNECT" access="permitAll()"/> </security:websocket-message-broker> </beans>

Pero después de eso recibo este tipo de error:

NoSuchBeanDefinitionException: No bean named ''springSecurityMessagePathMatcher'' is defined

No sé cómo definir tal bean, así que creé esto debajo de la clase:

@Configuration public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer { protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages.simpDestMatchers("/graphs/*").permitAll(); messages.simpDestMatchers("/**").permitAll(); } }

Pero durante la compilación recibo este tipo de error:

java: cannot access org.springframework.beans.factory.SmartInitializingSingleton class file for org.springframework.beans.factory.SmartInitializingSingleton not found

y realmente no sé cómo solucionarlo :( Debo agregar que estoy usando Spring Core 4.0.1.RELEASE y Spring Messaging 4.0.1.RELEASE. Todas las librerías relacionadas con Spring Security están en la versión 4.0.1.RELEASE .