如何为 spring websocket (JSR-356) 验证 Jetty websocket 客户端
How to authenticate Jetty websocket client for spring websocket (JSR-356)
我们在服务器端有 Spring websocket [STOMP 和 JSR] 和 Jetty websocket 客户端与服务器通信。当我们在登录时对用户进行身份验证时,身份验证在浏览器中工作正常,我们在浏览器端有 sockjs STOMP,但我们也需要在 Jetty websocket 客户端进行身份验证。
怎么做?
还有其他选择吗?
在 spring 身份验证配置中指定基本身份验证
<security:http auto-config="true" pattern="/websocket" use-expressions="true" entry-point-ref="ajaxAwareAuthenticationEntryPoint" disable-url-rewriting="false">
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:http-basic/>
</security:http>
Jetty websocket 客户端 SSL 配置以及用户身份验证
URI serverURI = new URI("wss://domain:port/websocket");
ClassLoader classLoader = getClass().getClassLoader();
URL url = classLoader.getResource("resources/domain.jks");
SslContextFactory sslContextFactory = new SslContextFactory();
Resource keyStoreResource = Resource.newResource(url);
sslContextFactory.setKeyStoreResource(keyStoreResource);
sslContextFactory.setKeyStorePassword("Keystore Password");
sslContextFactory.setKeyManagerPassword("Keystore Password");
WebSocketClient webSocketClient = new WebSocketClient(sslContextFactory);
ClientUpgradeRequest request = new ClientUpgradeRequest();
request.setSubProtocols("xsCrossfire");
String basicAuthHeader = HttpBasicAuthHeader.generateBasicAuthHeader("username", "password");
request.setHeader("Authorization", "Basic " + basicAuthHeader);
webSocketClient.start();
我们在服务器端有 Spring websocket [STOMP 和 JSR] 和 Jetty websocket 客户端与服务器通信。当我们在登录时对用户进行身份验证时,身份验证在浏览器中工作正常,我们在浏览器端有 sockjs STOMP,但我们也需要在 Jetty websocket 客户端进行身份验证。
怎么做? 还有其他选择吗?
在 spring 身份验证配置中指定基本身份验证
<security:http auto-config="true" pattern="/websocket" use-expressions="true" entry-point-ref="ajaxAwareAuthenticationEntryPoint" disable-url-rewriting="false">
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:http-basic/>
</security:http>
Jetty websocket 客户端 SSL 配置以及用户身份验证
URI serverURI = new URI("wss://domain:port/websocket");
ClassLoader classLoader = getClass().getClassLoader();
URL url = classLoader.getResource("resources/domain.jks");
SslContextFactory sslContextFactory = new SslContextFactory();
Resource keyStoreResource = Resource.newResource(url);
sslContextFactory.setKeyStoreResource(keyStoreResource);
sslContextFactory.setKeyStorePassword("Keystore Password");
sslContextFactory.setKeyManagerPassword("Keystore Password");
WebSocketClient webSocketClient = new WebSocketClient(sslContextFactory);
ClientUpgradeRequest request = new ClientUpgradeRequest();
request.setSubProtocols("xsCrossfire");
String basicAuthHeader = HttpBasicAuthHeader.generateBasicAuthHeader("username", "password");
request.setHeader("Authorization", "Basic " + basicAuthHeader);
webSocketClient.start();