我试图找出如何在ChannelInterceptorAdapter中响应401状态以防万一WebSocket连接未经授权。
@Component
public class ConnectInterceptor extends ChannelInterceptorAdapter {
final AuthorizationService mAuthService;
@Autowired
public ConnectInterceptor(final AuthorizationService authService) {
mAuthService = authService;
}
@Override
public Message<?> preSend(final Message<?> message, final MessageChannel channel) {
final StompHeaderAccessor headerAccessor = StompHeaderAccessor.wrap(message);
if (StompCommand.CONNECT.equals(headerAccessor.getCommand())) {
final String authValue = (String)headerAccessor.getHeader("Authorization");
ApiPrincipal principal;
try {
principal = mAuthService.authorize(authValue);
} catch (final UnauthorizedException e) {
//response.sendError(HttpServletResponse.SC_FORBIDDEN, "AdditionalInformationIfAvailable")??
}
headerAccessor.setUser(principal);
}
return message;
}
}