如何验证弹簧websocket的Jetty websocket客户端(JSR-356)

时间:2015-03-23 10:57:44

标签: spring spring-security spring-websocket jetty-9 java-websocket

我们在服务器端有Spring websocket [STOMP和JSR],在服务器端有Jetty websocket客户端。我们在登录时对用户进行身份验证时,身份验证可以正常运行,我们在浏览器端有sockjs STOMP,但我们也需要在Jetty websocket客户端进行身份验证。

怎么做? 还有其他选择吗?

1 个答案:

答案 0 :(得分:0)

在spring auth配置中指定基本身份验证

<security:http auto-config="true" pattern="/websocket" use-expressions="true" entry-point-ref="ajaxAwareAuthenticationEntryPoint" disable-url-rewriting="false">
    <security:intercept-url pattern="/**" access="isAuthenticated()" />
    <security:http-basic/>
</security:http>

Jetty websocket客户端SSL配置以及用户身份验证

URI serverURI = new URI("wss://domain:port/websocket");
ClassLoader classLoader = getClass().getClassLoader();
URL url = classLoader.getResource("resources/domain.jks");
SslContextFactory sslContextFactory = new SslContextFactory();  
Resource keyStoreResource = Resource.newResource(url);
sslContextFactory.setKeyStoreResource(keyStoreResource);
sslContextFactory.setKeyStorePassword("Keystore Password");
sslContextFactory.setKeyManagerPassword("Keystore Password");   
WebSocketClient webSocketClient = new WebSocketClient(sslContextFactory);
ClientUpgradeRequest request = new ClientUpgradeRequest();
request.setSubProtocols("xsCrossfire");
String basicAuthHeader = HttpBasicAuthHeader.generateBasicAuthHeader("username", "password");
request.setHeader("Authorization", "Basic " + basicAuthHeader);
webSocketClient.start();
相关问题
最新问题