我们在服务器端有Spring websocket [STOMP和JSR],在服务器端有Jetty websocket客户端。我们在登录时对用户进行身份验证时,身份验证可以正常运行,我们在浏览器端有sockjs STOMP,但我们也需要在Jetty websocket客户端进行身份验证。
怎么做? 还有其他选择吗?
答案 0 :(得分:0)
在spring auth配置中指定基本身份验证
<security:http auto-config="true" pattern="/websocket" use-expressions="true" entry-point-ref="ajaxAwareAuthenticationEntryPoint" disable-url-rewriting="false">
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:http-basic/>
</security:http>
Jetty websocket客户端SSL配置以及用户身份验证
URI serverURI = new URI("wss://domain:port/websocket");
ClassLoader classLoader = getClass().getClassLoader();
URL url = classLoader.getResource("resources/domain.jks");
SslContextFactory sslContextFactory = new SslContextFactory();
Resource keyStoreResource = Resource.newResource(url);
sslContextFactory.setKeyStoreResource(keyStoreResource);
sslContextFactory.setKeyStorePassword("Keystore Password");
sslContextFactory.setKeyManagerPassword("Keystore Password");
WebSocketClient webSocketClient = new WebSocketClient(sslContextFactory);
ClientUpgradeRequest request = new ClientUpgradeRequest();
request.setSubProtocols("xsCrossfire");
String basicAuthHeader = HttpBasicAuthHeader.generateBasicAuthHeader("username", "password");
request.setHeader("Authorization", "Basic " + basicAuthHeader);
webSocketClient.start();