ng2-stomp-service和Spring Security

时间:2017-07-13 15:17:17

标签: angular spring-security websocket stomp spring-websocket

我有一个使用ng2-stomp-service的Angular 2应用程序。它可以在没有安全性的情况下使用Spring WebSocket。

但我无法将身份验证凭据发送到Spring Security。这是Spring Security中的配置:

   @EnableWebSecurity
   public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
       @Override
       protected void configure(HttpSecurity http) throws Exception {
           http
                .csrf().disable()
                .httpBasic()
                .and()
                .authorizeRequests()
                .antMatchers("/demo-websocket/info").permitAll()
                .antMatchers("/demo-websocket/**/websocket").permitAll()
                .antMatchers("/info", "/health").permitAll()
                .antMatchers("/info", "/health").permitAll()
                .antMatchers("/api/**", "/advisor").hasRole("USER")
                .anyRequest().authenticated();

        }
   }

这是Spring WebSocket安全设置:

@Configuration
public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
    @Override
    protected void configureInbound(MessageSecurityMetadataSourceRegistry registry) {
        registry
                .simpTypeMatchers(CONNECT).permitAll()
                .simpTypeMatchers(UNSUBSCRIBE, DISCONNECT).permitAll()
                .simpMessageDestMatchers("/app/**").permitAll()
                .simpSubscribeDestMatchers("/topic/**").permitAll()
                .anyMessage().authenticated()
        ;
    }

    @Override
    protected boolean sameOriginDisabled() {
        //disable CSRF for websockets for now...
        return true;
    }
}

请注意,正在使用“permitAll()”,使其无需身份验证即可运行。但是,如果“.simpMessageDestMatchers(”/ app / “)。permitAll()”更改为“.simpMessageDestMatchers(”/ app / “)。authenticated()”,它将无效。

以下是Angular 2设置:

this.stomp.configure({
            host: `http://${config.host}:${config.port}/demo-websocket`,
            debug: true,
            queue: {'init': false},
            headers: {
                login: 'user',
                passcode: 'password',
                authorization: `Basic ${this.calcBase64UserPassword()}`
            },
        });

用于连接Spring WebSocket的Angular 2代码:

 this.subject = new Subject<Greeting>();

            this.stomp.startConnect().then(() => {
                this.stomp.done('init');

                console.log('Connect established.');

                this.connected = true;

                this.subscription = this.stomp.subscribe('/topic/greetings', this.response.bind(this));
            });

通过网络套接字发送消息的Angular 2代码:

send(messageText: string): void {
        if (this.connected) {
            const message = new DomainMessage(this.msgId, messageText);
            this.stomp.send('/app/hello', message, {
                login: 'user',
                passcode: 'password'
            });
        }
    }

用于计算基本身份验证Base 64标头的Angular 2代码:

private calcBase64UserPassword(username = config.username, password = config.password): string {
        const result = btoa(`${username}:${password}`);
        console.log (`${result}`);
        return result;
    }

0 个答案:

没有答案
相关问题
最新问题