我们在服务器端有 Spring websocket [STOMP 和 JSR] 和 Jetty websocket 客户端来与服务器通信。身份验证在浏览器上工作正常,因为我们在登录时对用户进行身份验证,我们在浏览器端有 sockjs STOMP,但我们也需要在 Jetty websocket 客户端进行身份验证。
怎么做?还有其他选择吗?
我们在服务器端有 Spring websocket [STOMP 和 JSR] 和 Jetty websocket 客户端来与服务器通信。身份验证在浏览器上工作正常,因为我们在登录时对用户进行身份验证,我们在浏览器端有 sockjs STOMP,但我们也需要在 Jetty websocket 客户端进行身份验证。
怎么做?还有其他选择吗?
在spring auth配置中指定Basic authentication
<security:http auto-config="true" pattern="/websocket" use-expressions="true" entry-point-ref="ajaxAwareAuthenticationEntryPoint" disable-url-rewriting="false">
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:http-basic/>
</security:http>
Jetty websocket 客户端 SSL 配置以及用户身份验证
URI serverURI = new URI("wss://domain:port/websocket");
ClassLoader classLoader = getClass().getClassLoader();
URL url = classLoader.getResource("resources/domain.jks");
SslContextFactory sslContextFactory = new SslContextFactory();
Resource keyStoreResource = Resource.newResource(url);
sslContextFactory.setKeyStoreResource(keyStoreResource);
sslContextFactory.setKeyStorePassword("Keystore Password");
sslContextFactory.setKeyManagerPassword("Keystore Password");
WebSocketClient webSocketClient = new WebSocketClient(sslContextFactory);
ClientUpgradeRequest request = new ClientUpgradeRequest();
request.setSubProtocols("xsCrossfire");
String basicAuthHeader = HttpBasicAuthHeader.generateBasicAuthHeader("username", "password");
request.setHeader("Authorization", "Basic " + basicAuthHeader);
webSocketClient.start();