问题描述
我创建了一个使用Spring 4的websockets机制的简单应用程序.我在我的应用中使用了activemq经纪人.
I created a simple app that uses the websockets mechanism of spring 4.I use in my app an activemq broker.
在我的简单测试中,我为名为"Alejando"(用户/alejandro/queue/greetings)的用户创建了10条消息
In my simple test i create 10 messages for a user named "Alejando" (user/alejandro/queue/greetings)
当我使用"Alejando"登录并订阅该队列时:
When i log in with "Alejando" and subscribe to that queue:
stompClient.subscribe('/user/alejandro/queue/greetings', function(greeting){
showGreeting(JSON.parse(greeting.body).content);
});
我确实收到了有关alejandro的10条消息.
I indeed receive all the 10 messages that were enqued for alejandro.
问题是,当我使用名为"evilBart"的其他用户登录并订阅alejandro队列时,我也收到了消息吗?
The problem is when i log in with a different user named "evilBart" and subscribe to the queue of alejandro i receive the messages as well?
我该如何加强安全性?我希望用户只能订阅自己的队列.
How can i enforce security for that? I would like that a user can only subscribe to it's own queue.
谢谢!
我的配置类:
@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
@Override
public void configureMessageBroker(MessageBrokerRegistry config) {
config.enableStompBrokerRelay("/queue/","/topic","/user/");
config.setApplicationDestinationPrefixes("/app");
}
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/hello").withSockJS();
}
}
推荐答案
您可以选择两个选项.
- 只需从config.enableStompBrokerRelay中删除"/user/".Spring消息将自动添加前缀.
convertAndSendToUser不适用于代理中继.
- Simply remove "/user/" from config.enableStompBrokerRelay.Spring message will automatically prefix.
convertAndSendToUser is not for broker relay.
请参阅org.springframework.messaging.simp.user软件包的源代码
默认用户前缀为"/user/". 您可以使用config.setUserDestinationPrefix()
Default user prefix is '/user/'. You can change it with config.setUserDestinationPrefix()
2.覆盖两种方法并从ChannelInterceptor处理它
2. Override two methods and handle it from ChannelInterceptor
方法:
这篇关于Spring Websocket具有安全性-每个用户都可以订阅其他任何用户队列吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!