|
|
|
@ -1732,11 +1732,11 @@ the user is already authenticated at the HTTP transport level, and expects that |
|
|
|
the WebSocket or SockJS session contain the authenticated user. |
|
|
|
the WebSocket or SockJS session contain the authenticated user. |
|
|
|
|
|
|
|
|
|
|
|
NOTE: Spring Security provides |
|
|
|
NOTE: Spring Security provides |
|
|
|
https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#websocket[WebSocket sub-protocol authorization] |
|
|
|
https://docs.spring.io/spring-security/reference/servlet/integrations/websocket.html#websocket-authorization[WebSocket sub-protocol authorization] |
|
|
|
that uses a `ChannelInterceptor` to authorize messages based on the user header in them. |
|
|
|
that uses a `ChannelInterceptor` to authorize messages based on the user header in them. |
|
|
|
Also, Spring Session provides a |
|
|
|
Also, Spring Session provides |
|
|
|
https://docs.spring.io/spring-session/docs/current/reference/html5/#websocket[WebSocket integration] |
|
|
|
https://docs.spring.io/spring-session/reference/web-socket.html[WebSocket integration] |
|
|
|
that ensures the user HTTP session does not expire when the WebSocket session is still active. |
|
|
|
that ensures the user's HTTP session does not expire while the WebSocket session is still active. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sam Brannen
4 years ago