@Order(value=-2147483548) @Import(value=ObjectPostProcessorConfiguration.class) public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer implements org.springframework.beans.factory.SmartInitializingSingleton
For example:
@Configuration public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer { @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages.simpDestMatchers("/user/queue/errors").permitAll() .simpDestMatchers("/admin/**").hasRole("ADMIN").anyMessage() .authenticated(); } }
Constructor and Description |
---|
AbstractSecurityWebSocketMessageBrokerConfigurer() |
Modifier and Type | Method and Description |
---|---|
void |
addArgumentResolvers(java.util.List<org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver> argumentResolvers) |
void |
afterSingletonsInstantiated() |
void |
configureClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration) |
protected void |
configureInbound(MessageSecurityMetadataSourceRegistry messages) |
CsrfChannelInterceptor |
csrfChannelInterceptor() |
protected void |
customizeClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
Allows subclasses to customize the configuration of the
ChannelRegistration
. |
ChannelSecurityInterceptor |
inboundChannelSecurity() |
MessageSecurityMetadataSource |
inboundMessageSecurityMetadataSource() |
void |
registerStompEndpoints(org.springframework.web.socket.config.annotation.StompEndpointRegistry registry) |
protected boolean |
sameOriginDisabled()
Determines if a CSRF token is required for connecting.
|
SecurityContextChannelInterceptor |
securityContextChannelInterceptor() |
void |
setApplicationContext(org.springframework.context.ApplicationContext context) |
void |
setMessageExpessionHandler(java.util.List<SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers)
Deprecated.
|
void |
setMessageExpressionHandler(java.util.List<SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers) |
void |
setObjectPostProcessor(ObjectPostProcessor<java.lang.Object> objectPostProcessor) |
public AbstractSecurityWebSocketMessageBrokerConfigurer()
public void registerStompEndpoints(org.springframework.web.socket.config.annotation.StompEndpointRegistry registry)
registerStompEndpoints
in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
public void addArgumentResolvers(java.util.List<org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver> argumentResolvers)
addArgumentResolvers
in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
addArgumentResolvers
in class org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer
public final void configureClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
configureClientInboundChannel
in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
configureClientInboundChannel
in class org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer
protected boolean sameOriginDisabled()
Determines if a CSRF token is required for connecting. This protects against remote sites from connecting to the application and being able to read/write data over the connection. The default is false (the token is required).
Subclasses can override this method to disable CSRF protection
protected void customizeClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
ChannelRegistration
.registration
- the ChannelRegistration
to customize@Bean public CsrfChannelInterceptor csrfChannelInterceptor()
@Bean public ChannelSecurityInterceptor inboundChannelSecurity()
@Bean public SecurityContextChannelInterceptor securityContextChannelInterceptor()
@Bean public MessageSecurityMetadataSource inboundMessageSecurityMetadataSource()
protected void configureInbound(MessageSecurityMetadataSourceRegistry messages)
messages
- @Autowired public void setApplicationContext(org.springframework.context.ApplicationContext context)
@Deprecated public void setMessageExpessionHandler(java.util.List<SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers)
@Autowired(required=false) public void setMessageExpressionHandler(java.util.List<SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers)
@Autowired(required=false) public void setObjectPostProcessor(ObjectPostProcessor<java.lang.Object> objectPostProcessor)
public void afterSingletonsInstantiated()
afterSingletonsInstantiated
in interface org.springframework.beans.factory.SmartInitializingSingleton