Class AbstractSecurityWebSocketMessageBrokerConfigurer
- java.lang.Object
-
- org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer
-
- org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
-
- All Implemented Interfaces:
org.springframework.beans.factory.SmartInitializingSingleton
,org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
@Order(-2147483548) @Import(ObjectPostProcessorConfiguration.class) public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer implements org.springframework.beans.factory.SmartInitializingSingleton
Allows configuring WebSocket Authorization.For example:
@Configuration public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer { @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages.simpDestMatchers("/user/queue/errors").permitAll() .simpDestMatchers("/admin/**").hasRole("ADMIN").anyMessage() .authenticated(); } }
- Since:
- 4.0
-
-
Constructor Summary
Constructors Constructor Description AbstractSecurityWebSocketMessageBrokerConfigurer()
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
addArgumentResolvers(java.util.List<org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver> argumentResolvers)
void
afterSingletonsInstantiated()
void
configureClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
protected void
configureInbound(MessageSecurityMetadataSourceRegistry messages)
CsrfChannelInterceptor
csrfChannelInterceptor()
protected void
customizeClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
Allows subclasses to customize the configuration of theChannelRegistration
.ChannelSecurityInterceptor
inboundChannelSecurity(MessageSecurityMetadataSource messageSecurityMetadataSource)
MessageSecurityMetadataSource
inboundMessageSecurityMetadataSource()
void
registerStompEndpoints(org.springframework.web.socket.config.annotation.StompEndpointRegistry registry)
protected boolean
sameOriginDisabled()
Determines if a CSRF token is required for connecting.SecurityContextChannelInterceptor
securityContextChannelInterceptor()
void
setApplicationContext(org.springframework.context.ApplicationContext context)
void
setMessageExpessionHandler(java.util.List<SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers)
Deprecated.void
setMessageExpressionHandler(java.util.List<SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers)
void
setObjectPostProcessor(ObjectPostProcessor<java.lang.Object> objectPostProcessor)
-
-
-
Method Detail
-
registerStompEndpoints
public void registerStompEndpoints(org.springframework.web.socket.config.annotation.StompEndpointRegistry registry)
- Specified by:
registerStompEndpoints
in interfaceorg.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
-
addArgumentResolvers
public void addArgumentResolvers(java.util.List<org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver> argumentResolvers)
- Specified by:
addArgumentResolvers
in interfaceorg.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
- Overrides:
addArgumentResolvers
in classorg.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer
-
configureClientInboundChannel
public final void configureClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
- Specified by:
configureClientInboundChannel
in interfaceorg.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
- Overrides:
configureClientInboundChannel
in classorg.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer
-
sameOriginDisabled
protected boolean sameOriginDisabled()
Determines if a CSRF token is required for connecting. This protects against remote sites from connecting to the application and being able to read/write data over the connection. The default is false (the token is required).
Subclasses can override this method to disable CSRF protection
- Returns:
- false if a CSRF token is required for connecting, else true
-
customizeClientInboundChannel
protected void customizeClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
Allows subclasses to customize the configuration of theChannelRegistration
.- Parameters:
registration
- theChannelRegistration
to customize
-
csrfChannelInterceptor
@Bean public CsrfChannelInterceptor csrfChannelInterceptor()
-
inboundChannelSecurity
@Bean public ChannelSecurityInterceptor inboundChannelSecurity(MessageSecurityMetadataSource messageSecurityMetadataSource)
-
securityContextChannelInterceptor
@Bean public SecurityContextChannelInterceptor securityContextChannelInterceptor()
-
inboundMessageSecurityMetadataSource
@Bean public MessageSecurityMetadataSource inboundMessageSecurityMetadataSource()
-
configureInbound
protected void configureInbound(MessageSecurityMetadataSourceRegistry messages)
- Parameters:
messages
-
-
setApplicationContext
@Autowired public void setApplicationContext(org.springframework.context.ApplicationContext context)
-
setMessageExpessionHandler
@Deprecated public void setMessageExpessionHandler(java.util.List<SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers)
Deprecated.
-
setMessageExpressionHandler
@Autowired(required=false) public void setMessageExpressionHandler(java.util.List<SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers)
-
setObjectPostProcessor
@Autowired(required=false) public void setObjectPostProcessor(ObjectPostProcessor<java.lang.Object> objectPostProcessor)
-
afterSingletonsInstantiated
public void afterSingletonsInstantiated()
- Specified by:
afterSingletonsInstantiated
in interfaceorg.springframework.beans.factory.SmartInitializingSingleton
-
-