Class AbstractSecurityWebSocketMessageBrokerConfigurer

  • All Implemented Interfaces:
    org.springframework.beans.factory.SmartInitializingSingleton, org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer

    @Order(-2147483548)
    @Import(ObjectPostProcessorConfiguration.class)
    public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer
    extends org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer
    implements org.springframework.beans.factory.SmartInitializingSingleton
    Allows configuring WebSocket Authorization.

    For example:

     @Configuration
     public class WebSocketSecurityConfig extends
                    AbstractSecurityWebSocketMessageBrokerConfigurer {
    
            @Override
            protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
                    messages.simpDestMatchers("/user/queue/errors").permitAll()
                                    .simpDestMatchers("/admin/**").hasRole("ADMIN").anyMessage()
                                    .authenticated();
            }
     }
     
    Since:
    4.0
    • Constructor Detail

      • AbstractSecurityWebSocketMessageBrokerConfigurer

        public AbstractSecurityWebSocketMessageBrokerConfigurer()
    • Method Detail

      • registerStompEndpoints

        public void registerStompEndpoints​(org.springframework.web.socket.config.annotation.StompEndpointRegistry registry)
        Specified by:
        registerStompEndpoints in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
      • addArgumentResolvers

        public void addArgumentResolvers​(java.util.List<org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver> argumentResolvers)
        Specified by:
        addArgumentResolvers in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
        Overrides:
        addArgumentResolvers in class org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer
      • configureClientInboundChannel

        public final void configureClientInboundChannel​(org.springframework.messaging.simp.config.ChannelRegistration registration)
        Specified by:
        configureClientInboundChannel in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
        Overrides:
        configureClientInboundChannel in class org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer
      • sameOriginDisabled

        protected boolean sameOriginDisabled()

        Determines if a CSRF token is required for connecting. This protects against remote sites from connecting to the application and being able to read/write data over the connection. The default is false (the token is required).

        Subclasses can override this method to disable CSRF protection

        Returns:
        false if a CSRF token is required for connecting, else true
      • customizeClientInboundChannel

        protected void customizeClientInboundChannel​(org.springframework.messaging.simp.config.ChannelRegistration registration)
        Allows subclasses to customize the configuration of the ChannelRegistration .
        Parameters:
        registration - the ChannelRegistration to customize
      • setApplicationContext

        @Autowired
        public void setApplicationContext​(org.springframework.context.ApplicationContext context)
      • setMessageExpessionHandler

        @Deprecated
        public void setMessageExpessionHandler​(java.util.List<SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers)
        Deprecated.
      • setMessageExpressionHandler

        @Autowired(required=false)
        public void setMessageExpressionHandler​(java.util.List<SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers)
      • setObjectPostProcessor

        @Autowired(required=false)
        public void setObjectPostProcessor​(ObjectPostProcessor<java.lang.Object> objectPostProcessor)
      • afterSingletonsInstantiated

        public void afterSingletonsInstantiated()
        Specified by:
        afterSingletonsInstantiated in interface org.springframework.beans.factory.SmartInitializingSingleton