Package org.springframework.security.config.annotation.web.socket

Class AbstractSecurityWebSocketMessageBrokerConfigurer

java.lang.Object
org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer
All Implemented Interfaces:
org.springframework.beans.factory.SmartInitializingSingleton, org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
@Order(-2147483548) @Import(ObjectPostProcessorConfiguration.class) public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends Object implements org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer, org.springframework.beans.factory.SmartInitializingSingleton
Allows configuring WebSocket Authorization.

For example: 

 @Configuration
 public class WebSocketSecurityConfig extends
                AbstractSecurityWebSocketMessageBrokerConfigurer {

        @Override
        protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
                messages.simpDestMatchers("/user/queue/errors").permitAll()
                                .simpDestMatchers("/admin/**").hasRole("ADMIN").anyMessage()
                                .authenticated();
        }
 }
Since:
4.0

  • Constructor Details

    • AbstractSecurityWebSocketMessageBrokerConfigurer

      public AbstractSecurityWebSocketMessageBrokerConfigurer()

  • Method Details

    • registerStompEndpoints

      public void registerStompEndpoints(org.springframework.web.socket.config.annotation.StompEndpointRegistry registry)
      Specified by:
      registerStompEndpoints in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer

    • addArgumentResolvers

      public void addArgumentResolvers(List<org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver> argumentResolvers)
      Specified by:
      addArgumentResolvers in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer

    • configureClientInboundChannel

      public final void configureClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
      Specified by:
      configureClientInboundChannel in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer

    • sameOriginDisabled

      protected boolean sameOriginDisabled()

      Determines if a CSRF token is required for connecting. This protects against remote sites from connecting to the application and being able to read/write data over the connection. The default is false (the token is required).

      Subclasses can override this method to disable CSRF protection

      Returns:
      false if a CSRF token is required for connecting, else true

    • customizeClientInboundChannel

      protected void customizeClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
      Allows subclasses to customize the configuration of the ChannelRegistration .
      Parameters:
      registration - the ChannelRegistration to customize

    • csrfChannelInterceptor

      @Bean public CsrfChannelInterceptor csrfChannelInterceptor()

    • inboundChannelSecurity

      @Bean public ChannelSecurityInterceptor inboundChannelSecurity(MessageSecurityMetadataSource messageSecurityMetadataSource)

    • securityContextChannelInterceptor

      @Bean public SecurityContextChannelInterceptor securityContextChannelInterceptor()

    • inboundMessageSecurityMetadataSource

      @Bean public MessageSecurityMetadataSource inboundMessageSecurityMetadataSource()

    • configureInbound

      protected void configureInbound(MessageSecurityMetadataSourceRegistry messages)
      Parameters:
      messages -

    • setApplicationContext

      @Autowired public void setApplicationContext(org.springframework.context.ApplicationContext context)

    • setMessageExpessionHandler

      @Deprecated public void setMessageExpessionHandler(List<SecurityExpressionHandler<org.springframework.messaging.Message<Object>>> expressionHandlers)
      Deprecated.

    • setMessageExpressionHandler

      @Autowired(required=false) public void setMessageExpressionHandler(List<SecurityExpressionHandler<org.springframework.messaging.Message<Object>>> expressionHandlers)

    • setObjectPostProcessor

      @Autowired(required=false) public void setObjectPostProcessor(ObjectPostProcessor<Object> objectPostProcessor)

    • afterSingletonsInstantiated

      public void afterSingletonsInstantiated()
      Specified by:
      afterSingletonsInstantiated in interface org.springframework.beans.factory.SmartInitializingSingleton