功能:所有关于websocket的请求必须登录,实现websocket需要登录后才可使用,不登录不能建立连接。
后台spring security配置添加websocket的请求可以匿名访问,关于websocket的请求不要认证就可以随意访问,去除匿名访问后,前端在与websocket建立链接无法在请求头里直接加入Authorization token信息,任何关于websocket的请求都无法通过token认证。
解决办法: 使用websocket的Sec-WebSocket-Protocol参数,将token传回后台,后台借助HttpServletRequestWrapper重新生成新的请求信息,实现使用一套登录认证拦截
原理:
HttpServletRequestWrapper 采用装饰者模式对HttpServletRequest进行包装,我们可以通过继承HttpServletRequestWrapper 类去重写getParameterValues,getParameter等方法,实际还是调用HttpServletRequest的相对应方法,但是可以对方法的结果进行改装。
1、前端webSock.js
与webSocke建立连接
var websock = null;
var global_callback = null;
var serverPort = "8080"; // webSocket连接端口
var wsurl = "ws://" + window.location.hostname + ":" + serverPort+"/websocket/message";
/**
* 创建socket连接
* @param callback
*/
function createWebSocket(callback) {
if (websock == null || typeof websock !== WebSocket) {
initWebSocket(callback);
}
}
/**
* 初始化socket
* @param callback
*/
function initWebSocket(callback) {
global_callback = callback;
// 初始化websocket
//token会放在请求的Sec-WebSocket-Protocol参数里面
websock = new WebSocket(wsurl,['你的token']);
websock.onmessage = function (e) {
websocketOnMessage(e);
};
websock.onclose = function (e) {
websocketClose(e);
};
websock.onopen = function () {
websocketOpen();
};
// 连接发生错误的回调方法
websock.onerror = function () {
console.log("WebSocket连接发生错误");
};
}
/**
* 实际调用的方法
*/
function sendSock(agentData ) {
if (websock.readyState === websock.OPEN) {
// 若是ws开启状态
websocketsend(agentData);
} else if (websock.readyState === websock.CONNECTING) {
// 若是 正在开启状态,则等待1s后重新调用
setTimeout(function () {
sendSock(agentData);
}, 1000);
} else {
// 若未开启 ,则等待1s后重新调用
setTimeout(function () {
sendSock(agentData);
}, 1000);
}
}
/**
* 关闭
*/
function closeSock() {
websock.close();
}
/**
* 数据接收
*/
function websocketOnMessage(msg) {
// 收到信息为Blob类型时
let result = null;
// debugger
if (msg.data instanceof Blob) {
const reader = new FileReader();
reader.readAsText(msg.data, "UTF-8");
reader.onload = (e) => {
result = reader.result;
// console.log("websocket收到", result);
global_callback(result);
};
} else {
result = msg.data;
// console.log("websocket收到", result);
global_callback(result);
}
}
/**
* 数据发送
*/
function websocketsend(agentData) {
// console.log("发送数据:" + agentData);
websock.send(agentData);
}
/**
* 异常关闭
*/
function websocketClose(e) {
// console.log("connection closed (" + e.code + ")");
}
function websocketOpen(e) {
// console.log("连接打开");
}
export {
sendSock, createWebSocket, closeSock };
2、后端的JWT拦截
前提 spring security配置类不允许/websocket匿名访问,需要鉴权才可以使用
2.1 先实现 HeaderMapRequestWrapper继承HttpServletRequestWrapper
来实现修改HttpServletRequest的请求参数
/**
* 修改header信息,key-value键值对儿加入到header中
*/
public class HeaderMapRequestWrapper extends HttpServletRequestWrapper {
private static final Logger LOGGER = LoggerFactory.getLogger(HeaderMapRequestWrapper.class);
/**
* construct a wrapper for this request
*
* @param request
*/
public HeaderMapRequestWrapper(HttpServletRequest request) {
super(request);
}
private Map<String, String> headerMap = new HashMap<>();
/**
* add a header with given name and value
*
* @param name
* @param value
*/
public void addHeader(String name, String value) {
headerMap.put(name, value);
}
@Override
public String getHeader(String name) {
String headerValue = super.getHeader(name);
if (headerMap.containsKey(name)) {
headerValue = headerMap.get(name);
}
return headerValue;
}
/**
* get the Header names
*/
@Override
public Enumeration<String> getHeaderNames() {
List<String> names = Collections.list(super.getHeaderNames());
for (String name : headerMap.keySet()) {
names.add(name);
}
return Collections.enumeration(names);
}
@Override
public Enumeration<String> getHeaders(String name) {
List<String> values = Collections.list(super.getHeaders(name));
if (headerMap.containsKey(name)) {
values = Arrays.asList(headerMap.get(name));
}
return Collections.enumeration(values);
}
}
2.2 token过滤器 JWT认证拦截器修改
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException
{
/**
* 通过request的url判断是否为websocket请求
* 如果为websocket请求,先处理Authorization
*/
if(request.getRequestURI().contains("/websocket")){
HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper((HttpServletRequest) request);
//修改header信息 将websocket请求中的Sec-WebSocket-Protocol值取出处理后放入认证参数key
//此处需要根据自己的认证方式进行修改 Authorization 和 Bearer
requestWrapper.addHeader("Authorization","Bearer "+request.getHeader("Sec-WebSocket-Protocol"));
request = (HttpServletRequest) requestWrapper;
}
//处理完后就可以走系统正常的登录认证权限认证逻辑了
//下边就是自己的验证token 登陆逻辑
LoginUser loginUser = getLoginUser(request);
·······
chain.doFilter(request, response);
}