Skip to content Skip to sidebar Skip to footer
Home / Javascript / Sockjs / Spring Security / Spring Websocket / Stomp

No Cookies During /info Request Using Sockjs And Stomp

Post a Comment
I'm trying to use Spring Security with websockets. As an example I'm using spring-websocket-chat (https://github.com/salmar/spring-websocket-chat) — demo application from talk 'D

Solution 1:

As far as I know you cannot pass cookies to SockJS (especially with Same-origin policy). However with the latest SockJS 1.0.3 you can pass query parameters as a part of connection URL. Thus you can send some JWT token to authorize a session.

var socket = newSockJS('http://localhost/ws?token=AAA');
  var stompClient = Stomp.over(socket);
  stompClient.connect({}, function(frame) {
      stompClient.subscribe('/topic/echo', function(data) {
        // topic handler
      });
    }
  }, function(err) {
    // connection error
  });

Now all the requests related to websocket will have parameter "?token=AAA"

http://localhost/ws/info?token=AAA&t=1446482506843

http://localhost/ws/515/z45wjz24/websocket?token=AAA

Then with Spring you can setup some filter which will identify a session using provided token.

PS cookies are picked up automatically when same origin for UI and server.

You may like these posts

Post a Comment for "No Cookies During /info Request Using Sockjs And Stomp"