Package org.springframework.security.config.annotation.web.socket

Class AbstractSecurityWebSocketMessageBrokerConfigurer

  • All Implemented Interfaces:
    org.springframework.beans.factory.SmartInitializingSingleton, org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
    @Order(-2147483548)
@Import(ObjectPostProcessorConfiguration.class)
public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer
extends org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer
implements org.springframework.beans.factory.SmartInitializingSingleton
    Allows configuring WebSocket Authorization.

    For example: 

     @Configuration
 public class WebSocketSecurityConfig extends
                AbstractSecurityWebSocketMessageBrokerConfigurer {

        @Override
        protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
                messages.simpDestMatchers("/user/queue/errors").permitAll()
                                .simpDestMatchers("/admin/**").hasRole("ADMIN").anyMessage()
                                .authenticated();
        }
 }
    Since:
    4.0

    • Constructor Detail

      • AbstractSecurityWebSocketMessageBrokerConfigurer

        public AbstractSecurityWebSocketMessageBrokerConfigurer()

    • Method Detail

      • registerStompEndpoints

        public void registerStompEndpoints​(org.springframework.web.socket.config.annotation.StompEndpointRegistry registry)
        Specified by:
        registerStompEndpoints in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer

      • addArgumentResolvers

        public void addArgumentResolvers​(java.util.List<org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver> argumentResolvers)
        Specified by:
        addArgumentResolvers in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
        Overrides:
        addArgumentResolvers in class org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer

      • configureClientInboundChannel

        public final void configureClientInboundChannel​(org.springframework.messaging.simp.config.ChannelRegistration registration)
        Specified by:
        configureClientInboundChannel in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurer
        Overrides:
        configureClientInboundChannel in class org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer

      • sameOriginDisabled

        protected boolean sameOriginDisabled()

        Determines if a CSRF token is required for connecting. This protects against remote sites from connecting to the application and being able to read/write data over the connection. The default is false (the token is required).

        Subclasses can override this method to disable CSRF protection

        Returns:
        false if a CSRF token is required for connecting, else true

      • customizeClientInboundChannel

        protected void customizeClientInboundChannel​(org.springframework.messaging.simp.config.ChannelRegistration registration)
        Allows subclasses to customize the configuration of the ChannelRegistration .
        Parameters:
        registration - the ChannelRegistration to customize

      • csrfChannelInterceptor

        @Bean
public org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor csrfChannelInterceptor()

      • inboundChannelSecurity

        @Bean
public org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor inboundChannelSecurity​(org.springframework.security.messaging.access.intercept.MessageSecurityMetadataSource messageSecurityMetadataSource)

      • securityContextChannelInterceptor

        @Bean
public org.springframework.security.messaging.context.SecurityContextChannelInterceptor securityContextChannelInterceptor()

      • inboundMessageSecurityMetadataSource

        @Bean
public org.springframework.security.messaging.access.intercept.MessageSecurityMetadataSource inboundMessageSecurityMetadataSource()

      • setApplicationContext

        @Autowired
public void setApplicationContext​(org.springframework.context.ApplicationContext context)

      • setMessageExpessionHandler

        @Deprecated
public void setMessageExpessionHandler​(java.util.List<org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers)
        Deprecated.

      • setMessageExpressionHandler

        @Autowired(required=false)
public void setMessageExpressionHandler​(java.util.List<org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.messaging.Message<java.lang.Object>>> expressionHandlers)

      • setObjectPostProcessor

        @Autowired(required=false)
public void setObjectPostProcessor​(ObjectPostProcessor<java.lang.Object> objectPostProcessor)

      • afterSingletonsInstantiated

        public void afterSingletonsInstantiated()
        Specified by:
        afterSingletonsInstantiated in interface org.springframework.beans.factory.SmartInitializingSingleton