感谢Rossen Stoyanchev在GitHub上的回答(链接),我通过向入站通道添加拦截器来解决了这个问题。需要更改spring-websocket-portfolio演示应用程序的内容如下:
更改WebSocket配置:
public void configureClientInboundChannel(ChannelRegistration registration) {
registration.setInterceptors(new TopicSubscriptionInterceptor());
}
拦截器大概是这样的:
public class TopicSubscriptionInterceptor extends ChannelInterceptorAdapter {
private static Logger logger = org.slf4j.LoggerFactory.getLogger(TopicSubscriptionInterceptor.class);
@Override
public Message<?> preSend(Message<?> message, MessageChannel channel) {
StompHeaderAccessor headerAccessor= StompHeaderAccessor.wrap(message);
if (StompCommand.SUBSCRIBE.equals(headerAccessor.getCommand())) {
Principal userPrincipal = headerAccessor.getUser();
if (!validateSubscription(userPrincipal, headerAccessor.getDestination())) {
throw new IllegalArgumentException("No permission for this topic");
}
}
return message;
}
private boolean validateSubscription(Principal principal, String topicDestination) {
if (principal == null) {
// Unauthenticated user
return false;
}
logger.debug("Validate subscription for {} to topic {}", principal.getName(), topicDestination);
// Additional validation logic coming here
return true;
}
}
从Spring 5.x开始,如果您正在扩展AbstractSecurityWebSocketMessageBrokerConfigurer,则正确的覆盖方法以附加拦截器是customizeClientInboundChannel:
@Override
public void customizeClientInboundChannel(ChannelRegistration registration) {
registration.interceptors(new TopicSubscriptionInterceptor());
}
WebSocketMessageBrokerConfigurer,因为AbstractSecurityWebSocketMessageBrokerConfigurer已经被废弃很久了 :) - Walnussbär
org.springframework.messaging.MessagingException更好。 - LoganMzz