How to reply to unauthenticated user in Spring 4 STOMP over WebSocket configuration?

StackOverflow https://stackoverflow.com/questions/21312222

Question

I'm experimenting with Spring 4 WebSocket STOMP application. Is there a way to reply to a single unauthenticated user on condition that each user has unique session ID? Right now I can only either broadcast a message or send it directly to an authenticated user.

@Controller
public class ProductController {

    @MessageMapping("/products/{id}")
    @SendTo("/topic") // This line makes return value to be broadcasted to every connected user.
    public String getProduct(@DestinationVariable int id) {
        return "Product " + id;
    }
}
Was it helpful?

Solution

You can assign an anonymous identity to incoming users. There are two ways to do it.

One, you can configure a sub-class of DefaultHandshakeHandler that overrides determineUser and assigns some kind of identity to every WebSocketSession. This requires 4.0.1 by the way (currently build snapshots are available) that will be released on Monday Jan 23, 2014.

Two, the WebSocket session will fall back on the value returned from HttpServletRequest.getUserPrincipal on the handshake HTTP request. You could have a servlet Filter wrap the HttpServletRequest and decide what to return from that method. Or if you're using Spring Security which has the AnonymousAuthenticationFilter, override its createAuthentication method.

OTHER TIPS

@SendToUser("/products") should result in a message to destination "/user/{username}/products". That message will be handled by the UserDestinationMessageHandler, which transforms the destination to "/products-user{sessionId}" and re-sends the message.

So I'm not quite sure what "/user/products-user0" is. It surprises me in two ways. First if it starts with "/user" then that's the destination before the transformation and should be followed by the user name (i.e. "/user/{username}/products").

The fact that it ends with "-user0" makes it look like the destination after the transformation but then it shouldn't start with "/user". In any case the 0, 1 in that case would be the WebSocket session id. What server is this?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top