Spring security 具有摘要身份验证的spring websocket
我使用SpringSecurity对我的Spring security 具有摘要身份验证的spring websocket,spring-security,spring-websocket,digest-authentication,Spring Security,Spring Websocket,Digest Authentication,我使用SpringSecurity对我的SpringWebSocket服务器进行身份验证。它适用于基本身份验证,但当我更改为摘要身份验证时,它出错了。我不知道该在标题中添加什么。有人知道什么解决办法吗 这是websocket客户端代码片段: SockJsClient sockJsClient; WebSocketStompClient stompClient; List<Transport> transports = new ArrayList<>(); final We
SpringWebSocket基本身份验证摘要身份验证SockJsClient sockJsClient;
WebSocketStompClient stompClient;
List<Transport> transports = new ArrayList<>();
final WebSocketHttpHeaders headers = new WebSocketHttpHeaders();
headers.add("Authorization", "Basic YWRtaW46YWRtaW4=");
transports.add(new WebSocketTransport(new StandardWebSocketClient()));
sockJsClient = new SockJsClient(transports);
stompClient = new WebSocketStompClient(sockJsClient);
stompClient.setMessageConverter(new MappingJackson2MessageConverter());
......
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
public class RestTempleteConfig {
public RestTemplate getRestTemplate() {
CloseableHttpClient client = HttpClientBuilder.create().setDefaultCredentialsProvider(provider())
.useSystemProperties().build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactoryDigestAuth(
client);
return new RestTemplate(requestFactory);
}
private CredentialsProvider provider() {
CredentialsProvider provider = new BasicCredentialsProvider();
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("admin", "admin");
provider.setCredentials(AuthScope.ANY, credentials);
return provider;
}
}
RestTemplate restTemplate = new RestTempleteConfig().getRestTemplate();
String uri = "http://localhost:8080/login";
ResponseEntity<String> entity = restTemplate.exchange(uri, HttpMethod.GET, null, String.class);
System.out.println(entity.getBody());
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
public class RestTempleteConfig {
public RestTemplate getRestTemplate() {
CloseableHttpClient client = HttpClientBuilder.create().setDefaultCredentialsProvider(provider())
.useSystemProperties().build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactoryDigestAuth(
client);
return new RestTemplate(requestFactory);
}
private CredentialsProvider provider() {
CredentialsProvider provider = new BasicCredentialsProvider();
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("admin", "admin");
provider.setCredentials(AuthScope.ANY, credentials);
return provider;
}
}
RestTemplate restTemplate = new RestTempleteConfig().getRestTemplate();
String uri = "http://localhost:8080/login";
ResponseEntity<String> entity = restTemplate.exchange(uri, HttpMethod.GET, null, String.class);
System.out.println(entity.getBody());
RestTemplate RestTemplate=new restTemplateConfig().getRestTemplate();
字符串uri=”http://localhost:8080/login";
ResponseEntity=restemplate.exchange(uri,HttpMethod.GET,null,String.class);
System.out.println(entity.getBody());
spring securitydigest authenticationRestTemplate restTemplate = new RestTempleteConfig().getRestTemplate();
SockJsClient sockJsClient;
WebSocketStompClient stompClient;
List<Transport> transports = new ArrayList<>();
final WebSocketHttpHeaders headers = new WebSocketHttpHeaders();
StandardWebSocketClient websocketClient = new StandardWebSocketClient();
// add restTemplate first
transports.add(new RestTemplateXhrTransport(restTemplate));
transports.add(new WebSocketTransport(websocketClient));
sockJsClient = new SockJsClient(transports);
stompClient = new WebSocketStompClient(sockJsClient);
stompClient.setMessageConverter(new MappingJackson2MessageConverter());
RestTemplate RestTemplate=new restTemplateConfig().getRestTemplate();
SockJsClient-SockJsClient;
WebSocketStompClient stompClient;
List transports=new ArrayList();
最终WebSocketHttpHeaders标头=新WebSocketHttpHeaders();
StandardWebSocketClient websocketClient=新的StandardWebSocketClient();
//首先添加restTemplate
添加(新的RestTemplateXhrTransport(restTemplate));
添加(新的WebSocketTransport(websocketClient));
sockJsClient=新的sockJsClient(传输);
stompClient=新的WebSocketStompClient(sockJsClient);
setMessageConverter(新的MappingJackson2MessageConverter());
摘要在
rest模板中配置,我们需要做的是将其添加到传输列表中。您应该先添加rest模板
,然后再添加websocket
,因为这在创建sockJs
url时很重要。更多详细信息请参阅。您对摘要算法了解多少?这不仅仅是设置头。当客户端向服务器发送请求时,它将第一次收到401错误。然后,客户机可以从响应头获取realm和nonce以发送后续请求。我想如果我发送了正确的标题就可以了,但是很难得到当前的标题。但是用digest验证websocket的正确方法是什么?