@Order(value=-2147483548) public abstract class AbstractSecurityWebSocketMessageBrokerConfigurer extends org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurer implements SmartInitializingSingleton
For example:
@Configuration
public class WebSocketSecurityConfig extends
AbstractSecurityWebSocketMessageBrokerConfigurer {
@Override
protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
messages.simpDestMatchers("/user/queue/errors").permitAll()
.simpDestMatchers("/admin/**").hasRole("ADMIN").anyMessage()
.authenticated();
}
}
| Constructor and Description |
|---|
AbstractSecurityWebSocketMessageBrokerConfigurer() |
| Modifier and Type | Method and Description |
|---|---|
void |
addArgumentResolvers(List<org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver> argumentResolvers) |
void |
afterSingletonsInstantiated() |
void |
configureClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration) |
protected void |
configureInbound(MessageSecurityMetadataSourceRegistry messages) |
org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor |
csrfChannelInterceptor() |
protected void |
customizeClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
Allows subclasses to customize the configuration of the
ChannelRegistration
. |
org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor |
inboundChannelSecurity() |
org.springframework.security.messaging.access.intercept.MessageSecurityMetadataSource |
inboundMessageSecurityMetadataSource() |
void |
registerStompEndpoints(org.springframework.web.socket.config.annotation.StompEndpointRegistry registry) |
protected boolean |
sameOriginDisabled()
Determines if a CSRF token is required for connecting.
|
org.springframework.security.messaging.context.SecurityContextChannelInterceptor |
securityContextChannelInterceptor() |
void |
setApplicationContext(ApplicationContext context) |
void |
setMessageExpessionHandler(List<org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.messaging.Message<Object>>> expressionHandlers) |
addReturnValueHandlers, configureClientOutboundChannel, configureMessageBroker, configureMessageConverters, configureWebSocketTransportpublic AbstractSecurityWebSocketMessageBrokerConfigurer()
public void registerStompEndpoints(org.springframework.web.socket.config.annotation.StompEndpointRegistry registry)
registerStompEndpoints in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurerpublic void addArgumentResolvers(List<org.springframework.messaging.handler.invocation.HandlerMethodArgumentResolver> argumentResolvers)
addArgumentResolvers in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigureraddArgumentResolvers in class org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurerpublic final void configureClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
configureClientInboundChannel in interface org.springframework.web.socket.config.annotation.WebSocketMessageBrokerConfigurerconfigureClientInboundChannel in class org.springframework.web.socket.config.annotation.AbstractWebSocketMessageBrokerConfigurerprotected boolean sameOriginDisabled()
Determines if a CSRF token is required for connecting. This protects against remote sites from connecting to the application and being able to read/write data over the connection. The default is false (the token is required).
Subclasses can override this method to disable CSRF protection
protected void customizeClientInboundChannel(org.springframework.messaging.simp.config.ChannelRegistration registration)
ChannelRegistration
.registration - the ChannelRegistration to customize@Bean public org.springframework.security.messaging.web.csrf.CsrfChannelInterceptor csrfChannelInterceptor()
@Bean public org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor inboundChannelSecurity()
@Bean public org.springframework.security.messaging.context.SecurityContextChannelInterceptor securityContextChannelInterceptor()
@Bean public org.springframework.security.messaging.access.intercept.MessageSecurityMetadataSource inboundMessageSecurityMetadataSource()
protected void configureInbound(MessageSecurityMetadataSourceRegistry messages)
messages - @Autowired public void setApplicationContext(ApplicationContext context)
@Autowired(required=false) public void setMessageExpessionHandler(List<org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.messaging.Message<Object>>> expressionHandlers)
public void afterSingletonsInstantiated()
afterSingletonsInstantiated in interface SmartInitializingSingleton