在我的应用程序中,我需要使用websocket。我遵循这个例子,所以在我的wicket应用程序中,我得到了:
@Bean
public FilterRegistrationBean wicketFilter() {
final FilterRegistrationBean wicketFilter = new FilterRegistrationBean();
wicketFilter.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.ERROR, DispatcherType.FORWARD,
DispatcherType.ASYNC);
wicketFilter.setAsyncSupported(true);
wicketFilter.setFilter(new JavaxWebSocketFilter());
wicketFilter.addInitParameter(WicketFilter.APP_FACT_PARAM, SpringWebApplicationFactory.class.getName());
wicketFilter.addInitParameter(WicketFilter.FILTER_MAPPING_PARAM, "/*");
wicketFilter.addUrlPatterns("/*");
return wicketFilter;
}
@Bean
public WicketServerEndpointConfig wicketServerEndpointConfig() {
return new WicketServerEndpointConfig();
}
在页面中我添加了行为:
private void addWebSocketUpdating() {
add(new WebSocketBehavior() {
private static final long serialVersionUID = 1L;
@Override
protected void onConnect(ConnectedMessage message) {
super.onConnect(message);
webSocketService.addClient(message);
}
@Override
protected void onPush(WebSocketRequestHandler handler, IWebSocketPushMessage message) {
super.onPush(handler, message);
if (message instanceof WSMessage) {
WSMessage msg = (WSMessage) message;
if (msg.isAdd()) {
model.getObject().getPickupFindingParticipants().add(msg.getParticipant());
} else if (msg.isDelete()) {
model.getObject().getPickupFindingParticipants().remove(msg.getParticipant());
}
}
handler.add(PickupFindPage.this);
}
});
}
添加逻辑
public void addParticipant(PickupParticipantDto participant) {
if (null != broadcaster) {
WSMessage message = new WSMessage(participant);
message.setAdd(true);
broadcaster.broadcastAll(connections.listIterator().next().getApplication(), message);
} else {
throw new RuntimeException("WebSockets can not send message");
}
}
但当页面应该刷新时,我在日志中收到警告:
2021-11-25 00:23:55.635 [Wicket-WebSocket-HttpRequest-Thread-1] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener Possible CSRF attack, request URL: ws://localhost:7002/wicket/websocket?pageId=5&wicket-ajax-baseurl=pickup%2F19%2Ffind%3F5&wicket-app-name=javaxWebSocketFilter, Origin: null, action: allowed
2021-11-25 00:23:55.635 [Wicket-WebSocket-HttpRequest-Thread-1] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener Possible CSRF attack, request URL: ws://localhost:7002/wicket/websocket?pageId=5&wicket-ajax-baseurl=pickup%2F19%2Ffind%3F5&wicket-app-name=javaxWebSocketFilter, Origin: null, action: allowed
2021-11-25 00:23:55.635 [Wicket-WebSocket-HttpRequest-Thread-0] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener Possible CSRF attack, request URL: ws://localhost:7002/wicket/websocket?pageId=7&wicket-ajax-baseurl=pickup%2F19%2Ffind%3F7&wicket-app-name=javaxWebSocketFilter, Origin: null, action: allowed
2021-11-25 00:23:55.635 [Wicket-WebSocket-HttpRequest-Thread-0] INFO o.a.w.p.h.CsrfPreventionRequestCycleListener Possible CSRF attack, request URL: ws://localhost:7002/wicket/websocket?pageId=7&wicket-ajax-baseurl=pickup%2F19%2Ffind%3F7&wicket-app-name=javaxWebSocketFilter, Origin: null, action: allowed
2021-11-25 00:23:55.635 [Wicket-WebSocket-HttpRequest-Thread-1] WARN o.a.wicket.page.PartialPageUpdate Component '[Page class = org.tomass.dota.rattlebot.web.pages.tournament.pickup.PickupFindPage, id = 5, render count = 1]' not rendered because it was already removed from page
2021-11-25 00:23:55.635 [Wicket-WebSocket-HttpRequest-Thread-0] WARN o.a.wicket.page.PartialPageUpdate Component '[Page class = org.tomass.dota.rattlebot.web.pages.tournament.pickup.PickupFindPage, id = 7, render count = 1]' not rendered because it was already removed from page
并建议我做错了什么?
您应该在YourApplication#init((中使用WebSocketAwareCsrfPreventionRequestCycleListener而不是CsrfPreventionRequestCycleListener。
请参阅https://github.com/apache/wicket/blob/3a74b2dc9fd51692faf146f68e215670f994b5ae/wicket-native-websocket/wicket-native-websocket-core/src/main/java/org/apache/wicket/protocol/ws/WebSocketAwareCsrfPreventionRequestCycleListener.java#L24-L31