Websocket in Spring Boot app - get 403 Forbidden
我可以使用sockjs/stompjs从客户端连接到websocket,当我在eclipse中运行这个(没有spring启动)。
但是当我为websocket代码创建一个Spring启动jar(gradlew构建)并运行java -jar websocket-code.jar时,我得到一个403错误连接到websocket。
我没有websockets的身份验证。我有一个CORS过滤器,并认为在请求/响应中有所有标题。
下面是build.gradle
apply plugin: 'java'
apply plugin: 'spring-boot'
apply plugin: 'war'
sourceCompatibility = 1.7
version = '1.0'
repositories {
mavenCentral()
}
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:1.2.5.RELEASE")
}
}
configurations {
compile.exclude module: "spring-boot-starter-tomcat"
}
dependencies {
compile "org.springframework:spring-web:$spring_version"
compile "org.springframework:spring-webmvc:$spring_version"
compile "org.springframework:spring-websocket:$spring_version"
compile "org.springframework:spring-messaging:$spring_version"
compile "org.springframework.boot:spring-boot-starter-websocket"
compile "org.springframework.boot:spring-boot-starter-web"
compile "com.fasterxml.jackson.core:jackson-databind:2.6.2"
compile "com.fasterxml.jackson.core:jackson-core:2.6.2"
compile "com.fasterxml.jackson.core:jackson-annotations:2.6.2"
compile "org.springframework.amqp:spring-rabbit:1.3.5.RELEASE"
compile("org.springframework:spring-tx")
compile("org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE")
compile("org.springframework.boot:spring-boot-starter-jetty:1.2.6.RELEASE")
testCompile group: 'junit', name: 'junit', version: '4.11'
testCompile "org.springframework:spring-test:$spring_version"
}
task wrapper(type: Wrapper) {
gradleVersion = '2.5'
}
添加了CORS过滤器响应。setHeader("Access-Control-Allow-Origin"、"http://localhost: 8089"),
客户端firebug
Request Headers
Origin
http://localhost:8089
Response Headers
Access-Control-Allow-Origin
http://localhost:8089
Server Logs
2015-10-02 16:57:31.372 DEBUG 1848 --- [qtp374030679-14] o.s.w.s.s.t.h.DefaultSockJsService : Request rejected, Origin header value http://localhost:8089 not allowed
我请求的原点在允许原点列表中。日志中仍然收到请求被拒绝的消息
我有一个类似的问题,并在WebSocketConfig中通过设置允许的起源为"*"来修复它。
@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
// the endpoint for websocket connections
registry.addEndpoint("/stomp").setAllowedOrigins("*").withSockJS();
}
// remaining config not shown as not relevant
}
尝试添加
registry.addEndpoint("/your-end-point").setAllowedOrigins("*").withSockJS();
"your-end-point"是由@SendTo在控制器中注册的
我的两个环境的不同之处在于jar的版本。
spring-boot-starter-websocket-1.2.5.RELEASE.jar
spring-websocket-4.1.7.RELEASE.jar
因为spring-boot-starter-websocket在打包时依赖于spring-websocket-4.1.7。尽管spring_version是spring_version=4.0.6.RELEASE.
修改了构建中的依赖项。修复问题的Gradle .
compile "org.springframework.boot:spring-boot-starter-websocket:1.1.0.RELEASE"
我认为在最新版本的spring-websocket jar类stompwebsocketendpoinregistrationsetallowedorigins方法必须使用。我还没试过。
但是使用
的CORS过滤器response.setHeader("Access-Control-Allow-Origin", "http://localhost:8089");
使用旧版本
作为参考,较新的spring版本需要不同的方法:
registry.addEndpoint("/websocket-connection").setAllowedOriginPatterns("*").withSockJS();