我刚刚在我的java ee jax-rs应用程序中添加了一个Websocket端点。在Jax-Rs端点中,它可以通过SecurityContext访问用户的角色。
但是在websocket中我不能注入上下文的东西。那么如何知道试图打开websocket会话的用户的角色呢?
为此,您必须修改Websocket握手。你可以这样做:
1)修改你的websocket端点使用自定义配置
@ServerEndpoint(value = "/someWSEndpoint", configurator = SomeCustomConfigurationClass.class)
public class SomeWSService {
...
}
2)修改WS握手类似于
public class SomeCustomConfigurationClass extends ServerEndpointConfig.Configurator {
@Override
public void modifyHandshake(ServerEndpointConfig config,
HandshakeRequest request,
HandshakeResponse response) {
config.getUserProperties().put("UserPrincipal",request.getUserPrincipal());
config.getUserProperties().put("userInRole", request.isUserInRole("someRole"));
}
}
@OnOpen
public void onOpen(final Session session, EndpointConfig config) {
Principal userPrincipal = (Principal) config.getUserProperties().get("UserPrincipal");
Boolean userInRole = (Boolean) config.getUserProperties().get("userInRole");
//do what ever you like with it
}