Java Spring Boot 应用程序中的 Websocket - 禁止获取 403
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/32874421/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Websocket in Spring Boot app - Getting 403 Forbidden
提问by user3755282
Websocket in Spring Boot app - Getting 403 Forbidden
Spring Boot 应用程序中的 Websocket - 禁止获取 403
I can connect to the websocket from client using sockjs/stompjs when I run this in eclipse (no spring boot).
当我在 eclipse 中运行它时,我可以使用 sockjs/stompjs 从客户端连接到 websocket(没有 spring boot)。
But when I create a Spring boot jar(gradlew build) for the websocket code and run the java -jar websocket-code.jar I get a 403 error connecting to the websocket.
但是当我为 websocket 代码创建一个 Spring boot jar(gradlew build) 并运行 java -jar websocket-code.jar 时,我收到连接到 websocket 的 403 错误。
I have no authentication for the websockets. I have a CORS filters and think have all headers right in request/response.
我没有对 websockets 的身份验证。我有一个 CORS 过滤器,并认为请求/响应中的所有标头都正确。
Below is my build.gradle
下面是我的 build.gradle
apply plugin: 'java'
apply plugin: 'spring-boot'
apply plugin: 'war'
sourceCompatibility = 1.7
version = '1.0'
repositories {
mavenCentral()
}
buildscript {
repositories {
mavenCentral()
}
dependencies {
classpath("org.springframework.boot:spring-boot-gradle-plugin:1.2.5.RELEASE")
}
}
configurations {
compile.exclude module: "spring-boot-starter-tomcat"
}
dependencies {
compile "org.springframework:spring-web:$spring_version"
compile "org.springframework:spring-webmvc:$spring_version"
compile "org.springframework:spring-websocket:$spring_version"
compile "org.springframework:spring-messaging:$spring_version"
compile "org.springframework.boot:spring-boot-starter-websocket"
compile "org.springframework.boot:spring-boot-starter-web"
compile "com.fasterxml.Hymanson.core:Hymanson-databind:2.6.2"
compile "com.fasterxml.Hymanson.core:Hymanson-core:2.6.2"
compile "com.fasterxml.Hymanson.core:Hymanson-annotations:2.6.2"
compile "org.springframework.amqp:spring-rabbit:1.3.5.RELEASE"
compile("org.springframework:spring-tx")
compile("org.springframework.boot:spring-boot-starter-web:1.2.6.RELEASE")
compile("org.springframework.boot:spring-boot-starter-jetty:1.2.6.RELEASE")
testCompile group: 'junit', name: 'junit', version: '4.11'
testCompile "org.springframework:spring-test:$spring_version"
}
task wrapper(type: Wrapper) {
gradleVersion = '2.5'
}
Update:
更新:
Added a CORS filter with response.setHeader("Access-Control-Allow-Origin", "http://localhost:8089");
添加了一个带有 response.setHeader("Access-Control-Allow-Origin", " http://localhost:8089");的 CORS 过滤器;
In firebug on Client side
在客户端的萤火虫中
Request Headers
Origin
http://localhost:8089
Response Headers
Access-Control-Allow-Origin
http://localhost:8089
Server Logs
2015-10-02 16:57:31.372 DEBUG 1848 --- [qtp374030679-14] o.s.w.s.s.t.h.DefaultSockJsService : Request rejected, Origin header value http://localhost:8089 not allowed
Origin I am requesting from is in the Allow-origin list. Still getting Request Rejected message in the logs.
我请求的来源在允许来源列表中。仍然在日志中收到请求被拒绝的消息。
采纳答案by user3755282
Difference between my 2 environment was the version of jars.
我的 2 个环境之间的区别是 jars 的版本。
spring-boot-starter-websocket-1.2.5.RELEASE.jar
spring-websocket-4.1.7.RELEASE.jar
Because of the spring-boot-starter-websocket dependency while packaging it was picking up spring-websocket-4.1.7.RELEASE inspite of the spring_version being spring_version=4.0.6.RELEASE.
由于 spring-boot-starter-websocket 在打包时依赖 spring-websocket-4.1.7.RELEASE,尽管 spring_version 是 spring_version=4.0.6.RELEASE。
Modified the dependency in build.gradle that fixed the problem.
修改了 build.gradle 中的依赖项以解决问题。
compile "org.springframework.boot:spring-boot-starter-websocket:1.1.0.RELEASE"
I think in latest version of spring-websocket jar the class StompWebSocketEndpointRegistration has setAllowedOrigins method that has to be used.Have not tried this.
我认为在最新版本的 spring-websocket jar 中,类 StompWebSocketEndpointRegistration 具有必须使用的 setAllowedOrigins 方法。还没有尝试过。
But CORS filter with
但是 CORS 过滤器
response.setHeader("Access-Control-Allow-Origin", "http://localhost:8089");
is working with older version.
正在使用旧版本。
回答by Dustin Shimono
I had a similar issue and fixed it in the WebSocketConfig by setting the allowed origins to "*".
我有一个类似的问题,并通过将允许的来源设置为“*”在 WebSocketConfig 中修复了它。
@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractWebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
// the endpoint for websocket connections
registry.addEndpoint("/stomp").setAllowedOrigins("*").withSockJS();
}
// remaining config not shown as not relevant
}
回答by Long Do Thanh
try to add
尝试添加
registry.addEndpoint("/your-end-point").setAllowedOrigins("*").withSockJS();
"your-end-point" is registered by @SendTo in controller I guess
“你的终点”是由@SendTo 在控制器中注册的,我猜
