Reputation: 145
How to turn off authentication for websockets in Spring Security?
I've got a Java EE application which uses Spring Security for authentication (configured with Java config). The same application contains a websocket server implemented with javax.websocket package.
My question is how to turn off Spring Security authentication for any incoming websocket connections without turning off HTTP authentication?
Upvotes: 2
Views: 3172
Answers (1)
Reputation: 24580
You can have all requests matching a particular pattern bypass the security filter. For example, if your WS endpoint is
/websocket you can add this to your configuration:
<http pattern="/websocket/**" security="none" />
I don't like to configure Spring programmatically so I don't know how this is done with Java code, but after a 10,000 feet look at the classes I think it's maybe done with a WebSecurity + WebSecurityConfigurerAdapter setup.
Upvotes: 2
Related Questions
- Spring-websockets : Spring security authorization not working inside websockets
- Websocket Authentication and Authorization in Spring
- WebSocket Security Java Config
- How to add security for spring 5 websockets
- Spring websocket authentication with spring security: 401 error
- Spring Websockets Authentication with Spring Security and Keycloak
- SpringMVC Websockets Messaging User Authentication with Spring Security
- Spring Websocket Security throwing AccessDeniedException
- Modify Spring Security Config at Runtime
- Ignore WebSocket connection in Spring Security SavedRequest