CODEWITHSUNDEEP
javaspringspring-bootwebsocketstomp
Roberto Graham
Roberto Graham

Reputation: 147

Spring Stomp SimpUserRegistry Anonymous Users

SimpUserRegistry lets you retrieve the details of all authenticated Stomp sessions, is there any such class that will let me iterate over anonymous user sessions?

Upvotes: 2

Views: 2169

Answers (2)

FlorianDe
FlorianDe

Reputation: 1242

Like howie described in his answer only non anonymous users will be added to the SimpUserRegistry.

But if you really want to add anonymous users also you just have to sub-class the DefaultHandshakeHandler class and override the determineUser method like stated in the Spring Doc for Version 5.1.5.RELEASE - Chapter 4.4.12. Authentication.

In some cases it may be useful to assign an identity to a WebSocket session even when the user has not been formally authenticated. For example, a mobile app might assign some identity to anonymous users, perhaps based on geographical location. The do that currently, an application can sub-class DefaultHandshakeHandler and override the determineUser method. The custom handshake handler can then be plugged in (see examples in Section 22.2.4, “Deployment Considerations”).

Here is an answer (Spring websockets without principal) which shows you how you can achieve to create an AnonymousPrincipal and determine it within the custom handshake handler.

And at last you have to add your an instance of your custom handshake handler to your registered endpoint but this is depending on whether you use STOMP or not.

Upvotes: 2

howie
howie

Reputation: 2695

Following are some of the code snippets from StompSubProtocolHandler - The handleMessageFromClient method adds the user to the stompAuthentications map and publishes a SessionConnectEvent event -

public void handleMessageFromClient(WebSocketSession session, WebSocketMessage<?> webSocketMessage, MessageChannel outputChannel) {
//...
SimpAttributesContextHolder.setAttributesFromMessage(message);
boolean sent = outputChannel.send(message);

if (sent) {
    if (isConnect) {
        Principal user = headerAccessor.getUser();
        if (user != null && user != session.getPrincipal()) {
            this.stompAuthentications.put(session.getId(), user);
        }else{
              //TODO try to handle here for anonymous user
        }
    }
    if (this.eventPublisher != null) {
        if (isConnect) {
            publishEvent(new SessionConnectEvent(this, message, getUser(session)));
        }
//...

I think you have to Check this socure code StompSubProtocolHandler, and customize it.

Upvotes: 0

Related Questions