I am developing a server with spring-messaging and STOMP over sockJs. I want to make authorization trhought websockets. So from client i did send some token, then i get needle user by token and i want to associate my session with this user, i did next:
private void authorizeUser(Profile profile) {
SignedUser signedUser = new SignedUser(profile);
List<GrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"));
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(signedUser, null, authorities);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
But session is not associated, can anyone help me with this issue?
Thanks.
Follow the below links. Spring Security 4.0 allows out of the box support for Web Socket.
https://spring.io/blog/2014/09/16/preview-spring-security-websocket-support-sessions
http://spring.io/blog/2014/08/21/preview-spring-security-websocket-support