Search code examples
javaspring-securitytomcat8wildfly-10atmosphere

Atmosphere not working with Wildfly 10 But same version of atmosphere working in Tomcat8

I have configured Atmosphere in my project which runs in spring - spring-security.

All the websocket calls to my @ManagedService classes are working fine.

But now I want to move to Wildfly 10 and when the same war is deployed, the atmosphere calls does not goes to my @ManagedService Class. It goes to my spring security filter.

My atmosphere version:

    <dependency>
        <groupId>org.atmosphere</groupId>
        <artifactId>atmosphere-runtime</artifactId>
        <version>2.4.12</version>
    </dependency>

Spring version: 4.3.6.RELEASE

Spring security : 4.2.1.RELEASE

This is my WepAppInitializer

    // Create the dispatcher servlet's Spring application context
AnnotationConfigWebApplicationContext dispatcherServlet = new AnnotationConfigWebApplicationContext();
dispatcherServlet.register(SpringMVCConfig.class);

// AtmosphereServlet atmosphereServlet = new AtmosphereServlet();
AtmosphereServlet atmosphereServlet = servletContext.createServlet(AtmosphereServlet.class);
ServletRegistration.Dynamic websocketServlet = servletContext.addServlet("websocketServlet", atmosphereServlet);
websocketServlet.setLoadOnStartup(0);
websocketServlet.setAsyncSupported(true);

Set<String> mappingConflicts = websocketServlet.addMapping("/subscribe/*");

// Register and map the dispatcher servlet
ServletRegistration.Dynamic dispatcher = servletContext.addServlet("dispatcher",
    new DispatcherServlet(dispatcherServlet));
dispatcher.setAsyncSupported(true);
dispatcher.setLoadOnStartup(1);
dispatcher.addMapping("/");
mappingConflicts = dispatcher.addMapping("/");
if (!mappingConflicts.isEmpty()) {
    throw new IllegalStateException("'appServlet' cannot be mapped to '/'");
}
AtmosphereFramework framework = atmosphereServlet.framework();
broadcasterFactory = framework.getBroadcasterFactory();

Below is my Spring security snippet:

 @Override
protected void configure(HttpSecurity http) throws Exception {

http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
    .authorizeRequests()

    ...
    My ant matchers...
    ...

    // All other request need to be authenticated
    .anyRequest().authenticated()
    // Custom Token based authentication based on the header
    // previously given to the client
    .and().addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class).logout()
    .logoutUrl("/logout").disable().exceptionHandling().accessDeniedPage("/accessDenied");

}

Problem: In wildfly, all my websocket calls are going to the authentication filter and not the @ManagedService classes

Anything specific that I am missing that has to be done for wildfly?

Solution

  • Finally I understood the issue. In wildfly strangely, the websocket calls also go through the authentication filter whereas in Tomcat, the websocket calls are directly bypassed to @ManagedService Classes.

    So I just added a ignore antMatcher for my atmosphere url.

    @Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(REQUEST_MAPPING_AUTHENTICATEUSER).antMatchers("/heartBeat")
    .antMatchers("/subscribe/**");
}

    This resolved my issue.