I'm trying to learn more about Spring-Websocket in combination with Spring-Security and was trying out the examples from the Spring Documentation.
After creating my class WebSecurityConfig and extending from AbstractWebSocketMessageBrokerConfigurer I was informed that AbstractWebSocketMessageBrokerConfigurer is deprecated.
I tried to find out if there is an alternative to use Spring-Security with Spring-Websocket but couldn't find something on that.
So, my question is should I still use AbstractWebSocketMessageBrokerConfigurer or is there an alternative way to combine Spring-Security with Spring-Websocket?
This is the example I implemented to my test project. It seems to working thine, but shouldn't be there an alternative from Spring before making AbstractWebSocketMessageBrokerConfigurer deprecated?
@Configuration
public class WebSocketSecurityConfig extends AbstractWebSocketMessageBrokerConfigurer {
protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
messages.simpDestMatchers("/user/*").authenticated();
}
}
Please, read JavaDocs of that deprecated class:
* @deprecated as of 5.0 in favor of simply using {@link WebSocketMessageBrokerConfigurer}
* which has default methods, made possible by a Java 8 baseline.
*/
@Deprecated
public abstract class AbstractWebSocketMessageBrokerConfigurer implements WebSocketMessageBrokerConfigurer {