Search code examples
spring-bootspring-securityspring-websocket

Spring websocket jwt authentication

I need to add jwt authentication. I have jwt generate and validate class. I don't know how to add it in websocket. I think spring must check jwt token at the begining of the connection

Serverendpoint class

@Component
@ServerEndpoint(value = "/user", 
encoders = { MessageEncoder.class }, 
decoders = { MessageDecoder.class }
)
public class ChatEndpoint implements Serializable {
    

    @OnOpen
    public void OnOpen (Session session) throws IOException {
        
    }

    @OnMessage
    public void onMessage(Session session, Message message) throws IOException, EncodeException {

    }

    @OnClose
    public void onClose(Session session) throws IOException, EncodeException {

    }

    @OnError
    public void onError(Session session, Throwable throwable) {
        // Do error handling here
        System.out.println(throwable);
    }
    
    public static void broadcast(Message message) throws IOException {

    }
    private void sendMessage(Message message) throws IOException {
        
    }

}

starter class

@ServletComponentScan
@SpringBootApplication
public class WebsocketdemoApplication {

    public static void main(String[] args) {
        SpringApplication app = new SpringApplication(WebsocketdemoApplication.class);
        app.run(args);

    }

}

config class

@Configuration
    public class WebSocketConfig {
    
        @Bean
        public ServerEndpointExporter endpointExporter(){
            return new ServerEndpointExporter();
        }
    }

My pom.xml

<dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-websocket</artifactId>
        <version>2.4.3</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
        <version>2.4.3</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter</artifactId>
        <version>2.4.3</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/org.springframework/spring-core -->
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-core</artifactId>
        <version>5.3.4</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot</artifactId>
        <version>2.4.3</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-autoconfigure</artifactId>
        <version>2.4.3</version>
    </dependency>

I hope someone can help me. I coudnt any think about it. Everyone using stomp but I am not using it so that is weired

Solution

  • problem is filterin after add filter i can arrange jwt security

       @WebFilter("/user")
public class AccessTokenFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, 
            FilterChain filterChain) throws IOException, ServletException {

        // jwt auth


    }
}