Can you please provide the example on how to use authorization?

[michalig]

Hi,

I'm trying to send message to a single user (with convertAndSendToUser) and I'm not sure how to do it properly... I'm trying with STOMP authentication - by overriding configureClientInboundChannel in AbstractWebSocketMessageBrokerConfigurer with:

@Override
    public void configureClientInboundChannel(ChannelRegistration registration) {
        registration.setInterceptors(new ChannelInterceptorAdapter() {
            @Override
            public Message<?> preSend(Message<?> message, MessageChannel channel) {
                StompHeaderAccessor accessor =
                        MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
                if (StompCommand.CONNECT.equals(accessor.getCommand())) {
                    Principal userDetails = new UserDetails("userId#1");
                    accessor.setUser(userDetails);
                }
                return message;
            }
        });
    }

But I'm still getting no Principal object in ProxyWebSocketConnectionManager#handleFrame

Any clues?

Cheers,
Michal

[woostju]

Need to pass the Principal from zuul to backend microservice.
put the sessionid into headers in method ProxyWebSocketConnectionManager#buildWebSocketHttpHeaders.
Then in backend microservice HandshakeInterceptor, get the session id thru servletRequest.getServletRequest().getHeader("session_id"), and set this session id as Principal.

Also use this session id as principal at zuul side, with HandshakeHandler.