How can I send token with httpOnly through STOMP webSocket?

[ghkdqhrbals]

1. In chat room, user send message through STOMP protocol websocket.
2. At message handler @MessageMapping(value = "/chat/message"), Front-server request to Chat-server for storing a chat message.
3. Chat-server needs cookie for acknowledging a user's identification. But Front-server cannot send cookie to Chat-server beacuse of httpOnly=true

As far as I know, httpOnly=true repeatedly means sending cookies only with http protocol. It is never included because the message is sent via ws://....

So my question is

• How can I deliver all the way through Front-server, backend-server using STOMP when token cookie's httpOnly is true?

[ghkdqhrbals]

• Use webSocket session

1. At the very first websocket handshake, normally request first with the http protocol.

2. beforeHandshake runs in first request as interceptor and gets Token from cookie, maps it to websocket session. So from now, all packets will be send with session.

@Slf4j
@Configuration
@AllArgsConstructor
@EnableWebSocketMessageBroker
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer  {
    ...
    @Override
    public void registerStompEndpoints(StompEndpointRegistry registry) {
        registry.addEndpoint("/stomp/chat")
            .addInterceptors(new HttpSessionHandshakeInterceptor() {
                @Override
                public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response,
                    WebSocketHandler wsHandler, Map<String, Object> attributes) throws Exception {
                    // read JWT from Cookie, and add it to WebSocket session
                    HttpServletRequest httpServletRequest = ((ServletServerHttpRequest) request).getServletRequest();
                    Cookie[] cookies = httpServletRequest.getCookies();
    
                    if (cookies != null) {
                        for (Cookie cookie : cookies) {
                            if (cookie.getName().equals("refreshToken")) {
                                log.info("refreshToken: {}", cookie.getValue());
                                attributes.put("refreshToken", cookie.getValue());
                            } else if (cookie.getName().equals("accessToken")) {
                                log.info("accessToken: {}", cookie.getValue());
                                attributes.put("accessToken", cookie.getValue());
                            }
                        }
                    }
                    return super.beforeHandshake(request, response, wsHandler, attributes);
                }
    
                @Override
                public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response,
                    WebSocketHandler wsHandler, Exception ex) {
                    super.afterHandshake(request, response, wsHandler, ex);
                }
            })
                .setAllowedOrigins("http://localhost:8080")
                .withSockJS();
    }
}