Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve documentation on the use of login/passcode headers for STOMP clients [SPR-11436] #16062

Closed
spring-projects-issues opened this issue Feb 17, 2014 · 3 comments
Assignees
Labels
in: web type: documentation
Milestone

Comments

@spring-projects-issues
Copy link
Collaborator

@spring-projects-issues spring-projects-issues commented Feb 17, 2014

Prashant Deva opened SPR-11436 and commented

All the documentation for spring websockets, including the guide here (http://spring.io/guides/gs/messaging-stomp-websocket/) , show client side code example as:

function connect() {
            var socket = new SockJS('/hello');
            stompClient = Stomp.over(socket);
            stompClient.connect('', '', function(frame) {
      
            });
        }

This is incorrect.
stompClient.connect needs a username and password in the first 2 arguments.

Running the stompClient passing in '' to the connect() method as shown in the examples, results in an error:


Web Socket Opened... stomp.min.js:8
>>> CONNECT
login:
passcode:
accept-version:1.1,1.0
heart-beat:10000,10000

 stomp.min.js:8
<<< ERROR
message:Illegal header\c 'login\c'. A header must be of the form <name>\c<value>
content-length:0

It even leads to this server side exception:

17:05:32,369 ERROR http-bio-8080-exec-9 messaging.StompSubProtocolHandler:118 - Failed to parse WebSocket message as STOMP frame
org.springframework.messaging.simp.stomp.StompConversionException: Illegal header: 'login:'. A header must be of the form <name>:<value>
	at org.springframework.messaging.simp.stomp.StompDecoder.readHeaders(StompDecoder.java:129)
	at org.springframework.messaging.simp.stomp.StompDecoder.decode(StompDecoder.java:69)
	at org.springframework.web.socket.messaging.StompSubProtocolHandler.handleMessageFromClient(StompSubProtocolHandler.java:108)
	at org.springframework.web.socket.messaging.SubProtocolWebSocketHandler.handleMessage(SubProtocolWebSocketHandler.java:233)
	at org.springframework.web.socket.handler.WebSocketHandlerDecorator.handleMessage(WebSocketHandlerDecorator.java:59)
	at org.springframework.web.socket.handler.LoggingWebSocketHandlerDecorator.handleMessage(LoggingWebSocketHandlerDecorator.java:55)
	at org.springframework.web.socket.handler.ExceptionWebSocketHandlerDecorator.handleMessage(ExceptionWebSocketHandlerDecorator.java:69)
	at org.springframework.web.socket.sockjs.transport.session.AbstractSockJsSession.delegateMessages(AbstractSockJsSession.java:153)
	at org.springframework.web.socket.sockjs.transport.session.WebSocketServerSockJsSession.handleMessage(WebSocketServerSockJsSession.java:154)
	at org.springframework.web.socket.sockjs.transport.handler.SockJsWebSocketHandler.handleTextMessage(SockJsWebSocketHandler.java:77)
	at org.springframework.web.socket.handler.AbstractWebSocketHandler.handleMessage(AbstractWebSocketHandler.java:43)
	at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter.handleTextMessage(StandardWebSocketHandlerAdapter.java:112)
	at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter.access$000(StandardWebSocketHandlerAdapter.java:42)
	at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter$3.onMessage(StandardWebSocketHandlerAdapter.java:82)
	at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter$3.onMessage(StandardWebSocketHandlerAdapter.java:79)
	at org.apache.tomcat.websocket.WsFrameBase.sendMessageText(WsFrameBase.java:376)
	at org.apache.tomcat.websocket.WsFrameBase.processDataText(WsFrameBase.java:474)
	at org.apache.tomcat.websocket.WsFrameBase.processData(WsFrameBase.java:275)
	at org.apache.tomcat.websocket.WsFrameBase.processInputBuffer(WsFrameBase.java:116)
	at org.apache.tomcat.websocket.server.WsFrameServer.onDataAvailable(WsFrameServer.java:54)
	at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler$WsReadListener.onDataAvailable(WsHttpUpgradeHandler.java:194)
	at org.apache.coyote.http11.upgrade.AbstractServletInputStream.onDataAvailable(AbstractServletInputStream.java:189)
	at org.apache.coyote.http11.upgrade.AbstractProcessor.upgradeDispatch(AbstractProcessor.java:92)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:605)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:744)

One needs to pass the actual user/password to the messaging queue as described in #16061 which leads to a huge security issue


Affects: 4.0.1

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Feb 18, 2014

Rossen Stoyanchev commented

The Spring Framework reference documentation does not have any examples of connecting, so I am going to close this ticket. I have opened one against the guide you referenced. See spring-guides/gs-messaging-stomp-websocket#10.

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Feb 18, 2014

Rossen Stoyanchev commented

I'm re-opening and turning into a documentation improvement for 4.0.3. We need to provide more detail on the use of the login/passcode headers in the STOMP CONNECT frame.

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Feb 25, 2014

Rossen Stoyanchev commented

Both the spring.io guide and the Spring Framework reference have been updated with commits 32ffbfa61aec7dfa8a486dc8ca8be9b93604c0fa and 651e0a44fba387b2c86f7d59a19c2ce567323c10.

@spring-projects-issues spring-projects-issues added type: documentation in: web labels Jan 11, 2019
@spring-projects-issues spring-projects-issues added this to the 4.0.3 milestone Jan 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: web type: documentation
Projects
None yet
Development

No branches or pull requests

2 participants