SEC-3006: Allow programmatically login using STOMP messaging

[spring-projects-issues]

Alex (Migrated from SEC-3006) said:

Currently it's not possible to authenticate a user inside a @MessageMapping method.

I suppose the problem is that if in the body of the method we manually call SimpMessageHeaderAccessor.setUser(...) then the user destination changes and he stops receiving messages sent to the queues it was subscribed to.

If there are no workaround for this, a clean solution would be welcome.

[spring-projects-issues]

Alex said:

Related stackexchange question: https://stackoverflow.com/questions/30897684/manually-setting-authenticated-user-on-a-websocket-session-using-spring-security

[spring-projects-issues]

Alex said:

A workaround for the time being would be very, very appreciated :)

[spring-projects-issues]

ricardo paiva said:

+1

[spring-projects-issues]

Victor Velasquez said:

Any Workaround?

[spring-projects-issues]

Alex said:

Another typical use case for this is the usage of the services exposed on the websocket via a nodejs application: since the client has no way (nor any need) to authenticate on the web site where the websocket is exposed, it has to login via stomp.

[spring-projects-issues]

Dinesh Shende said:

Any workaround?

[spring-projects-issues]

Alex said:

I've found none so far :(

[spring-projects-issues]

Dinesh Shende said:

Is there chance, it will be solved by spring team as it is show stopper for my project .

[spring-projects-issues]

Alex said:

It's a showstopper also for everybody that wants to expose services via a websocket where the clients are not using web: e.g. native apps.

Try to find someone interested in the subject that votes this bug, and let's hope that the developers will notice :)

[spring-projects-issues]

ssslokesh005 said:

ok, i will check it once....
websphere Online Training