-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spring boot security #494
Comments
Please check https://github.com/stomp-js/ng2-stompjs#delayed-initialization - using |
@kum-deepak Thank you sir, it worked for me :) |
What did you used for it? I am having same requirement. |
I need to send something like this Authentication : 'Bearer ' + token with the headers |
Totally do-able. When configuring the connection do the following
|
My application App module structure looks like this. How should I use the code you sent me over here? |
First export your config constant so that it's useable in this file. I would break it out into it's own file if I were you. For a basic example, let's use it in a Component:
You can do the subscribing and unsubscribing in a couple of different ways. I used a variable that will have its subscription handled by the async pipe. But this should give you what you're looking for. Edited to add call to activate the rxStompService |
There is no way to add headers to the underlying HTTP request for the WebSocket. The WebSocket standards has no mechanism for that. The code above will add the header to the STOMP CONNECT frame; which can be used by the broker. |
Is there any way by which I can send the authentication token along with the it? |
One thing that confused the crap out of me when I was learning websocket communication is that. STOMP Headers are not the same a as HTTP headers. SOMP headers are sent in STOMP communication which happens post-handshake. The way that Stomp-based communication works is that first there is an HTTP Get made with an "upgrade to 1.1" header which tells the server to upgrade this communication from HTTP to websocket. This is the "handshake" process. During this process you do not need CSRF tokens. CSRF is only used for state-altering calls (such as POST, PUT, DELETE....or in stomps case "outbound" communication like the .publish() function). So in the handshake call that you sent in that last image, you don't actually need to send the token in the header After handshake is successfully completed, there is an open communication between the client and server. You should be sending the token in the STOMP headers. To view the STOMP headers (which should include the token) that you are sending I would use the other kind of config I would advise using a InjectableRxStompConfig instead of a StompConfig. The reason is that ng2-stomps "debug" callback (which is only available when using a InjectableRxStompConfig) will show you what STOMP headers you are sending in the CONNECT frame. |
If you really would like to send an authentication token along with the Handshake call, then put it in a cookie. All cookies are sent as headers for all HTTP outbound traffic. |
The server denies the Handshake itself without the Authentication token. I was too thinking about the cookie way as last thing but I believe that's the only option now. Thank you for your support @Oddisey and @kum-deepak for your valuable time. |
Not a problem. Yeah in that case, when you're doing your authentication communication (like a login request) the response should send back a SET-COOKIE header with a value of the cookie that you would like to set. This is usually called a SESSION_ID or Session cookie as it is a persistent token that shows that you are who you say you are because you got that cookie after authentication. |
In my angular application whenever it is loaded for the first time. It redirects to the
login.component
where user logs in with email and password. Now login component is a child component ofapp.component
. Inlogin.component
I use to send the email and password to the server and get back the authorization token for the session which is I am storingit in thesessionStorage
and then it redirects to thedashboard.component
where I actually want to use websocket connection. I have gone through your ng5 example ofstomp-js
where you have configured thesock
andstomp
in theapp.module.ts
. Now my question is, how to pass the authorization token with the headers while configuring the stomp.Is there any way to set the headers when I receive the auth token in the
login.component
and then configure the stomp?The text was updated successfully, but these errors were encountered: