AbstractSecurityWebSocketMessageBrokerConfigurer in method configureInbound dosen't work with keycloak token #1
Description
I implemented class below for websocket configure
@Configuration
@EnableWebSocketMessageBroker
public class WebSocketConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer {
@Override
public void registerStompEndpoints(StompEndpointRegistry registry) {
registry.addEndpoint("/notif");
registry.addEndpoint("/notif")
.setAllowedOrigins("*").withSockJS();
}
@Override
public void configureMessageBroker(MessageBrokerRegistry registry) {
registry.setApplicationDestinationPrefixes("/app");
registry.enableSimpleBroker("/topic");
}
@Override
protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
messages
.nullDestMatcher().authenticated()
.simpSubscribeDestMatchers("/user/queue/errors").permitAll()
.simpDestMatchers("/app/**").hasRole("users")
.simpSubscribeDestMatchers("/user/**").hasRole("users")
.simpTypeMatchers(SimpMessageType.MESSAGE, SimpMessageType.SUBSCRIBE).denyAll()
.anyMessage().permitAll();
}
@Override
public void configureClientOutboundChannel(ChannelRegistration registration) {
registration.interceptors(new UserInterceptor());
}
}
and using service base convertAndSendToUser and at front i imple like this
const ws = new SockJS(provider.environment.kanbanBoard.webSocket_base_url);
this.stompClient = Stomp.over(ws);
this.stompClient.connect(
{
Auchorization: 'bearer ' + token
},
() => {
this.stompClient.subscribe('/user/topic', message => {
this.onMessageReceived(message);
});
},
this.errorCallBack
);
in my opinion it should work but i receive
ERROR
message:Failed to send message to ExecutorSubscribableChannel[clientInboundChannel]; nested exception is org.springframework.security.web.csrf.MissingCsrfTokenException\c Could not verify the provided CSRF token because your session was not found
is it a bug in AbstractSecurityWebSocketMessageBrokerConfigurer>Interceptor or i have missconfiguration?