Can you help me to make clear one thing about WebSockets and Spring Security auth? I have an js client with websocket connection. When I load it for first time the user is unautharized and my spring server returns undefined in frame.headers['user-name'] after websocket connect. Is it correct to make websocket reconnect on client side when user performs login/logout operations in sence to make websocket messaging authorized? The one thing is that after every connect client make some subscriptions and it sounds not good to make connect/disconnect and make new subcriptions every time. I hope you will help me and my question is clear. Sorry for my English. Thank you in advance.
Related
I have a process that runs in California that wants to talk to a process in New York, using Stomp over Websockets.
Also note that my process is not a web app, but I implemented a stomp over websocket client in C++, in order to connect things up to my backend. Maybe this was or wasn't a good idea. So, I want my client to talk to the server and subscribe, where their client pushed messages.
I was implementing my own server when I saw that ApacheMQ supported Stomp over Websockets. So, I started reading the docs.
It says with the last line under 'configuration' at
http://activemq.apache.org/websockets :
One thing worth noting is that web sockets (just as Ajax) implements ? > the same origin policy, so you can access only brokers running on the > same host as the web application running the client.
it says it again in several related searches such as http://sensatic.net/activemq/activemq-54-stomp-over-web-sockets.html
Is this a limitation of the server or the web client?
With that limitation, if I understand right, the server is not going to accept websocket connections from a client, of any kind, that is not on the same machine?
I am not sure I see the point of that...
If that is indeed its meaning, then how do I get around it in order to implement my scenario?
I've not found that bit of documentation you are referring to but from what I know of the STOMP implementation on the broker this seems incorrect. There shouldn't be any limit to the transport connector accepting connect requests from an outside host by default and I don't think the browser treats the websocket requests the same as it does other things like an Ajax case in terms of the same origin policy.
This probably a case that is best checked by actually trying it to see if it works, I've connected just fine from outside the same host using AMQP over websockets on ActiveMQ so I'd guess the STOMP stack should also work fine.
I am a beginner in web and server side development and have just read about Ajax. It is used on client side to access any resource over the internet.
But I am thinking of some utility on the server side as ajax so that server is able to send request to the client and client responds to the request.
Do you people know how to achieve this? Basically what I want to achieve is that I have a server which sends the curent server time to the connected client each second.
Thank you!
This can be achieved with websockets.
In .NET we use SignalR to achieve what you need. Server sends a message and client replies to it. This is pubsub scenario.
https://hackernoon.com/create-your-own-pubsub-client-server-use-websocket-65dd1820e997
I have one api for stock trade.
this is the url for websocket communication with api server.
https://kite.trade/docs/connect/v3/websocket/
I've read about websocket for laravel, but almost are the content about sending socket request from client to server.
If then, in my case, I have to turn on browser all day long to get live market quote.
I want to make it possible to get live market data without turn on browser.
Till my understanding is, in node.js, using socket.io client, it is possible to send websocket request from server to socket server.
But in laravel, I could not find way.
If anyone has experience, please help me.
Thanks.
I am experimenting real time app using Laravel and socket.io. I make a seperate node and redis server. Now I see several tutorials introducing redis to subscribe to channels. But I try without redis and socket.io is able to connect and emit etc.
The question is, what is redis used for and are there any specific scenarios that redis is able to handle that socket.io can't?
Thank you.
Socket IO helps in communicating between two different browser tabs, and that do not have anything to do with Laravel application only using socket.js file. So when you want to communicate between Laravel application and browser like chat or real time notifications about the events that happen in laravel application, then Redis will help you.
Laravel application send the data to Redis and Redis pass data to socket IO, then socket IO sends data to browser.
This is similar to AJAX, but in ajax the client ask for data and server/ laravel application responds to the AJAX request.
In our case the server it self can send updated data, as the change happens with out browser requesting, so this is helpful because the browser does not when the data is updated on the server side.
When I started learning socket IO and Redis I struggled a lot to find and understand this, hope this helps you.
I am new to Spring framework, now I chose it for a new project.
The project is actually an online consulting application. when a customer chooses to query by open page window, A consulting engineer will be assigned to him(many to one). to sum up, this app requires the following considerations.
1- anonymity connections for customer and authentication for consulting engineers.
2- one engineer can serve several customers at a time.
3- the way to assign customer could be configured.
4- WebSocket session should remain open while HTTP session expired.
so I have two questions:
for 1-3 items, I am not sure if I should choose STOMP or plain WebSocket in Spring. it seems STOMP is more advanced but more likely to fit a general messaging requirement (topics, subscriptions ... etc). WebSocket in another hand is simpler and more flexible. I wonder which one is better in this consulting application?
for point 4, session expired. google result suggests spring-session. but I can only found its tutorial about integration spring-session with STOMP. if WebSocket is the better choice, how can I integrate spring-session with Plain WebSocket?
Thanks
When you talk about websocket you have to have in mind that it is a simple and "raw" communication protocol without many defined message controls. If you choose to use plain websocket you should be able to authenticate using basic authentication [1]. In this case, your websocket connection, once opened, will stay open and working indefinitely.
But it's also up to you to control the message flow, deciding how to specify the target for each message. That's where STOMP should help you.
Using STOMP you could define "channels" to which customers and consulting enginners would "subscribe" to and begin communication. And you could also send private messages using the "Principal" from an authenticated Spring Security session.
So, answering your points:
1- anonymity connections for customer and authentication for
consulting engineers.
It is possible to define multiple endpoints within Spring Websocket configuration [2]. You could try to request authentication with only one of the endpoints using a implementation of ChannelInterceptorAdapter.
2- one engineer can serve several customers at a time.
Using the definition of channels, with the help of STOMP, you could subscribe the enginner in multiple channels, each for one customer... Or use private messages between them.
3- the way to assign customer could be configured.
I'm not sure what you meant... But it should be easy to assign a customer to a "channel".
4- WebSocket session should remain open while HTTP session expired.
The HTTP session is only used in the initial process, to connect to the websocket. After that the websocket will remain open or, if you use SockJS for fallback, the HTTP session will be constantly renewed.
I have coded an example of websocket server and client using Spring API. It's not exactly what you need, but I think it'll give a good idea.