Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose access to STOMP SimpleMessageBroker sessions user Principal #25191

Closed
bgK opened this issue Jun 5, 2020 · 5 comments
Closed

Expose access to STOMP SimpleMessageBroker sessions user Principal #25191

bgK opened this issue Jun 5, 2020 · 5 comments
Assignees
@rstoyanchev
Labels
in: messaging Issues in messaging modules (jms, messaging) type: enhancement A general enhancement
Milestone
5.3 GA

Comments

@bgK
Copy link

bgK commented Jun 5, 2020
edited

Hi,

We have a Spring application with a SockJS / STOMP SimpleMessageBroker setup.
User authentification happens through a JWT token passed in a STOMP CONNECT
message header.

Everything is working as desired except we would like to close the broker
sessions for the users with an expired JWT token. So users are not able to
receive messages after their authentication expired.

To do so, I wanted to have a scheduled task that would inspect all the open
sessions principals to check if they are expired, and send a DISCONNECT message
when necessary.

However I've not been able to find a way to access the Principal object for
the open sessions (seems to be stored in SimpleBrokerMessageHandler.SessionInfo).

Am I missing something or is this not currently possible?
@bgK bgK closed this as completed Jun 5, 2020
@bgK bgK changed the title expose SimpleMessageBroker Expose access to STOMP SimpleMessageBroker sessions user Principal Jun 5, 2020
@bgK bgK reopened this Jun 5, 2020
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jun 5, 2020
@rstoyanchev
Copy link
Contributor

@bgK there is a SimpUserRegistry bean with the name "userRegistry" that you can use to get the currently connected users. Have you tried that?

@rstoyanchev rstoyanchev added the status: waiting-for-feedback We need additional information before we can continue label Jun 10, 2020
@bgK
Copy link
Author

bgK commented Jun 10, 2020

Hi,

Thank you for your answer. Indeed, I can get the list of connected users and their associated sessions through the SimpUserRegistry. However the returned SimpUser and SimpSession interfaces don't allow to retrieve the security Principal where the authentication information is stored. The actual object instances are static private classes and don't have the principal either, so casting does not seem to be an option.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Jun 10, 2020
@rstoyanchev
Copy link
Contributor

Yes we only expose the username and session id. Do you have a way to look up the authentication info from that? It's the only option currently. The SessionInfo that's in SimpleBrokerMessageHandler is for internal use to manage heartbeats.

@bgK
Copy link
Author

bgK commented Jun 15, 2020

Hi,

Yes, I could create my own store using a ChannelInterceptor to be able to lookup Principals from session id. I was kind of hoping I would not have to do that so the various stores don't get out of sync, but that definitely possible.

@rstoyanchev rstoyanchev self-assigned this Oct 16, 2020
@rstoyanchev rstoyanchev added in: messaging Issues in messaging modules (jms, messaging) type: enhancement A general enhancement and removed status: feedback-provided Feedback has been provided status: waiting-for-triage An issue we've not yet triaged or decided on labels Oct 16, 2020
@rstoyanchev rstoyanchev added this to the 5.3 GA milestone Oct 16, 2020
@rstoyanchev
Copy link
Contributor

We can store and expose the Principal from SimpUser when it is available. This would work mainly for a local registry and would not with a multi-server registry where user registry content is exchanged.

@sync-by-unito sync-by-unito bot mentioned this issue Oct 28, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rstoyanchev rstoyanchev

Labels
in: messaging Issues in messaging modules (jms, messaging) type: enhancement A general enhancement
Projects
None yet
Milestone
5.3 GA
Development

No branches or pull requests
3 participants
@bgK @rstoyanchev @spring-projects-issues