-
Notifications
You must be signed in to change notification settings - Fork 37.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose access to STOMP SimpleMessageBroker sessions user Principal #25191
Comments
@bgK there is a |
Hi, Thank you for your answer. Indeed, I can get the list of connected users and their associated sessions through the |
Yes we only expose the username and session id. Do you have a way to look up the authentication info from that? It's the only option currently. The |
Hi, Yes, I could create my own store using a |
We can store and expose the |
Hi,
We have a Spring application with a SockJS / STOMP SimpleMessageBroker setup.
User authentification happens through a JWT token passed in a STOMP CONNECT
message header.
Everything is working as desired except we would like to close the broker
sessions for the users with an expired JWT token. So users are not able to
receive messages after their authentication expired.
To do so, I wanted to have a scheduled task that would inspect all the open
sessions principals to check if they are expired, and send a DISCONNECT message
when necessary.
However I've not been able to find a way to access the Principal object for
the open sessions (seems to be stored in SimpleBrokerMessageHandler.SessionInfo).
Am I missing something or is this not currently possible?
The text was updated successfully, but these errors were encountered: