Uploaded image for project: 'Spring Framework'
  1. Spring Framework
  2. SPR-15822

Setting user header on CONNECT message stopped working

    Details

    • Last commented by a User:
      false

      Description

      We followed instructions in Token-Based Authentication in Spring doc at http://docs.spring.io/spring/docs/5.0.0.M5/spring-framework-reference/html/websocket.html#websocket-stomp-authentication-token-based, in order to set the user header on the CONNECT Message. In Spring framework 4.3.9, it works well. After migrating to 5.0.0 RC2, we found it stopped working. After some investigation, we tend to believe it is a bug in 5.0.0 RC2 as well as RC3.

      [5.0.0 RC2 behavior] – bad
      In method handleMessageFromClient() in StompSubProtocolHandler class, Principal is retrieved from session. Of course, at this point, the Principal is null. And then, Spring attempts to put Principal to stompAuthentications. Since it is null, nothing would be put into stompAuthentications.

      Principal user = getUser(session);
      if (user != null)

      { headerAccessor.setUser(user); }

      ...
      try {
      SimpAttributesContextHolder.setAttributesFromMessage(message);
      boolean sent = outputChannel.send(message);

      if (sent) {
      if (isConnect) {
      if (user != null && user != session.getPrincipal())

      { this.stompAuthentications.put(session.getId(), user); }
      }

      [4.3.9 behavior] – good
      Spring tries to retrieve Principal from STOMP header, and then put it into stompAuthentications.

      if (sent) {
      if (isConnect) {
      Principal user = headerAccessor.getUser();
      if (user != null && user != session.getPrincipal()) { this.stompAuthentications.put(session.getId(), user); }

      }

      This commit (https://github.com/spring-projects/spring-framework/commit/f813712f5b413b354560cd7cc006352e9defa9a3#diff-7bc1370febf168db39f9b3a608f68fe8) caused this regression. FYI.

        Issue Links

          Activity

          domain Jeff created issue -
          domain Jeff made changes -
          Field Original Value New Value
          Summary Setting user header on CONNECT message stop working Setting user header on CONNECT message stopped working
          juergen.hoeller Juergen Hoeller made changes -
          Fix Version/s 5.0 RC4 [ 16259 ]
          Assignee Juergen Hoeller [ juergen.hoeller ]
          juergen.hoeller Juergen Hoeller made changes -
          Link This issue relates to SPR-15540 [ SPR-15540 ]
          Hide
          juergen.hoeller Juergen Hoeller added a comment -

          Good catch: We need to re-retrieve the user at that point, which got accidentally dropped during that nullability refactoring. Restored for 5.0 RC4 now.

          Show
          juergen.hoeller Juergen Hoeller added a comment - Good catch: We need to re-retrieve the user at that point, which got accidentally dropped during that nullability refactoring. Restored for 5.0 RC4 now.
          juergen.hoeller Juergen Hoeller made changes -
          Status Open [ 1 ] Resolved [ 5 ]
          Resolution Complete [ 8 ]
          snicoll Stéphane Nicoll made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Resolved Resolved
          6h 1m 1 Juergen Hoeller 27/Jul/17 9:15 AM
          Resolved Resolved Closed Closed
          46d 2h 54m 1 Stéphane Nicoll 11/Sep/17 12:09 PM

            People

            • Assignee:
              juergen.hoeller Juergen Hoeller
              Reporter:
              domain Jeff
              Last updater:
              Stéphane Nicoll
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                11 weeks, 6 days ago