Uploaded image for project: 'Spring Framework'
  1. Spring Framework
  2. SPR-15822

Setting user header on CONNECT message stopped working


    • Last commented by a User:


      We followed instructions in Token-Based Authentication in Spring doc at http://docs.spring.io/spring/docs/5.0.0.M5/spring-framework-reference/html/websocket.html#websocket-stomp-authentication-token-based, in order to set the user header on the CONNECT Message. In Spring framework 4.3.9, it works well. After migrating to 5.0.0 RC2, we found it stopped working. After some investigation, we tend to believe it is a bug in 5.0.0 RC2 as well as RC3.

      [5.0.0 RC2 behavior] – bad
      In method handleMessageFromClient() in StompSubProtocolHandler class, Principal is retrieved from session. Of course, at this point, the Principal is null. And then, Spring attempts to put Principal to stompAuthentications. Since it is null, nothing would be put into stompAuthentications.

      Principal user = getUser(session);
      if (user != null)

      { headerAccessor.setUser(user); }

      try {
      boolean sent = outputChannel.send(message);

      if (sent) {
      if (isConnect) {
      if (user != null && user != session.getPrincipal())

      { this.stompAuthentications.put(session.getId(), user); }

      [4.3.9 behavior] – good
      Spring tries to retrieve Principal from STOMP header, and then put it into stompAuthentications.

      if (sent) {
      if (isConnect) {
      Principal user = headerAccessor.getUser();
      if (user != null && user != session.getPrincipal()) { this.stompAuthentications.put(session.getId(), user); }


      This commit (https://github.com/spring-projects/spring-framework/commit/f813712f5b413b354560cd7cc006352e9defa9a3#diff-7bc1370febf168db39f9b3a608f68fe8) caused this regression. FYI.

        Issue Links


          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Resolved Resolved
          6h 1m 1 Juergen Hoeller 27/Jul/17 9:15 AM
          Resolved Resolved Closed Closed
          46d 2h 54m 1 St├ęphane Nicoll 11/Sep/17 12:09 PM


            • Assignee:
              juergen.hoeller Juergen Hoeller
              domain Jeff
              Last updater:
              St├ęphane Nicoll
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created:
                Days since last comment:
                33 weeks, 6 days ago