使用spring-security和来自websocket消息的访问主体来保护Spring-Webscoket

HttpSessionHandshakeInterceptor

SpringSecurityContext

WebsocketSession

编辑： HandshakeInterceptor.java

public class HandshakeInterceptor extends HttpSessionHandshakeInterceptor{    @Override    public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String, Object> attributes) throws Exception {        System.out.println("Before Handshake");        return super.beforeHandshake(request, response, wsHandler, attributes);    }    @Override    public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Exception ex) {        System.out.println("After Handshake");        super.afterHandshake(request, response, wsHandler, ex);    }}

websocket.xml

<bean id="websocket" /><websocket:handlers>    <websocket:mapping path="/websocket" handler="websocket"/>    <websocket:handshake-interceptors>    <bean />    </websocket:handshake-interceptors></websocket:handlers>