I'm developing a multiplayer game based on Spring 4 WebSocket. my server is stateless so in order to identify players i use tokens.
after struggling for sometime with how to identify players over WebSockets i came up with this solution: on the client player registers like this:
var sockjs = new SockJS("http://mygame/games/", null, {server : token});
this adds the token to the url, I have set up a filter using spring security:
String requestURI = request.getRequestURI();
String[] parts = StringUtils.split(requestURI, "/");
if (parts.length == 4) {
String token = parts[1];
List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority(Role.ROLE_MULTIPLAYER)));
SecurityContextHolder.getContext().setAuthentication(new PreAuthenticatedAuthenticationToken(token, "MULTIPLAYER", authorities));
}
and it works! in all WebSockets requests i have a Principal set.
However some browsers seems to not support this, in Safari for example the Principal is not set, when debugging the request i see that the URL is correct and the filter works but the Principal is not set. same goes for IE, Chrome and FF works. I'm using STOMP (https://github.com/jmesnil/stomp-websocket) as a messege protocol.
why is there a different behaviour between the browsers? is it a Spring or Client issue?
