Skip to content
Snippets Groups Projects

Add auth logic for stomp clients over ws

Merged Add auth logic for stomp clients over ws
STOMP-security into master
All threads resolved!
Merged Tom Käsler requested to merge STOMP-security into master
All threads resolved!

This MR checks STOMP CONNECT frames for the jwt. A user connecting to STOMP will have to send the jwt as the header token to the backend which authenticates it and caches the jwt for the underlying (stomp-)session-id. Furthermore, when there is a header ars-user-id, the backend checks if the user sending the request has authenticated himself and the given ars-user-id is the same as the one stored in the jwt.

Edited by Tom Käsler

Merge request reports

Pipeline #25513 passed with warnings

Stage:
    Stage:
      Stage:

        Pipeline passed with warnings for 51a5fd6f on STOMP-security

        Merged by Daniel GerhardtDaniel Gerhardt 5 years ago (Apr 30, 2019 1:54pm UTC)

        Loading

        Pipeline #25518 passed with warnings

        Stage:
          Stage:
            Stage:

              Pipeline passed with warnings for 29043042 on master

              Activity

              Filter activity
              • Approvals
              • Assignees & reviewers
              • Comments (from bots)
              • Comments (from users)
              • Commits & branches
              • Edits
              • Labels
              • Lock status
              • Mentions
              • Merge request status
              • Tracking
              Please register or sign in to reply