Book Image

Learning Spring Boot 2.0 - Second Edition

By : Greg L. Turnquist, Greg L. Turnquist
Book Image

Learning Spring Boot 2.0 - Second Edition

By: Greg L. Turnquist, Greg L. Turnquist

Overview of this book

Spring Boot provides a variety of features that address today's business needs along with today's scalable requirements. In this book, you will learn how to leverage powerful databases and Spring Boot's state-of-the-art WebFlux framework. This practical guide will help you get up and running with all the latest features of Spring Boot, especially the new Reactor-based toolkit. The book starts off by helping you build a simple app, then shows you how to bundle and deploy it to the cloud. From here, we take you through reactive programming, showing you how to interact with controllers and templates and handle data access. Once you're done, you can start writing unit tests, slice tests, embedded container tests, and even autoconfiguration tests. We go into detail about developer tools, AMQP messaging, WebSockets, security, and deployment. You will learn how to secure your application using both routes and method-based rules. By the end of the book, you'll have built a social media platform from which to apply the lessons you have learned to any problem. If you want a good understanding of building scalable applications using the core functionality of Spring Boot, this is the book for you.
Table of Contents (11 chapters)

Securing WebSockets

So far, we have secured the chat service and the images service.

Or have we?

Well, we configured chat as the Gateway API for our microservices using Spring Cloud Gateway. To do that, we made it the sole source of HTTP session creation. Given that the session details were also included in forwarded web requests, our Gateway API is nicely buttoned up.

However, the chat microservice's critical function is brokering WebSocket messages. And we haven't lifted a finger to secure that component. Time to roll up our sleeves and get to work.

Since our WebSocket handlers are stream oriented, we merely need to slip in a parent class that authorizes things when the WebSocket session is configured, as follows:

    abstract class AuthorizedWebSocketHandler 
     implements WebSocketHandler { 
       public final Mono<Void> handle(WebSocketSession...