How to secure Websocket connection for subscriptions?

graphql-java-generator / graphql-gradle-plugin-project

graphql-gradle-plugin is a Gradle Plugin for GraphQL, based on graphql-java. It accelerates the development for both the client and the server, by generating the Java code. It allows a quicker development when in contract-first approach, by avoiding to code the boilerplate code.

https://graphql-maven-plugin-project.graphql-java-generator.com/

MIT License

54 stars 8 forks source link

How to secure Websocket connection for subscriptions? #7

Closed fschmuck closed 3 years ago

fschmuck commented 3 years ago

Is there an easy way with this plugin to secure the websocket connection via spring-security?

etienne-sf commented 3 years ago

Hello,

This is already available.

You can check the WebSecurityConfiguration class, in the graphql-gradle-plugin-samples-allGraphQLCases-server module. This module is both a demo, and a way to execute integration tests when building the project. This class provide OAuth authorization, based on the org.springframework.security package.

This page on the wiki give the associated information.

Etienne

fschmuck commented 3 years ago

Thank you for the quick reply. I figured out how to secure the connection to the websocket but when i send a GraphQL request my SecurityContext does not have a authorization set. So i cannot check on permission within my datafetchers. Is there also an example for this case?

etienne-sf commented 3 years ago

Sorry, I can't help your that far.