Implementation of WebSockets on HTTP(S) endpoint /termit/ws using STOMP protocol.
WebSockets will be used in future PR addressing application performance (dev branch).
Authentication
WebSocket API in browsers does not allow setting custom headers for WS handshake (HTTP request for protocol upgrade),
which leaves us with three options for how to implement authentication using the JWT token:
save the token as a cookie, which will be sent by the browser automatically (hopefully)
send the token as a query parameter
send it with a STOMP CONNECT message
Currently implemented as option 3, which is most reliable.
This means any WebSocket connection is accepted, and the client has limited time (15s) to send a STOMP CONNECT message with a valid JWT token. Otherwise, the connection is closed.
might face issues with cookies access and browser compatibility, but it should be possible to implement for better security of the ws endpoint in the future
JWT would be part of history and logs, which is unacceptable
Changes
removed REST endpoint /vocabularies/{localName}/validate replaced with matching ws endpoint
disabled test findTermOccurrencesSetsFoundOccurrencesAsApprovedWhenCorrespondingExistingOccurrenceWasApproved, which is failing on Windows, until the issue is resolved
Tests
Prepared two test runners for WebSocket testing.
BaseWebSocketIntegrationTestRunner, which starts the whole application context with an active web socket endpoint and establishes an actual web socket connection to the application. Currently used for WebSocket security test.
BaseWebSocketControllerTestRunner is used to test WebSocket controllers using mocked API.
Required changes (TODO)
It is required to adjust proxy configuration to enable WebSocket connections support (SockJS fallback might be implemented in the app if needed)
Implementation of WebSockets on HTTP(S) endpoint
/termit/ws
using STOMP protocol.WebSockets will be used in future PR addressing application performance (dev branch).
Authentication
WebSocket API in browsers does not allow setting custom headers for WS handshake (HTTP request for protocol upgrade), which leaves us with three options for how to implement authentication using the JWT token:
Currently implemented as option 3, which is most reliable.
This means any WebSocket connection is accepted, and the client has limited time (15s) to send a STOMP CONNECT message with a valid JWT token. Otherwise, the connection is closed.
Changes
/vocabularies/{localName}/validate
replaced with matching ws endpointfindTermOccurrencesSetsFoundOccurrencesAsApprovedWhenCorrespondingExistingOccurrenceWasApproved
, which is failing on Windows, until the issue is resolvedTests
Prepared two test runners for WebSocket testing.
BaseWebSocketIntegrationTestRunner
, which starts the whole application context with an active web socket endpoint and establishes an actual web socket connection to the application. Currently used for WebSocket security test.BaseWebSocketControllerTestRunner
is used to test WebSocket controllers using mocked API.Required changes (TODO)