@Secure doesn't work for websocket in pac4j-play how do i secure a websocket in java pac4j play thanks this what i don now if (!profilesHelper.getProfilesWithHeader(request).isEmpty()) { UserProfile profile = profilesHelper.getProfilesWithHeader(request).get(0);
// Check if the user is authorized
if (profile.getRoles().contains("ROLE_USER")) {
return CompletableFuture.completedFuture(
F.Either.Right(createFlowForActor(request)));
}
}
return CompletableFuture.completedFuture(F.Either.Left(forbidden()));
how manually you do secure in pac4j without using anotations
filters don't work on websocket end point
Edit:
but i tried this method
private CompletionStage<F.Either<Result, Flow<JsonNode, JsonNode, ?>>>
createActorFlow(Http.RequestHeader request) {
final String clients = "CustomFormClient, FacebookClient, TwitterClient, Google2Client, CustomFormClientRegister";
final String authorizers = "USER";
final String matchers = "+csrfToken";
return (CompletionStage<F.Either<Result, Flow<JsonNode, JsonNode, ?>>>)
config.getSecurityLogic().perform(config, (webCtx, session, profiles) -> {
return CompletableFuture.completedFuture(
F.Either.Right(createFlowForActor(request)));
},clients,authorizers,matchers, new PlayFrameworkParameters(request));
}
private Flow<JsonNode, JsonNode, ?> createFlowForActor(Http.RequestHeader requestHeader) {
return ActorFlow.actorRef(out -> MFAWebsocketActor.props(
out, requestHeader, userRepository, mailerClient, profilesHelper, materializer),
actorSystem, materializer);
}
this works but only if user is authenticated and authorized but if user don't get authenticated or authorized, it returns a forbiden result which ends up in this error
2024-06-20 20:30:56 ERROR o.apache.pekko.actor.ActorSystemImpl org.apache.pekko.actor.ActorSystemImpl(play-dev-mode) Internal server error, sending 500 response java.lang.ClassCastException: play.mvc.Result incompatible with java.util.concurrent.CompletionStage
It solved if user don't get authenticated or authorized, it returns a forbiden result which ends up in this error because return type of createActorFlow
now this way it works
public WebSocket mfaSocket() {
return WebSocket.Json
.acceptOrResult(request -> {
final String clients = "CustomFormClient, FacebookClient, TwitterClient, Google2Client, CustomFormClientRegister";
final String authorizers = "USER_UNVERIFIED";
final String matchers = "+csrfToken";
// Check if the user is authorized
Object result =
config.getSecurityLogic().perform(config, (webCtx, session, profiles) -> {
return CompletableFuture.completedFuture(
F.Either.Right(createFlowForActor(request)));
},clients,authorizers,matchers, new PlayFrameworkParameters(request));
if(result instanceof Result){
if(((Result)result).status() != 200){
return CompletableFuture.completedFuture(F.Either.Left((Result)result));
}
}
return (CompletionStage<F.Either<Result, Flow<JsonNode, JsonNode, ?>>>) result;
});
}