Authorization
Spring Security 提供了 WebSocket 子协议授权,它使用 `ChannelInterceptor`根据 user 标题授权消息。此外,Spring Session 提供了 WebSocket 集成,它可以确保在 WebSocket 会话仍然处于活动状态时用户 HTTP 会话不会过期。
Spring Security provides
WebSocket sub-protocol authorization
that uses a ChannelInterceptor to authorize messages based on the user header in them.
Also, Spring Session provides
WebSocket integration
that ensures the user’s HTTP session does not expire while the WebSocket session is still active.