-
Notifications
You must be signed in to change notification settings - Fork 8
Authentication
wamp2spring supports both transport-level identity and WAMP-level authentication.
If the underlying servlet or reactive transport already exposes a Principal, that identity can be associated with the WAMP session.
When no WAMP auth method is negotiated, the session can still be established using the transport principal, or as anonymous if no principal is available.
During session establishment:
- The client sends
HELLOwith a realm and optional requested auth methods. - The server accepts the client-supplied realm value but does not partition routing by realm.
- If a matching
WampAuthenticationProvideris available, the server issuesCHALLENGE. - The client responds with
AUTHENTICATE. - On success, the server establishes the session and returns
WELCOMEwith auth metadata.
If no requested auth method is supported, session establishment fails with the appropriate WAMP error.
The current codebase includes these provider implementations:
TicketWampAuthenticationProviderWampCraAuthenticationProviderWampScramAuthenticationProviderDynamicAuthenticationProvider
You can add one or more Spring beans implementing WampAuthenticationProvider.
Each provider:
- declares the auth method name it handles
- creates a challenge for
HELLO - validates the
AUTHENTICATEresponse - returns the resulting principal and auth metadata
After successful authentication, the WAMP session stores metadata such as:
- WAMP session id
- client-supplied realm from
HELLO - peer roles
- auth method
- auth provider
- authenticated principal
That metadata is then available to routing, authorization, and application-level processing.