Securing STOMP Endpoints with Spring Security
Learn how to authenticate and authorize STOMP messaging in Spring, securing the handshake, destinations, and per-user messages against unauthorized access.
Why Secure STOMP?
An open STOMP endpoint lets anyone subscribe to and publish on any destination. Securing STOMP ensures only authenticated users connect and only authorized users access specific destinations.
This lesson layers Spring Security onto STOMP messaging.
Two Layers of Security
STOMP security operates at two levels:
- Handshake: authenticate the user when the WebSocket connection opens
- Message: authorize each SUBSCRIBE and SEND to a destination
Both layers are needed for real protection.
All lessons in this course
- Introducing STOMP Protocol
- Configuring STOMP with Spring
- Sending and Receiving STOMP Messages
- Securing STOMP Endpoints with Spring Security