Netty4 WebSocket服务器:正确处理浏览器401响应
使用Netty4开发WebSocket服务器时,常常需要验证客户端Token。验证失败,服务器应返回401状态码并关闭连接。然而,浏览器有时无法正确接收此响应。本文将详细说明如何解决此问题。
问题:使用var socket = new WebSocket("ws://127.0.0.1:18080/ws?token=xxxx");连接服务器,服务器验证Token。失败时,服务器返回401并关闭连接,但浏览器未收到401响应。服务器代码片段如下:
private void httpResponse401(ChannelHandlerContext ctx, FullHttpRequest request){
FullHttpResponse response = new DefaultFullHttpResponse(request.protocolVersion(), HttpResponseStatus.UNAUTHORIZED);
response.headers().set(HttpHeaderNames.CONTENT_LENGTH, 0);
ctx.writeAndFlush(response).addListener(ChannelFutureListener.CLOSE);
ReferenceCountUtil.release(request);
}
原因:问题在于WebSocket握手阶段。握手请求是HTTP请求,但握手成功后,通信不再是HTTP协议。因此,401响应必须在握手阶段返回。
解决方案:在处理WebSocket握手请求的代码中验证Token。验证失败,直接返回401响应,不执行WebSocket连接建立逻辑。
改进后的代码示例:
@Override
public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
if (msg instanceof FullHttpRequest) {
FullHttpRequest request = (FullHttpRequest) msg;
String token = extractTokenFromRequest(request); //提取Token的辅助函数
if (!validateToken(token)) {
httpResponse401(ctx, request);
return;
}
// Token验证通过,继续WebSocket握手
WebSocketServerHandshakerFactory wsFactory = new WebSocketServerHandshakerFactory(
getWebSocketLocation(request), null, false);
WebSocketServerHandshaker handshaker = wsFactory.newHandshaker(request);
if (handshaker == n
ull) {
WebSocketServerHandshakerFactory.sendUnsupportedVersionResponse(ctx.channel());
} else {
handshaker.handshake(ctx.channel(), request);
}
} else if (msg instanceof WebSocketFrame) {
// 处理WebSocket帧
}
}
private String extractTokenFromRequest(FullHttpRequest request) {
String uri = request.uri();
String[] parts = uri.split("\\?");
if (parts.length > 1) {
String[] params = parts[1].split("&");
for (String param : params) {
String[] keyValue = param.split("=");
if (keyValue.length == 2 && keyValue[0].equals("token")) {
return keyValue[1];
}
}
}
return null;
}
private boolean validateToken(String token) {
// 这里实现token验证逻辑
return token != null && token.equals("validToken"); // 示例,替换为实际验证逻辑
}
private void httpResponse401(ChannelHandlerContext ctx, FullHttpRequest request) {
FullHttpResponse response = new DefaultFullHttpResponse(
HttpVersion.HTTP_1_1, HttpResponseStatus.UNAUTHORIZED);
response.headers().set(HttpHeaderNames.CONTENT_TYPE, "text/plain; charset=UTF-8");
response.headers().set(HttpHeaderNames.CONTENT_LENGTH, response.content().readableBytes());
ctx.writeAndFlush(response).addListener(ChannelFutureListener.CLOSE);
ReferenceCountUtil.release(request);
}
ull) {
WebSocketServerHandshakerFactory.sendUnsupportedVersionResponse(ctx.channel());
} else {
handshaker.handshake(ctx.channel(), request);
}
} else if (msg instanceof WebSocketFrame) {
// 处理WebSocket帧
}
}
private String extractTokenFromRequest(FullHttpRequest request) {
String uri = request.uri();
String[] parts = uri.split("\\?");
if (parts.length > 1) {
String[] params = parts[1].split("&");
for (String param : params) {
String[] keyValue = param.split("=");
if (keyValue.length == 2 && keyValue[0].equals("token")) {
return keyValue[1];
}
}
}
return null;
}
private boolean validateToken(String token) {
// 这里实现token验证逻辑
return token != null && token.equals("validToken"); // 示例,替换为实际验证逻辑
}
private void httpResponse401(ChannelHandlerContext ctx, FullHttpRequest request) {
FullHttpResponse response = new DefaultFullHttpResponse(
HttpVersion.HTTP_1_1, HttpResponseStatus.UNAUTHORIZED);
response.headers().set(HttpHeaderNames.CONTENT_TYPE, "text/plain; charset=UTF-8");
response.headers().set(HttpHeaderNames.CONTENT_LENGTH, response.content().readableBytes());
ctx.writeAndFlush(response).addListener(ChannelFutureListener.CLOSE);
ReferenceCountUtil.release(request);
}通过在握手阶段进行Token验证并返回401响应,浏览器就能正确识别连接关闭的原因,从而实现更健壮的WebSocket服务器。 extractTokenFromRequest 函数增强了Token提取的鲁棒性。 请将示例中的token验证替换为您的实际验证逻辑。
