api-infrastructure/org.cryptotrader.api.library.infrastructure/JwtHandshakeInterceptor

JwtHandshakeInterceptor

@Component
class JwtHandshakeInterceptor(jwtService: JwtTokenService, productUserService: ProductUserService, tokenBlacklistService: TokenBlacklistService) : HandshakeInterceptor

WebSocket handshake interceptor that optionally authenticates the upgrading connection using a JWT.

How it works:

  • Looks for an access token in either the Authorization: Bearer header or token query parameter on the WS URL.

  • If present and not blacklisted, validates it and attaches the ProductUser to the WebSocket attributes.

  • Does not enforce authentication; handlers may still allow anonymous connections and authorize per-message.

Relation to DPoP:

  • DPoP applies to HTTP requests, not WebSocket frames. We allow tokens issued via HTTP (DPoP-bound) to be presented at upgrade using the Bearer scheme. Binding is enforced on HTTP APIs; WS connections should close or require re-auth when the token expires.

Constructors

Link copied to clipboard
constructor(jwtService: JwtTokenService, productUserService: ProductUserService, tokenBlacklistService: TokenBlacklistService)

Functions

Link copied to clipboard
open override fun afterHandshake(request: ServerHttpRequest, response: ServerHttpResponse, wsHandler: WebSocketHandler, exception: Exception?)
Link copied to clipboard
open override fun beforeHandshake(request: ServerHttpRequest, response: ServerHttpResponse, wsHandler: WebSocketHandler, attributes: MutableMap<String, Any>): Boolean