Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Atmosphere endpoint is intercepting all Web Socket requests #14602

Closed
MarcinVaadin opened this issue Sep 21, 2022 · 4 comments
Closed

Atmosphere endpoint is intercepting all Web Socket requests #14602

MarcinVaadin opened this issue Sep 21, 2022 · 4 comments
Assignees
@MarcinVaadin
Labels
bug Impact: Low Severity: Blocker

Comments

@MarcinVaadin
Copy link
Member

MarcinVaadin commented Sep 21, 2022
edited
Loading

Description of the bug

After #13960 Atmosphere endpoint is mapped to / which causes that all Web Socket requests are handled by Atmosphere handlers. It became impossible to register own Web Socket handlers.

Description and reproducible example is present on https://stackoverflow.com/questions/73791155/upgrading-to-vaadinwebsecurity-is-breaking-custom-websocket/73798818#73798818

Workaround - exclusion of Atmosphere:

<dependency>
    <groupId>com.vaadin</groupId>
    <!-- Replace artifactId with vaadin-core to use only free components -->
    <artifactId>vaadin</artifactId>
    <exclusions>
        <exclusion>
            <groupId>com.vaadin.external.atmosphere</groupId>
            <artifactId>atmosphere-runtime</artifactId>
        </exclusion>
    </exclusions>
</dependency>

Expected behavior

It should be possible to register custom Web Socket handlers.

Minimal reproducible example

Available on https://stackoverflow.com/questions/73791155/upgrading-to-vaadinwebsecurity-is-breaking-custom-websocket/73798818#73798818

Versions

  • Vaadin / Flow version: 23.2
  • Java version: 17
@mshabarov mshabarov added the bug label Sep 21, 2022
@MarcinVaadin MarcinVaadin self-assigned this Sep 23, 2022
@mshabarov mshabarov mentioned this issue Sep 23, 2022
Closed
@ggecy
Copy link

ggecy commented Sep 26, 2022

+1
This has very high priority for our project since we cannot deploy vaadin 23.2.0 to our production systems because of it. We have vaadin push enabled and using it extensively (so the workaround is not applicable) while at the same time we are using spring websockets which now don't work.

@Artur-
Copy link
Member

Artur- commented Sep 26, 2022

I think the summary is slightly wrong as the websocket endpoint was SUPPOSED to be mapped to / only but as the path mapping length of Atmosphere is set to 5 by default it is also mapped to urls like /{path} and /{path}/{path}. Making it mapped to only the servlet path should fix this, drafted in #14638

@MarcinVaadin MarcinVaadin mentioned this issue Sep 29, 2022
Closed
9 tasks
@Tonne-TM
Copy link

Tonne-TM commented Oct 3, 2022
edited
Loading

@Artur- The issue still exists. If you update the example provided at StackOverflow to Vaadin 23.2.3 the custom WebSocket is still overwritten by the Atmosphere framework returning

for(;;);[{"meta":{"async":true,"sessionExpired":true}}]

Update: Mistake on my side, forgot to delete some generated files, when updating version.

@Artur-
Copy link
Member

Artur- commented Oct 3, 2022

If I take the app, change to 23.2.3 and run new WebSocket("ws://localhost:8080/websocket") in the browser I see

connected

in the server log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MarcinVaadin MarcinVaadin

Labels
bug Impact: Low Severity: Blocker
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Artur- @ggecy @Tonne-TM @mshabarov @MarcinVaadin