spring-cloud-gateway icon indicating copy to clipboard operation
spring-cloud-gateway copied to clipboard

Published 20 hours ago verified publisher icon spring-cloud

Server WebSocket handshake errors should result in handshake error returned to client

Open gberche-orange opened this issue 5 years ago • 6 comments

  • As a spring cloud gateway user
  • in order to route traffic to websocket servers that perform authentication at the websocket handshake time (which is a valid behavior according to WSS specs section-4.2.2 ) and return a 401 status code to clients
  • I need to be able handle server WS handshake failure and to return the original (e.g. 401) status to websocket client handshake

Currently, as previously reported in #857 (which was marked as a duplicate for #845), the gateway is first returning the WSS handshake response (HTTP/1.1 101 Switching Protocols triggered in ReactorNettyRequestUpgradeStrategy) prior to contacting the server and receiving the 401 status, and finally returns a default Server internal error to the client

Traces and steps to reproduce are detailed into https://stackoverflow.com/questions/63196638/spring-cloud-gateway-hides-server-websocket-handshake-401-failures-to-clients

I'm suspecting the following dependencies are necessary to fix this issue:

  • client code (Netty client?) needs to expose the observed HTTP response code during handshake. Currently, the exception does not provide access to the status code programmatically (it is only present in the exception message).
io.netty.handler.codec.http.websocketx.WebSocketHandshakeException: Invalid handshake response getStatus: 401 Unauthorized
	at io.netty.handler.codec.http.websocketx.WebSocketClientHandshaker13.verify(WebSocketClientHandshaker13.java:274) ~[netty-codec-http-4.1.51.Final.jar:4.1.51.Final]
  • gateway client code (at WebsocketRoutingFilter) needs to extract the client handshake error and flow it up properly to the server code code.
  • server code (ReactorNettyRequestUpgradeStrategy in spring-webflux) needs to receive and collect server errors during client handshake and return them to the client prior to committing the websocket handshake

gberche-orange avatar Aug 03 '20 15:08 gberche-orange

Hi @gberche-orange added link to related discussion in Netty project.

amizurov avatar Aug 04 '20 07:08 amizurov

So we have the netty bits. Is there a corresponding issue open in spring-framework?

spencergibb avatar Feb 17 '21 17:02 spencergibb

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

spring-cloud-issues avatar Feb 25 '21 04:02 spring-cloud-issues

@spencergibb thanks for the update on netty. I had not opened a spring-framework issue because I don't have sufficient background to word it and explain it correctly. I merely suspected

server code (ReactorNettyRequestUpgradeStrategy in spring-webflux) needs to receive and collect server errors during client handshake and return them to the client prior to committing the websocket handshake

Would someone from the spring cloud team with sufficient background be able to create it so that the @spring-cloud-issues bot does not close this issue ?

gberche-orange avatar Feb 25 '21 08:02 gberche-orange

Any updates on this issue, i am facing the same problem using <spring.boot.version>2.3.2.RELEASE</spring.boot.version> <spring.cloud.version>Hoxton.SR7</spring.cloud.version>

vbaksh avatar Jul 12 '21 07:07 vbaksh

Still no solution? 🫤

JeongHyeon-VIRNECT avatar Sep 11 '22 12:09 JeongHyeon-VIRNECT