handle Bearer interception gracefully

guFalcon · guFalcon · commit 7ab158c16f97 · 2025-08-11T17:19:56.000+02:00
diff --git a/pom.xml b/pom.xml
@@ -10,7 +10,7 @@
 
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>websocket-server</artifactId>
-	<version>1.0.10</version>
+	<version>1.0.12</version>
 	<name>WebsocketServer</name>
 	<packaging>jar</packaging>
 	
diff --git a/src/main/java/info/unterrainer/websocketserver/WsHandlerBase.java b/src/main/java/info/unterrainer/websocketserver/WsHandlerBase.java
@@ -10,7 +10,7 @@ public abstract class WsHandlerBase {
 
 	public abstract void onConnect(WsConnectContext ctx) throws Exception;
 
-	public abstract void onMessage(WsMessageContext ctx) throws Exception;
+	public abstract void onMsg(WsMessageContext ctx) throws Exception;
 
 	public abstract void onBinaryMessage(WsBinaryMessageContext ctx) throws Exception;
 
diff --git a/src/main/java/info/unterrainer/websocketserver/WsOauthHandlerBase.java b/src/main/java/info/unterrainer/websocketserver/WsOauthHandlerBase.java
@@ -74,7 +74,10 @@ public void onConnect(WsConnectContext ctx) throws Exception {
 	}
 
 	@Override
-	public void onMessage(WsMessageContext ctx) throws Exception {
+	public void onMsg(WsMessageContext ctx) throws Exception {
+	}
+
+	public final void onMessage(WsMessageContext ctx) throws Exception {
 		log.debug("Received from [{}]: [{}]", ctx.session.getRemoteAddress(), ctx.message());
 		if (isQuarantined(ctx.session)) {
 			log.warn("Client [{}] is quarantined, checking message for standard authorization-bearer-token.",
@@ -93,12 +96,14 @@ public void onMessage(WsMessageContext ctx) throws Exception {
 						ctx.session.getRemoteAddress());
 				clientsQuarantined.removeIf(c -> c.session.equals(ctx.session));
 				clientsConnected.add(client);
+				return;
 			} catch (Exception e) {
 				log.debug("Token validation failed for client [{}]. Disconnecting.", ctx.session.getRemoteAddress(), e);
 				ctx.session.close(1000, "Unauthorized access with invalid token");
 				return;
 			}
 		}
+		onMsg(ctx);
 	}
 
 	@Override
diff --git a/src/test/java/info/unterrainer/websocketserver/AiComm.java b/src/test/java/info/unterrainer/websocketserver/AiComm.java
@@ -8,7 +8,7 @@
 public class AiComm extends WsOauthHandlerBase {
 
 	@Override
-	public void onMessage(WsMessageContext ctx) throws Exception {
+	public void onMsg(WsMessageContext ctx) throws Exception {
 		super.onMessage(ctx);
 
 		// Broadcast to all connected WS clients.

Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,10 @@ public void onConnect(WsConnectContext ctx) throws Exception {`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`@Override`
`77`		`- public void onMessage(WsMessageContext ctx) throws Exception {`
	`77`	`+ public void onMsg(WsMessageContext ctx) throws Exception {`
	`78`	`+ }`
	`79`	`+`
	`80`	`+ public final void onMessage(WsMessageContext ctx) throws Exception {`
`78`	`81`	`log.debug("Received from [{}]: [{}]", ctx.session.getRemoteAddress(), ctx.message());`
`79`	`82`	`if (isQuarantined(ctx.session)) {`
`80`	`83`	`log.warn("Client [{}] is quarantined, checking message for standard authorization-bearer-token.",`
`@@ -93,12 +96,14 @@ public void onMessage(WsMessageContext ctx) throws Exception {`
`93`	`96`	`ctx.session.getRemoteAddress());`
`94`	`97`	`clientsQuarantined.removeIf(c -> c.session.equals(ctx.session));`
`95`	`98`	`clientsConnected.add(client);`
	`99`	`+ return;`
`96`	`100`	`} catch (Exception e) {`
`97`	`101`	`log.debug("Token validation failed for client [{}]. Disconnecting.", ctx.session.getRemoteAddress(), e);`
`98`	`102`	`ctx.session.close(1000, "Unauthorized access with invalid token");`
`99`	`103`	`return;`
`100`	`104`	`}`
`101`	`105`	`}`
	`106`	`+ onMsg(ctx);`
`102`	`107`	`}`
`103`	`108`
`104`	`109`	`@Override`