Authorization
Spring Security provides
WebSocket sub-protocol authorization
that uses a ChannelInterceptor
to authorize messages based on the user header in them.
Also, Spring Session provides
WebSocket integration
that ensures the user’s HTTP session does not expire while the WebSocket session is still active.