Java
javaTutorial
When developing a WebSocket server using Netty4, how do you ensure that the browser correctly recognizes the 401 response?
When developing a WebSocket server using Netty4, how do you ensure that the browser correctly recognizes the 401 response?
Apr 19, 2025 pm 03:18 PM
Netty4 WebSocket Server: Correctly handle browser 401 responses
When developing WebSocket servers using Netty4, it is often necessary to verify the client token. If verification fails, the server should return the 401 status code and close the connection. However, browsers sometimes fail to receive this response correctly. This article will explain in detail how to resolve this issue.
Question: Use var socket = new WebSocket("ws://127.0.0.1:18080/ws?token=xxxx"); to connect to the server, and the server verifies the token. On failure, the server returns 401 and closes the connection, but the browser does not receive a 401 response. The server code snippet is as follows:
private void httpResponse401(ChannelHandlerContext ctx, FullHttpRequest request){
FullHttpResponse response = new DefaultFullHttpResponse(request.protocolVersion(), HttpResponseStatus.UNAUTHORIZED);
response.headers().set(HttpHeaderNames.CONTENT_LENGTH, 0);
ctx.writeAndFlush(response).addListener(ChannelFutureListener.CLOSE);
ReferenceCountUtil.release(request);
}
Cause: The problem lies in the WebSocket handshake stage. The handshake request is an HTTP request, but after the handshake is successful, the communication is no longer an HTTP protocol. Therefore, the 401 response must be returned in the handshake phase.
Solution: Verify the token in the code that handles the WebSocket handshake request. If the verification fails, the 401 response is directly returned, and the WebSocket connection establishment logic is not executed.
Improved code example:
@Override
public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
if (msg instanceof FullHttpRequest) {
FullHttpRequest request = (FullHttpRequest) msg;
String token = extractTokenFromRequest(request); //Extract the helper function of Token if (!validateToken(token)) {
httpResponse401(ctx, request);
return;
}
// Token verification is passed, continue WebSocket handshake WebSocketServerHandshakerFactory wsFactory = new WebSocketServerHandshakerFactory(
getWebSocketLocation(request), null, false);
WebSocketServerHandshaker handshaker = wsFactory.newHandshaker(request);
if (handshaker == null) {
WebSocketServerHandshakerFactory.sendUnsupportedVersionResponse(ctx.channel());
} else {
handshaker.handshake(ctx.channel(), request);
}
} else if (msg instanceof WebSocketFrame) {
// Process WebSocket frames}
}
private String extractTokenFromRequest(FullHttpRequest request) {
String uri = request.uri();
String[] parts = uri.split("\\?");
if (parts.length > 1) {
String[] params = parts[1].split("&");
for (String param : params) {
String[] keyValue = param.split("=");
if (keyValue.length == 2 && keyValue[0].equals("token")) {
return keyValue[1];
}
}
}
return null;
}
private boolean validateToken(String token) {
// Implement the token verification logic here return token != null && token.equals("validToken"); // Example, replace with the actual verification logic}
private void httpResponse401(ChannelHandlerContext ctx, FullHttpRequest request) {
FullHttpResponse response = new DefaultFullHttpResponse(
HttpVersion.HTTP_1_1, HttpResponseStatus.UNAUTHORIZED);
response.headers().set(HttpHeaderNames.CONTENT_TYPE, "text/plain; charset=UTF-8");
response.headers().set(HttpHeaderNames.CONTENT_LENGTH, response.content().readableBytes());
ctx.writeAndFlush(response).addListener(ChannelFutureListener.CLOSE);
ReferenceCountUtil.release(request);
}
By performing token verification during the handshake phase and returning a 401 response, the browser can correctly identify the reason for the connection to close, thus enabling a more robust WebSocket server. extractTokenFromRequest function enhances the robustness of Token extraction. Please replace token verification in the example with your actual verification logic.
The above is the detailed content of When developing a WebSocket server using Netty4, how do you ensure that the browser correctly recognizes the 401 response?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to avoid risks in the turmoil in the currency circle? The TOP3 stablecoin list is revealed
Jul 08, 2025 pm 07:27 PM
Against the backdrop of violent fluctuations in the cryptocurrency market, investors' demand for asset preservation is becoming increasingly prominent. This article aims to answer how to effectively hedge risks in the turbulent currency circle. It will introduce in detail the concept of stablecoin, a core hedge tool, and provide a list of TOP3 stablecoins by analyzing the current highly recognized options in the market. The article will explain how to select and use these stablecoins according to their own needs, so as to better manage risks in an uncertain market environment.
Global stablecoin market value PK! Who is the gold substitute in the bear market
Jul 08, 2025 pm 07:24 PM
This article will discuss the world's mainstream stablecoins and analyze which stablecoins have the risk aversion attribute of "gold substitute" in the market downward cycle (bear market). We will explain how to judge and choose a relatively stable value storage tool in a bear market by comparing the market value, endorsement mechanism, transparency, and comprehensively combining common views on the Internet, and explain this analysis process.
The popularity of the currency circle has returned, why do smart people have begun to quietly increase their positions? Look at the trend from the on-chain data and grasp the next round of wealth password!
Jul 09, 2025 pm 08:30 PM
As the market conditions pick up, more and more smart investors have begun to quietly increase their positions in the currency circle. Many people are wondering what makes them take decisively when most people wait and see? This article will analyze current trends through on-chain data to help readers understand the logic of smart funds, so as to better grasp the next round of potential wealth growth opportunities.
Virtual Currency Stable Coins Ranking Which is the 'safe haven' in the currency circle
Jul 08, 2025 pm 07:30 PM
This article will introduce several mainstream stablecoins and explain in depth how to evaluate the security of a stablecoin from multiple dimensions such as transparency and compliance, so as to help you understand which stablecoins are generally considered relatively reliable choices in the market, and learn how to judge their "hazard-haven" attributes on your own.
Bitcoin breaks new highs, Dogecoin rebounds strongly, will Ethereum keep up with the pace
Jul 09, 2025 pm 08:24 PM
Recently, Bitcoin hit a new high, Dogecoin ushered in a strong rebound and the market was hot. Next, we will analyze the market drivers and technical aspects to determine whether Ethereum still has opportunities to follow the rise.
What are the types of stablecoins? What are the stablecoins in digital currency?
Jul 08, 2025 pm 11:51 PM
Stable coins maintain price stability by anchoring fiat currencies such as the US dollar, which are mainly divided into three categories: 1. Fiat currency collateralization types such as USDT and USDC; 2. Cryptocurrency collateralization types such as DAI; 3. Algorithm types have higher risks. Mainstream stablecoins include USDT with the highest market value and the best liquidity. USDC is known for its compliance and transparency. DAI relies on the decentralized mechanism. TUSD adopts on-chain real-time audit. BUSD is gradually withdrawing from the market due to supervision. USDP is known for its high compliance and security. Both are widely circulated on mainstream exchanges.
What are the mainstream public chains of cryptocurrencies? The top ten rankings of cryptocurrency mainstream public chains in 2025
Jul 10, 2025 pm 08:21 PM
The pattern in the public chain field shows a trend of "one super, many strong ones, and a hundred flowers blooming". Ethereum is still leading with its ecological moat, while Solana, Avalanche and others are challenging performance. Meanwhile, Polkadot, Cosmos, which focuses on interoperability, and Chainlink, which is a critical infrastructure, form a future picture of multiple chains coexisting. For users and developers, choosing which platform is no longer a single choice, but requires a trade-off between performance, cost, security and ecological maturity based on specific needs.
Dogecoin Trading Platform App Download What Dogecoin Trading Platforms are there
Jul 08, 2025 pm 05:36 PM
This article will explain the selection of Dogecoin trading platform and the official application download. We will explain in detail how to find and download the application of the trading platform through safe and reliable channels. This process will be presented in the form of step-by-step teaching. Next, we will introduce several mainstream Dogecoin trading platforms in the current market, and combine the general feedback from online users to comprehensively explain their characteristics for reference.
