diff --git a/designer-realize/src/main/java/com/fr/design/mainframe/socketio/AbstractSocketConfig.java b/designer-realize/src/main/java/com/fr/design/mainframe/socketio/AbstractSocketConfig.java index 2f86907763..8562ccbbdb 100644 --- a/designer-realize/src/main/java/com/fr/design/mainframe/socketio/AbstractSocketConfig.java +++ b/designer-realize/src/main/java/com/fr/design/mainframe/socketio/AbstractSocketConfig.java @@ -1,6 +1,5 @@ package com.fr.design.mainframe.socketio; -import com.fr.decision.webservice.utils.DecisionServiceConstants; import com.fr.general.ComparatorUtils; import com.fr.log.FineLoggerFactory; import com.fr.report.RemoteDesignConstants; @@ -14,6 +13,8 @@ import com.fr.workspace.Workspace; import com.fr.workspace.base.WorkspaceConstants; import com.fr.workspace.connect.WorkspaceConnection; import com.fr.workspace.connect.WorkspaceConnectionInfo; +import com.fr.workspace.server.socket.SocketIOVerifier; +import com.fr.workspace.server.socket.SocketVerifierOperator; import io.socket.client.IO; import io.socket.engineio.client.transports.Polling; import io.socket.engineio.client.transports.WebSocket; @@ -83,14 +84,17 @@ public abstract class AbstractSocketConfig { WorkspaceConnection connection = current.getConnection(); currentProtocol = getCurrentProtocolFromUrl(url); String[] result = new String[ports.length]; + // REPORT-89007: websocket 避免url明文传输token。兼容旧版本服务器:旧版传递token,新版传递加密后的wsid + String token = connection.getToken(); + SocketIOVerifier verifier = WorkContext.getCurrent().get(SocketVerifierOperator.class).getVerifier(token); for (int i = 0; i < ports.length; i++) { result[i] = String.format("%s://%s:%s%s?%s=%s&%s=%s", currentProtocol, url.getHost(), ports[i], WorkspaceConstants.WS_NAMESPACE, - DecisionServiceConstants.WEB_SOCKET_TOKEN_NAME, - connection.getToken(), + verifier.getVerifierPrefix(), + verifier.getVerifierCode(), RemoteDesignConstants.USER_LOCK_ID, connection.getId()); }