在 Spring Boot 中使用 Kotlin 配置 WebSocket 的完整流程如下(包含基础配置、安全增强和性能优化):
一、添加依赖 (build.gradle.kts 或 pom.xml)
// build.gradle.kts
dependencies {implementation("org.springframework.boot:spring-boot-starter-websocket")implementation("com.fasterxml.jackson.module:jackson-module-kotlin") // JSON 支持
}
二、基础 WebSocket 配置
1. 启用 WebSocket 支持
@Configuration
@EnableWebSocket
class WebSocketConfig : WebSocketConfigurer {@Autowiredlateinit var myWebSocketHandler: MyWebSocketHandler@Autowiredlateinit var handshakeInterceptor: AuthHandshakeInterceptoroverride fun registerWebSocketHandlers(registry: WebSocketHandlerRegistry) {registry.addHandler(myWebSocketHandler, "/ws").addInterceptors(handshakeInterceptor).setAllowedOrigins("*") // 生产环境应限制域名}
}
三、核心组件实现
1. WebSocket 消息处理器
@Component
class MyWebSocketHandler : TextWebSocketHandler() {private val sessions = ConcurrentHashMap<String, WebSocketSession>()private val logger = LoggerFactory.getLogger(this::class.java)// 连接建立override fun afterConnectionEstablished(session: WebSocketSession) {val userId = session.attributes["userId"] as? StringuserId?.let {sessions[it] = sessionlogger.info("User $it connected, total: ${sessions.size}")} ?: run {session.close(CloseStatus.BAD_DATA)}}// 处理文本消息override fun handleTextMessage(session: WebSocketSession, message: TextMessage) {val payload = message.payloadlogger.debug("Received message: $payload")// 示例:广播消息sessions.values.forEach { it.sendMessage(TextMessage("Broadcast: $payload"))}}// 连接关闭override fun afterConnectionClosed(session: WebSocketSession, status: CloseStatus) {sessions.values.remove(session)logger.info("Connection closed: ${status.reason}")}// 主动推送方法fun sendToUser(userId: String, message: String) {sessions[userId]?.sendMessage(TextMessage(message))}
}
2. 握手拦截器(安全校验)
@Component
class AuthHandshakeInterceptor : HandshakeInterceptor {override fun beforeHandshake(request: ServerHttpRequest,response: ServerHttpResponse,wsHandler: WebSocketHandler,attributes: MutableMap<String, Any>): Boolean {// 1. 校验 Tokenval token = request.uri.query?.split("token=")?.get(1)if (!validateToken(token)) {response.statusCode = HttpStatus.UNAUTHORIZEDreturn false}// 2. 获取用户信息val userId = parseUserIdFromToken(token)attributes["userId"] = userId// 3. 记录握手日志logHandshake(request.remoteAddress?.hostName)return true}private fun validateToken(token: String?): Boolean {// 实现 JWT 校验逻辑return token?.startsWith("valid_") == true}
}
四、客户端连接示例(JavaScript + Kotlin)
1. Web 前端连接
const socket = new WebSocket(`ws://${location.host}/ws?token=valid_123`);socket.onmessage = (event) => {console.log('Received:', event.data);
};// 发送心跳包保持连接
setInterval(() => {socket.send(JSON.stringify({ type: "heartbeat" }));
}, 30000);
2. Android 客户端(Kotlin)
class WebSocketClient(url: String) : WebSocketListener() {private val client = OkHttpClient()private var ws: WebSocket? = nullinit {val request = Request.Builder().url(url).build()ws = client.newWebSocket(request, this)}override fun onMessage(webSocket: WebSocket, text: String) {println("Received: $text")}fun sendMessage(msg: String) {ws?.send(msg)}
}
五、高级配置
1. 消息压缩配置
@Bean
fun webSocketContainer(): ServletServerContainerFactoryBean {return ServletServerContainerFactoryBean().apply {setMaxTextMessageBufferSize(8192)setMaxBinaryMessageBufferSize(8192)setAsyncSendTimeout(30000L) // 30秒异步发送超时}
}
2. 集群支持(Redis 广播)
@Configuration
@EnableRedisRepositories
class RedisPubSubConfig {@Beanfun redisTemplate(connectionFactory: RedisConnectionFactory): RedisTemplate<String, String> {return RedisTemplate<String, String>().apply {setConnectionFactory(connectionFactory)}}@Beanfun topicListenerAdapter(handler: MessageListener): ChannelTopic {return ChannelTopic("websocket-messages")}
}
六、监控与调试
1. 端点监控
@RestController
class WebSocketMetricsController(private val handler: MyWebSocketHandler
) {@GetMapping("/metrics/websocket")fun getMetrics(): Map<String, Any> {return mapOf("activeConnections" to handler.getSessionCount(),"lastMessageTime" to handler.getLastActivity())}
}
2. 日志配置 (logback-spring.xml)
<logger name="org.springframework.web.socket" level="DEBUG"/>
<logger name="com.example.websocket" level="TRACE"/>
七、常见问题解决方案
| 问题现象 | 解决方案 |
|---|---|
| 连接频繁断开 | 添加心跳机制,调整 setAsyncSendTimeout |
| 跨域失败 | 精确配置 .setAllowedOrigins("https://your-domain.com") |
| 消息顺序错乱 | 使用 @SendToUser(destination = "/queue", broadcast = false) 点对点发送 |
| 内存泄漏 | 定期检查 sessions Map,添加连接超时清理逻辑 |
| 高并发时性能下降 | 启用异步消息处理,使用 Redis Pub/Sub 分流消息 |
八、安全增强建议
-
启用 WSS 协议:
# Nginx 配置示例 location /ws {proxy_pass http://backend;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection "upgrade";proxy_set_header X-Real-IP $remote_addr;proxy_ssl_protocols TLSv1.2 TLSv1.3; } -
限流防护:
@Bean fun webSocketRateLimiter(): WebSocketHandlerDecoratorFactory {return object : WebSocketHandlerDecoratorFactory {override fun decorate(handler: WebSocketHandler): WebSocketHandler {val rateLimiter = RateLimiter.create(100) // 100次/秒return object : WebSocketHandlerDecorator(handler) {override fun handleMessage(session: WebSocketSession, message: WebSocketMessage<*>) {if (!rateLimiter.tryAcquire()) {session.close(CloseStatus.POLICY_VIOLATION)return}super.handleMessage(session, message)}}}} }
九、性能测试建议
-
使用 JMeter 压测:
<!-- WebSocket 压测计划示例 --> <WebSocketSampler><connectTime>5000</connectTime><responseTimeout>10000</responseTimeout><payload>{ "type": "stress", "data": "test" }</payload> </WebSocketSampler> -
监控指标:
• 单节点最大连接数
• 消息往返延迟 (RTT)
• 内存占用增长率
通过以上配置,可以实现一个高性能、安全可靠的企业级 WebSocket 服务,支持从开发到生产的全生命周期管理。