Hello,
I'm trying to develop a Remove Plugin for vCenter, and found that the WebSocket was not correctly working (when proxied through vCenter).
I tried to replicate with the sample project (from vSphere-client-sdk-802.zip) and found that the project was using Spring Boot 2.0.3.
As soon as I update the dependency to 2.1.X, the WebSocket stops working.
Then, I debugged the Java program and found that Tomcat updated the way they validate one header used during the WebSocket handshake (66548 – Tomcat does not validate value of Sec-Websocket-Key header (apache.org)).
The vCenter proxy is not setting the header "Sec-Websocket-Key" to a valid value (it sets to "ZW52b3k=", "envoy" in Base64).
Also, I know there is a "bug" in the sample, a missing encodeURIComponent, and I already fixed it during my tests.
My questions is, does someone have a workaround or solution?
I tried changing the value with an interceptor but this just completely break the WebSocket connection as the value is used later.
Tomorrow, I will try to find a version of Spring 3 not using an updated Tomcat version or force a version without the patch but this is not ideal for future projects.
Example of a WebSocket UPGRADE request with the incorrect header:
GET /sample-ui/messaging?session-ticket=QexIvxZv78bGa%2FbPBCm4Tir493LKQII7txwkWoHojw4%3D HTTP/1.1 host: 192.168.1.157 pragma: no-cache cache-control: no-cache user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0 origin: REDACTED sec-websocket-version: 13 accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 sec-websocket-extensions: permessage-deflate; client_max_window_bits cookie: REDACTED upgrade: websocket connection: upgrade x-forwarded-for: 192.168.1.157 x-forwarded-proto: https x-envoy-internal: true x-request-id: f320251c-f749-48d7-98ba-0efd7b68e173 sec-websocket-key: ZW52b3k= x-vmware-remote-port: 56001 x-envoy-original-path: /plugins/com.vmware.sample.remote.starter.1.0.0.0.-510533192/192.168.1.157-8443/sample-ui/messaging?session-ticket=QexIvxZv78bGa%2FbPBCm4Tir493LKQII7txwkWoHojw4%3D
The last Tomcat version without the validation is 10.1.7 but is not fully compatible with Spring 3.2.3.
However, forcing the version of the Tomcat WebSocket component is working:
implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:10.1.7'
Hi @Vinrobot ,
Thanks for discovering the issue and proactively providing help to other forum users.
The issue with WebSockets is already addressed in the Remote Plugin Sample and will be available as part of the next vSphere Client SDK release.
Best Regards,
Denis