Remote Plugin Sample WebSocket not working with Sp...

Vinrobot · ‎03-28-2024

Hello,

I'm trying to develop a Remove Plugin for vCenter, and found that the WebSocket was not correctly working (when proxied through vCenter).

I tried to replicate with the sample project (from vSphere-client-sdk-802.zip) and found that the project was using Spring Boot 2.0.3.
As soon as I update the dependency to 2.1.X, the WebSocket stops working.

Then, I debugged the Java program and found that Tomcat updated the way they validate one header used during the WebSocket handshake (66548 – Tomcat does not validate value of Sec-Websocket-Key header (apache.org)).

The vCenter proxy is not setting the header "Sec-Websocket-Key" to a valid value (it sets to "ZW52b3k=", "envoy" in Base64).

Also, I know there is a "bug" in the sample, a missing encodeURIComponent, and I already fixed it during my tests.

My questions is, does someone have a workaround or solution?

I tried changing the value with an interceptor but this just completely break the WebSocket connection as the value is used later.

Tomorrow, I will try to find a version of Spring 3 not using an updated Tomcat version or force a version without the patch but this is not ideal for future projects.

Example of a WebSocket UPGRADE request with the incorrect header:

Spoiler

GET /sample-ui/messaging?session-ticket=QexIvxZv78bGa%2FbPBCm4Tir493LKQII7txwkWoHojw4%3D HTTP/1.1
host: 192.168.1.157
pragma: no-cache
cache-control: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
origin: REDACTED
sec-websocket-version: 13
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
sec-websocket-extensions: permessage-deflate; client_max_window_bits
cookie: REDACTED
upgrade: websocket
connection: upgrade
x-forwarded-for: 192.168.1.157
x-forwarded-proto: https
x-envoy-internal: true
x-request-id: f320251c-f749-48d7-98ba-0efd7b68e173
sec-websocket-key: ZW52b3k=
x-vmware-remote-port: 56001
x-envoy-original-path: /plugins/com.vmware.sample.remote.starter.1.0.0.0.-510533192/192.168.1.157-8443/sample-ui/messaging?session-ticket=QexIvxZv78bGa%2FbPBCm4Tir493LKQII7txwkWoHojw4%3D

GET /sample-ui/messaging?session-ticket=QexIvxZv78bGa%2FbPBCm4Tir493LKQII7txwkWoHojw4%3D HTTP/1.1 host: 192.168.1.157 pragma: no-cache cache-control: no-cache user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0 origin: REDACTED sec-websocket-version: 13 accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 sec-websocket-extensions: permessage-deflate; client_max_window_bits cookie: REDACTED upgrade: websocket connection: upgrade x-forwarded-for: 192.168.1.157 x-forwarded-proto: https x-envoy-internal: true x-request-id: f320251c-f749-48d7-98ba-0efd7b68e173 sec-websocket-key: ZW52b3k= x-vmware-remote-port: 56001 x-envoy-original-path: /plugins/com.vmware.sample.remote.starter.1.0.0.0.-510533192/192.168.1.157-8443/sample-ui/messaging?session-ticket=QexIvxZv78bGa%2FbPBCm4Tir493LKQII7txwkWoHojw4%3D

Vinrobot · ‎03-29-2024

The last Tomcat version without the validation is 10.1.7 but is not fully compatible with Spring 3.2.3.

However, forcing the version of the Tomcat WebSocket component is working:

implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:10.1.7'

Denis_Chorbadzh · ‎04-02-2024

Hi @Vinrobot ,

Thanks for discovering the issue and proactively providing help to other forum users.

The issue with WebSockets is already addressed in the Remote Plugin Sample and will be available as part of the next vSphere Client SDK release.

Best Regards,

Denis

All

Remote Plugin Sample WebSocket not working with Spring 2.1 / Spring 3