JavaSpringSecurityWebSocket授权模式

我使用spring security在我的站点上实现安全性：

....
<security:http auto-config="true" use-expressions="false" entry-point-ref="httpStatusEntryPoint">
    <security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrentSessionFilter"/>

    <security:form-login
            authentication-success-handler-ref="authenticationSuccessHandler"
            authentication-failure-handler-ref="authenticationFailureHandler"
            />

    <security:intercept-url pattern="/api/**"/>
    <security:anonymous enabled="false"/>
    <security:logout logout-url="/logout" delete-cookies="JSESSIONID,sessionId"
                     success-handler-ref="logoutSuccessHandler"
            />
    <security:csrf disabled="true"/>

    <security:session-management session-authentication-strategy-ref="sessionAuthenticationStrategy"/>
</security:http>
....
<security:authentication-manager>
    <security:authentication-provider ref="XXXXLdapAuthenticationProvider"/>
    <security:authentication-provider user-service-ref="XXXXUserDetailsService"/>
</security:authentication-manager>
....

我在我的网站上使用websocket，有时通过websocket登录很有用

我不知道在哪里挖。请分享你的专业知识