cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: CXF-5901 - Websocket should support not only CORS but other security filters (OAuth)
Date Thu, 21 Aug 2014 11:15:17 GMT
Hi,
On 21/08/14 11:53, Michał Woś wrote:
> Websocket upgrade request can be done from any origin and by anyone. I
> can't find any security means to protect this particular request. Please
> advise because I might be missing sth.
>
The HTTP headers available at the upgrade request will be available to 
CXF filters, in case of the OAuth2 client we'd have
Authorization: Bearer 123456
(or whatever the token type is)

and OAuth2 filter will take care of it, while the CORS filter will take 
care of the origin restrictions/etc. I'm also presuming it would be 
recommended to use a secure wss: protocol.

Does it sound right to you ?

Cheers, Sergey



> Kind regards,
> Michał


Mime
View raw message