tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: WebSocketServlet BASIC auth
Date Tue, 18 Sep 2012 22:57:21 GMT
On 18/09/2012 23:04, Gismor3 wrote:

> What do I need to do in order to restrict the access to the application?
> Thanks in advance

The WebSocket protocol does not include any concept of an authentication
challenge. I tested this recently and the browsers drop the connection
if they get a 401 response.

To get this working with Tomcat, the following *should* work but is

1. Create an HTTP session.
2. Authenticate the user
3. Start the web socket connection.

Provided the user/session is already authenticated, you should be able
to protect the WebSocket endpoints using normal Servlet security in web.xml.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message