tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: WebSocketServlet BASIC auth
Date Tue, 18 Sep 2012 22:57:21 GMT
On 18/09/2012 23:04, Gismor3 wrote:

> What do I need to do in order to restrict the access to the application?
> Thanks in advance

The WebSocket protocol does not include any concept of an authentication
challenge. I tested this recently and the browsers drop the connection
if they get a 401 response.

To get this working with Tomcat, the following *should* work but is
untested.

1. Create an HTTP session.
2. Authenticate the user
3. Start the web socket connection.

Provided the user/session is already authenticated, you should be able
to protect the WebSocket endpoints using normal Servlet security in web.xml.

HTH,

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message