tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gismor3 <gism...@gmail.com>
Subject WebSocketServlet BASIC auth
Date Tue, 18 Sep 2012 22:04:31 GMT
Hello everybody,

I'm testing a web application to use WebSocket with Tomcat 7.0.30.

I would like my WebSocket connection to be protected and accessible only
from authenticated user. In particular I would like to use the BASIC
authentication.

>From what I understand I thought that by adding the security-constraint to
the web.xml would be enough. So basically I have added this to the web.xml
file:

<security-constraint>
<web-resource-collection>
<web-resource-name>Galaxy</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
  <realm-name>testDS</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>

unfortunately that doesn't work, and without any problem I can connect to
the websocket channel without any authentication.

What do I need to do in order to restrict the access to the application?
Thanks in advance

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message