tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob DeRemer <>
Subject Does JSR-356 provide a way for a client to pass security info on connect?
Date Wed, 04 Sep 2013 19:49:34 GMT
I'm curious if there's anything defined in JSR-356 to enable a client to pass some security
claims in the connect that would allow me to perform an auth check - prior to actually establishing
the websocket connection.

In an attempt to avoid a websocket DOS, I'm looking to see whether we can do an auth check
in the ServerEndpoint onOpen (or, possibly at an earlier stage) - before the actual websocket
gets established.  I know we can do this at the application level in the onMessage, but it'd
be good to handle this before setting up the actual websocket if possible.


Bob DeRemer
Senior Director, Architecture and Development

[Description: Description: Description: Description: cid:image001.png@01CBE3DE.51A12030]<>
Skype: bob.deremer.thingworx
O: 610.594.6200 x812
M: 717.881.3986

  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message