tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Question about websockets origin and remote addresses
Date Mon, 28 Oct 2013 08:48:11 GMT
On 27/10/2013 20:53, Marcelo v wrote:
> Hello My name is Marcelo, i have a little web site and i am using apache
> tomcat 8.0.0-RC5 and making use of JSR-356 websocket api ... (i followed
> the ChatAnnotation example) ...
> I almost finished the development when i found 2 problems ...
> 
> 1) Is it possible to get the remote ip of the client on @OnOpen method ???
> i was not able to find this answer

No. Generally this type of information is available at the handshake
which occurs before OnOpen but client IP is not one of the pieces of
information exposed.

> 2) Is it possible to know the origin of connections ??? i mean the domain
> of the page the connection was made ....

ServerEndpointConfig.Configurator.checkOrigin(String)

You'll need a custom Configurator.

> The first question is because i have a list of banned addresses already ...

You might be better blocking these earlier e.g. with iptables or similar.

> The second is because i need a minimal check on that, because it is not
> allowed the connections to be made from anywhere ...

Keep in mid that a malicious client can forge the origin header.

> It is the first question i make here ... probably there is not enough
> information .. please let me know ...

No problems. All the relevant information was in the question.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message