I am implementing avax.websocket to update the count for message as below in my application.
I want to secure the websocket endpoint and I used the below in web.xml and weblogic.xml but it did not work. After that I tried to use custom ServerEndpointConfig.Configurator, now I am able to connect after logged to my application. But the session is coming as null in request.
With authentication in web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<display-name>WebSocketPrj</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>simple web resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>TestUser</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>Basic</auth-method>
<realm-name>file</realm-name>
</login-config>
<security-role>
<role-name>TestUser</role-name>
</security-role>
</web-app>
weblogc.xml
<?xml version='1.0' encoding='UTF-8'?>
<weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd">
<security-role-assignment>
<role-name>TestUser</role-name>
<principal-name>TestUser</principal-name>
</security-role-assignment>
<container-descriptor></container-descriptor>
</weblogic-web-app>
without security-constraint in web.xml and without weblogic.xml
public class WebSocketConfigurator extends ServerEndpointConfig.Configurator{
private static final String ORIGIN = "http://localhost:7001";
@Override
public boolean checkOrigin(String originHeaderValue) {
return ORIGIN.equals(originHeaderValue);
}
@Override
public void modifyHandshake(ServerEndpointConfig config, HandshakeRequest request, HandshakeResponse response) {
HttpSession httpSession = (HttpSession) request.getHttpSession();
super.modifyHandshake(config, request, response);
if (httpSession == null) {
httpSession = (HttpSession) request.getHttpSession();
}
if (httpSession == null) {
return;
}
config.getUserProperties().put("httpSession", httpSession);
httpSession = (HttpSession) request.getHttpSession();
}
}
@ServerEndpoint(value = "/messageCount", configurator = WebSocketConfigurator.class) public class NotificationSocket { private static final Logger logger = LoggerFactory.getLogger(NotificationSocket.class);
private Session wsSession;
private HttpSession httpSession;
/**
*
* @param session
*/
@OnOpen
public void onOpen(Session session, EndpointConfig config){
}
/**
*
*/
@OnClose
public void onClose(){
// implementation not needed
}
/**
*
* @param session
* @param throwable
*/
@OnError
public void error(Session session,Throwable throwable){
// implementation not needed
}
/**
*
* @param user
* @param session
*/
@OnMessage
public void handleMessage(final String user, final Session session) {
synchronized (session) {
int count = 10;
session.getAsyncRemote().sendText("" + count);
}
}
}
I have login page and after login in welcomauth.jsp I am calling the below websocket: and below is my javascript client:
var webSocket = new WebSocket("ws://localhost:7001/messageCount");
webSocket.onopen=function(){
webSocket.send('Message');
}
I don't want to pass the user information from client side in modifyhandshake I want to get the logged in user session then validate if the user exist then open the connection else throw exception.(like throw new RuntimeException("Not authenticated"))
I am calling websocket after login to the application. Is there any way to check authentication before the websocket connection(i.e @OnOpen)?
