java - Spring Session, Websocket, REST Token Security -


we have spring application contains rest api , websocket broker endpoints realtime updates on database changes.

we've migrated spring session project embedded redis server authenticates basic auth , session id can used on subsequent requests x-auth-token header.

the issue we're having secure websocket. on angular, have wrapper directive around stomp.js / sockjs libraries can't seem figure out how set x-auth-token header on websocket upgrade requests.

are doing wrong? recommended way approach kind of security scheme?

stack:

  • tomcat 7.0.57
  • spring security 4.0.0.rc2
  • spring session 1.0.0.release
  • spring mvc 4.1.4
  • angularjs 1.2.28

looks js websocket api doesn't allow setting http headers on initial handshake , upgrade request.

the proper scheme send authentication token on connect frame , handle accordingly on server side. we've migrated browser cookie sessions until can find suitable implementation on server side.


Comments

Popular posts from this blog

node.js - How to mock a third-party api calls in the backend -

node.js - Why do I get "SOCKS connection failed. Connection not allowed by ruleset" for some .onion sites? -

matlab - 0-by-1 sym - What do I need to change in order to get proper symbolic results? -