Chris Pike
Reputation: 272
Websocket authentication in Wildfly with RolesAllowed
I have a web socket defined using standard annotation like so
@ServerEndpoint("/mySocket")
@Singleton
public class myWebsocket {
@Inject
private MyEjb myEjb;
@OnMessage
public void message(Session session, String msg) { ...
Even though my user has logged in, I get access exceptions when calling myEjb because it doesn't recognize my user. If I check the principal of my session object
session.getUserPrincipal().getName()
the correct user is found, however, if I check the jboss SecurityContext class, I see an anonymous user
Upvotes: 3
Views: 1018
Answers (1)
mrts
Reputation: 18963
This is a known deficiency in Java EE 7 WebSocket specification, see the following issue in their bug-tracker.
However, there is a workaround available, see the JBoss Security Extended project and this example.
Upvotes: 2
Related Questions
- Spring-websockets : Spring security authorization not working inside websockets
- Websocket Authentication and Authorization in Spring
- Jetty Websocket Authentication
- Deploy Websocket Client in Wildfly 13
- Custom web app authentication with WildFly
- Unable to connect via websocket connection
- Websocket (java ee) how to get role of current user
- How to turn off authentication for websockets in Spring Security?
- Websocket wildfly not working
- Error deploying websocket application on Wildfly